Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

whattoseek redirect from google search


  • This topic is locked This topic is locked
33 replies to this topic

#1 FTWanderer

FTWanderer

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 10 June 2010 - 09:39 PM

Okay, I know you've had a topic on this before (which is how I found this site), but in order to solve the problem you had the person post a bunch of reg logs, HJT logs, etc. Since I obviously don't have the same logs, I guess I need my own help thread. Sorry for the inconvenience.

So I'm sure you've heard this before. I search primarily with Google, and when I click a link, I get redirected a certain percentage of the time - first to whattoseek, then to a different random site. Most of the time these sites are simulating search results. Some of them have very quickly downloaded a massive amount of awful stuff onto my computer - including disabling my task manager completely and locking my wi-fi so I couldn't shut it off with Fn+F2. It was continuing to download stuff, like disassociating .exe file extensions, and not allowing me to delete some of the files that I found coming in via a search by time modified (they were all in one folder, just continuing to pile up).

I think I got this originally either with or just at the same time as the Vista Security nastiness. I successfully cleared that up (I'm certain that it's gone), but this has remained in spite of trying to root it out with Spybot, MalwareBytes, Hijack This, Avira, Advanced System Care, & SuperAntiSpyware. Full Disclosure: for a time, I was doing P2P sharing with BitTorrent, but I stopped that some time ago and uninstalled the program.

So...what do I do?

As an aside (breaking the 1 question per thread rule because it really is an aside), what virus protection do you all recommend? My theory has been to go with the little guys rather than the Norton/McAfee behemoths because if I'm designing a virus, I'm going to design it to circumvent the most common programs. Obviously I prefer free versions - I tried to run multiple free versions, but one kept picking up the files in the others' quarantine and setting off alarm bells every 10 seconds, so I had to ditch that idea.

Thanks in advance - this is a helluva service you're offering,


DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Ken at 21:42:10.83 on Thu 06/10/2010
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_17
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070511
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070511
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {BB670D0B-5C46-40C7-B38B-40DD26987723} - No File
{85e0b171-04fa-11d1-b7da-00a0c90348d6}
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRunServices: [1A:Stardock TrayMonitor]
StartupFolder: c:\users\ken\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Linked&In Search
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\ymf9p8tx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official|http://www.yahoo.com/|http://www.netflix.com/WiGenre?sgid=387&lnkctr=mhwG387
FF - plugin: c:\users\ken\appdata\roaming\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\ken\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-06-05 17:15:22 20 ----a-w- c:\users\ken\defogger_reenable
2010-05-13 03:19:43 0 d-----w- c:\users\ken\appdata\roaming\Basilisk Games
2010-05-13 02:54:17 0 d-----w- c:\program files\Eschalon Book II

==================== Find3M ====================

2010-06-10 14:58:06 3249 --sha-w- c:\windows\system32\mmf.sys
2010-05-12 15:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-07 18:12:30 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-07 18:12:30 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-07 18:12:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 00:41:40 75264 ----a-w- c:\windows\system32\ffdb.sys
2008-12-10 08:28:57 174 --sha-w- c:\program files\desktop.ini
2008-06-12 08:23:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-06-16 16:31:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2007-06-16 16:31:03 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2007-06-16 16:31:03 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-05-11 11:43:27 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:48:03.30 ===============

Attached Files


Edited by Orange Blossom, 10 June 2010 - 09:43 PM.
Correct copy and paste of original post. ~ OB


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:06 AM

Posted 15 June 2010 - 05:46 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 FTWanderer

FTWanderer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 16 June 2010 - 08:37 PM

Here's the first part, I'm closing my browser to run GMER and will post that after:

OTL logfile created on: 6/16/2010 21:22:12 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Ken\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.46 Gb Total Space | 18.44 Gb Free Space | 28.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.40 Gb Free Space | 64.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KBOUCHER-VISTA
Current User Name: Ken
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 180 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/16 21:20:28 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/19 18:27:52 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/22 12:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/22 08:25:30 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/01 21:00:00 | 001,716,224 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
PRC - [2007/11/12 12:43:41 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2007/03/06 13:21:31 | 000,116,224 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
PRC - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2007/02/08 01:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/02/08 01:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/06/16 21:20:28 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
MOD - [2007/02/06 17:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/11/02 05:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (lxdu_device)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/22 08:25:30 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/10/03 21:25:18 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/02/29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi)
SRV - [2007/11/12 12:43:41 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/05/21 15:20:50 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/01 15:52:04 | 000,538,096 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device)
SRV - [2007/02/22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2007/02/22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2007/02/08 01:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/12/19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/26 10:49:43 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/14 20:41:40 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\ffdb.sys -- (ffdb)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/08 00:11:29 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/05 18:43:23 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/04 02:35:38 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/07/04 02:35:38 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/09 21:21:06 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008/03/18 11:01:44 | 000,425,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WNDA31v.sys -- (WNDA3100)
DRV - [2007/09/28 17:09:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/08/31 16:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/05/11 07:43:26 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/05/11 07:43:26 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/05/11 07:43:26 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/22 20:50:00 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/02/08 01:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/20 15:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 15:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 15:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/20 13:51:10 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/17 19:13:04 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/16 14:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006/11/16 14:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2006/11/11 19:10:40 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/11 19:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/11 19:10:38 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/11 19:10:38 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 11:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=0070511


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=0070511
IE - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official|http://www.yahoo.com/|http://www.netflix.com/WiGenre?sgid=387&lnkctr=mhwG387"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: keyconfig@dorando:20080929


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/19 19:51:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/08 19:20:29 | 000,000,000 | ---D | M]

[2008/08/07 23:41:23 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2010/06/12 22:57:35 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\ymf9p8tx.default\extensions
[2009/09/03 11:58:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\ymf9p8tx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/06 08:22:11 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\ymf9p8tx.default\extensions\keyconfig@dorando
[2010/06/12 22:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/11 03:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2009/09/17 23:09:03 | 000,331,768 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 11364 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\..\Toolbar\WebBrowser: (no name) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [eFax 4.3] C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-267414065-3206514260-2667067380-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-267414065-3206514260-2667067380-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-267414065-3206514260-2667067380-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunServices: [1A:Stardock TrayMonitor] File not found
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
O7 - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0f92a55a-3f89-11de-af19-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{0f92a55a-3f89-11de-af19-0019b969fc22}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{1089382b-1062-11dd-9f7f-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{1089382b-1062-11dd-9f7f-0019b969fc22}\Shell\AutoRun\command - "" = H:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{3edcd5e9-250c-11de-aed9-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{3edcd5e9-250c-11de-aed9-0019b969fc22}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{3edcd5f6-250c-11de-aed9-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{3edcd5f6-250c-11de-aed9-0019b969fc22}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{4a26d29a-c694-11dd-a20f-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{4a26d29a-c694-11dd-a20f-0019b969fc22}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{4d85a3d0-a107-11dc-926e-0019b969fc22}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{a7e529a5-5a4a-11dd-8fc7-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e529a5-5a4a-11dd-8fc7-0019b969fc22}\Shell\AutoRun\command - "" = F:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{a7e529cc-5a4a-11dd-8fc7-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e529cc-5a4a-11dd-8fc7-0019b969fc22}\Shell\AutoRun\command - "" = F:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{bcf3e939-6fb2-11de-ab58-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{bcf3e939-6fb2-11de-ab58-0019b969fc22}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{c1e3fedc-6956-11dd-856b-0019b969fc22}\Shell\AutoRun\command - "" = G:\ -- File not found
O33 - MountPoints2\{c1e3fedc-6956-11dd-856b-0019b969fc22}\Shell\open\Command - "" = rundll32.exe .\\msofd.dll,InstallM
O33 - MountPoints2\{c866a94e-04cd-11dc-a3ac-0019b969fc22}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{e77e7777-4b30-11de-9484-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{e77e7777-4b30-11de-9484-0019b969fc22}\Shell\AutoRun\command - "" = H:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{f0743153-746f-11de-943b-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{f0743153-746f-11de-943b-0019b969fc22}\Shell\AutoRun\command - "" = G:\LapNetWizard.exe -- File not found
O33 - MountPoints2\{f0743173-746f-11de-943b-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{f0743173-746f-11de-943b-0019b969fc22}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fa63ee19-c912-11dc-a59b-0019b969fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{fa63ee19-c912-11dc-a59b-0019b969fc22}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-267414065-3206514260-2667067380-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 180 Days ==========

[2010/06/16 21:20:26 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2010/06/03 19:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/05/12 23:19:43 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Basilisk Games
[2010/05/12 22:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Eschalon Book II
[2010/05/10 21:16:53 | 000,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2010/05/08 14:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/05/08 14:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2010/05/07 13:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/05/07 13:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/05/05 10:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/05/02 20:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/02 20:39:44 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/02 20:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/02 20:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/27 10:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/27 10:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/26 20:20:31 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\Job leads
[2010/04/17 22:03:24 | 000,000,000 | ---D | C] -- C:\Users\Ken\Documents\Picture Transfers
[2010/04/13 16:39:51 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/13 16:39:51 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/13 16:39:39 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/13 16:39:23 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/13 16:39:23 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/13 16:39:09 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/04/13 16:39:08 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/06 13:33:56 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Apple Computer
[2010/04/06 13:32:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/06 13:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/04 09:18:08 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\Nan's Pics
[2010/03/31 08:55:56 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/31 08:55:54 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/31 08:55:54 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/31 08:55:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/31 08:55:50 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/31 08:55:49 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/31 08:55:49 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/31 08:55:48 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/31 08:55:46 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/31 08:55:45 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/31 08:55:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/03/31 08:55:44 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/31 08:55:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/31 08:55:42 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/31 08:55:42 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/31 08:55:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/31 08:55:42 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/31 08:55:40 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/31 08:55:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/31 08:55:37 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/31 08:55:37 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/31 08:55:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/15 08:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avago-HP
[2010/03/01 15:26:12 | 000,284,160 | ---- | C] (Software 2000 Limited) -- C:\Windows\System32\HP1006LM.DLL
[2010/03/01 15:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/02/24 11:41:33 | 000,188,416 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSU34d.DLL
[2010/02/24 11:41:32 | 000,131,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSD34d.DLL
[2010/02/24 11:41:32 | 000,106,496 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLST34d.DLL
[2010/02/24 11:41:32 | 000,102,400 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSI34d.DLL
[2010/02/24 11:41:32 | 000,094,208 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSC34d.DLL
[2010/02/24 11:41:26 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCL460.DLL
[2010/02/24 11:41:26 | 000,053,248 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCLSO34d.dll
[2010/02/24 11:41:25 | 000,086,016 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCI460.DLL
[2010/02/24 11:41:22 | 000,278,528 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNCC460.DLL
[2010/02/24 11:34:19 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonMF Uninstaller Information
[2010/02/24 11:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/02/24 11:28:15 | 000,069,632 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNAS0MMK.DLL
[2010/02/23 15:23:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 15:21:17 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 15:21:17 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 15:21:14 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 15:21:14 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 15:21:13 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 15:21:13 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 15:21:11 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 15:21:11 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 15:21:11 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/19 18:32:24 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/02/19 18:31:33 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/02/19 18:31:32 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/02/19 18:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/02/19 18:28:14 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/02/19 18:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/02/19 18:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/02/19 18:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/02/19 18:27:41 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Real
[2010/02/19 14:08:08 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\Forms
[2010/02/10 22:23:45 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\IObit
[2010/02/10 22:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/02/09 19:31:06 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 19:31:01 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/09 19:31:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 19:30:59 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 19:30:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/01/31 19:21:46 | 000,000,000 | R--D | C] -- C:\Users\Ken\Documents\My Dropbox
[2010/01/31 19:20:28 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Dropbox
[2010/01/28 06:13:40 | 000,000,000 | --SD | C] -- C:\Users\Ken\Documents\My Data Sources
[2010/01/26 19:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Cake Poker
[2010/01/22 15:44:53 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Cake Poker
[2010/01/22 15:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Cake Poker
[2010/01/22 12:59:19 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Absolute Poker
[2010/01/13 00:25:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 00:25:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/13 00:25:47 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/01/13 00:25:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/01/13 00:25:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/01/01 20:55:27 | 000,052,224 | ---- | C] (Interplay Productions) -- C:\Windows\ipuninst.exe
[2010/01/01 20:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Interplay
[2009/12/21 10:33:36 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\Comcast
[2007/02/02 06:06:34 | 000,483,328 | ---- | C] ( ) -- C:\Windows\System32\dlbcjswr.dll
[2007/02/02 05:55:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbccu.dll
[2006/12/20 17:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbcpmui.dll
[2006/12/20 17:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbcserv.dll
[2006/12/20 17:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbccomm.dll
[2006/12/20 16:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbclmpm.dll
[2006/12/20 16:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbciesc.dll
[2006/12/20 16:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbcpplc.dll
[2006/12/20 16:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbccomc.dll
[2006/12/20 16:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbcprox.dll
[2006/12/20 16:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbcinpa.dll
[2006/12/20 16:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlbcusb1.dll
[2006/12/20 16:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbchbn3.dll

========== Files - Modified Within 180 Days ==========

[2010/06/16 21:31:23 | 008,912,896 | -HS- | M] () -- C:\Users\Ken\ntuser.dat
[2010/06/16 21:30:20 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7F1480B-B800-49C3-8061-E5E2671C3939}.job
[2010/06/16 21:20:28 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2010/06/16 21:13:56 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/16 21:13:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/16 21:13:22 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/16 21:13:21 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 22:14:40 | 000,000,441 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/06/12 22:12:19 | 000,003,249 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2010/06/12 22:11:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/12 22:11:22 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/12 09:45:53 | 002,756,818 | -H-- | M] () -- C:\Users\Ken\AppData\Local\IconCache.db
[2010/06/10 21:41:09 | 000,525,824 | ---- | M] () -- C:\Users\Ken\Desktop\dds.scr
[2010/06/09 19:22:57 | 000,733,440 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/09 19:22:57 | 000,629,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/09 19:22:57 | 000,108,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/09 00:17:48 | 000,209,920 | ---- | M] () -- C:\Users\Ken\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/05 13:16:00 | 000,000,020 | ---- | M] () -- C:\Users\Ken\defogger_reenable
[2010/05/17 19:23:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/14 08:05:00 | 000,000,285 | ---- | M] () -- C:\Windows\dellstat.ini
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/08 15:21:14 | 000,000,000 | ---- | M] () -- C:\Windows\iplayer.INI
[2010/05/07 14:13:26 | 000,000,359 | ---- | M] () -- C:\Windows\wininit.ini
[2010/05/06 00:16:33 | 000,197,418 | ---- | M] () -- C:\Users\Ken\Documents\All.m3u
[2010/05/04 14:32:36 | 000,012,496 | ---- | M] () -- C:\Users\Ken\Desktop\Alex call notes Tuesday May 4.docx
[2010/05/04 13:49:50 | 000,032,256 | ---- | M] () -- C:\Users\Ken\Desktop\EASI Notes.doc
[2010/05/03 11:09:43 | 000,010,309 | ---- | M] () -- C:\Users\Ken\Documents\Man collectively as Loki.docx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 21:44:12 | 000,381,618 | ---- | M] () -- C:\Users\Ken\Desktop\CPA_Exam_CSOs_revised_10_05.pdf
[2010/04/27 13:23:34 | 000,024,697 | ---- | M] () -- C:\Users\Ken\Desktop\remove-antivirus-vista-2010.htm
[2010/04/27 12:28:41 | 000,010,758 | -HS- | M] () -- C:\ProgramData\c7vdif
[2010/04/27 12:28:40 | 000,010,758 | -HS- | M] () -- C:\Users\Ken\AppData\Local\c7vdif
[2010/04/26 14:49:36 | 000,296,447 | ---- | M] () -- C:\Users\Ken\Documents\2010 Fed Return Revised.pdf
[2010/04/24 23:41:48 | 000,022,552 | ---- | M] () -- C:\Users\Ken\Documents\Proposal of Dennehy Law Group to the Judicial Council.docx
[2010/04/15 22:18:27 | 000,070,333 | ---- | M] () -- C:\Users\Ken\Documents\billing-dispatch.jsp.htm
[2010/04/15 22:18:21 | 000,043,261 | ---- | M] () -- C:\Users\Ken\Documents\booking_details.html
[2010/04/14 20:41:40 | 000,075,264 | ---- | M] () -- C:\Windows\System32\ffdb.sys
[2010/04/14 12:07:15 | 000,006,362 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\PrimoPDFSet.xml
[2010/04/14 12:05:52 | 000,015,553 | ---- | M] () -- C:\Users\Ken\Desktop\SUPPLEMENTAL INFORMATION.docx
[2010/04/02 22:30:01 | 000,055,389 | ---- | M] () -- C:\Users\Ken\Desktop\Nan tax form.pdf
[2010/03/12 17:39:07 | 000,010,903 | ---- | M] () -- C:\Users\Ken\Desktop\Geiger.docx
[2010/03/10 01:09:08 | 000,296,447 | ---- | M] () -- C:\Users\Ken\Documents\2010 Fed Return Final.pdf
[2010/03/10 01:03:25 | 000,253,679 | ---- | M] () -- C:\Users\Ken\Documents\taxpreview copy.pdf
[2010/03/10 01:02:31 | 000,056,852 | ---- | M] () -- C:\Users\Ken\Documents\Year_End_Gain_Loss_Reporting_-_IM_Client_2010_2468.pdf
[2010/03/09 12:54:01 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/09 12:52:37 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/09 12:52:20 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/09 12:51:10 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/09 12:50:57 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/09 12:50:34 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/09 12:50:34 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/09 12:50:34 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/09 12:50:34 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/09 12:50:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/09 12:50:25 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/03/09 12:50:24 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/09 12:50:24 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/09 12:50:24 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/09 12:49:34 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/09 12:49:34 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/09 12:48:34 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/09 10:50:28 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/09 10:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/09 10:17:37 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/09 08:43:52 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/09 08:37:03 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/04 15:24:26 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/02/24 09:38:06 | 000,135,992 | ---- | M] () -- C:\Users\Ken\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 09:32:28 | 000,457,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/19 18:37:32 | 000,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/02/19 18:32:24 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010/02/19 18:31:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010/02/19 18:31:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010/02/19 18:28:14 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/02/19 00:29:22 | 000,014,896 | ---- | M] () -- C:\Users\Ken\Documents\Poll.docx
[2010/02/18 10:54:09 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/18 10:54:03 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/18 10:22:03 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/02/18 08:04:51 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/02/03 20:03:50 | 000,021,636 | ---- | M] () -- C:\Users\Ken\Desktop\Jennings research.docx
[2010/01/31 15:01:03 | 000,048,640 | ---- | M] () -- C:\Windows\mmfs.dll
[2010/01/28 07:25:56 | 000,655,360 | ---- | M] () -- C:\Users\Ken\Documents\Database2.accdb
[2010/01/25 08:58:44 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/01/25 08:58:44 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/01/25 08:58:44 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/01/25 08:58:29 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/01/25 08:56:33 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/01/25 04:36:22 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/01/25 04:36:19 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/01/25 04:36:05 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/01/25 04:35:58 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/01/23 04:05:07 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/01/21 12:02:10 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/01/21 12:02:10 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/01/13 16:35:21 | 000,032,768 | ---- | M] () -- C:\Users\Ken\Documents\Shannon Bradshaw Resume.doc
[2010/01/01 20:55:27 | 000,052,224 | ---- | M] (Interplay Productions) -- C:\Windows\ipuninst.exe
[2010/01/01 15:24:06 | 000,001,194 | ---- | M] () -- C:\Users\Ken\Desktop\Financials & ProFormas.lnk
[2009/12/31 19:52:41 | 000,178,609 | ---- | M] () -- C:\Users\Ken\Desktop\Online Enrollment.pdf
[2009/12/28 08:35:48 | 001,327,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/12/28 08:34:29 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/12/28 08:33:24 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/12/28 08:30:47 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/12/28 08:30:47 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/12/21 15:49:29 | 000,632,053 | ---- | M] () -- C:\Users\Ken\Desktop\XML Technology - Comast Proposal.pdf
[2009/12/21 10:10:30 | 000,133,963 | ---- | M] () -- C:\Users\Ken\Desktop\FreeConferenceCall - New Ac...pdf

========== Files Created - No Company Name ==========

[2010/06/10 21:46:16 | 000,293,376 | ---- | C] () -- C:\Users\Ken\Desktop\gmer.exe
[2010/06/10 21:41:00 | 000,525,824 | ---- | C] () -- C:\Users\Ken\Desktop\dds.scr
[2010/06/05 13:15:22 | 000,000,020 | ---- | C] () -- C:\Users\Ken\defogger_reenable
[2010/05/17 19:24:46 | 2011,217,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/08 15:21:14 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2010/05/04 14:32:33 | 000,012,496 | ---- | C] () -- C:\Users\Ken\Desktop\Alex call notes Tuesday May 4.docx
[2010/05/04 13:49:45 | 000,032,256 | ---- | C] () -- C:\Users\Ken\Desktop\EASI Notes.doc
[2010/05/03 11:09:30 | 000,010,309 | ---- | C] () -- C:\Users\Ken\Documents\Man collectively as Loki.docx
[2010/04/28 21:44:12 | 000,381,618 | ---- | C] () -- C:\Users\Ken\Desktop\CPA_Exam_CSOs_revised_10_05.pdf
[2010/04/27 13:23:29 | 000,024,697 | ---- | C] () -- C:\Users\Ken\Desktop\remove-antivirus-vista-2010.htm
[2010/04/27 09:34:54 | 000,010,758 | -HS- | C] () -- C:\Users\Ken\AppData\Local\c7vdif
[2010/04/27 09:34:54 | 000,010,758 | -HS- | C] () -- C:\ProgramData\c7vdif
[2010/04/26 14:49:36 | 000,296,447 | ---- | C] () -- C:\Users\Ken\Documents\2010 Fed Return Revised.pdf
[2010/04/18 01:53:50 | 000,022,552 | ---- | C] () -- C:\Users\Ken\Documents\Proposal of Dennehy Law Group to the Judicial Council.docx
[2010/04/15 22:18:26 | 000,070,333 | ---- | C] () -- C:\Users\Ken\Documents\billing-dispatch.jsp.htm
[2010/04/15 22:18:13 | 000,043,261 | ---- | C] () -- C:\Users\Ken\Documents\booking_details.html
[2010/04/14 20:41:40 | 000,075,264 | ---- | C] () -- C:\Windows\System32\ffdb.sys
[2010/04/14 12:05:51 | 000,015,553 | ---- | C] () -- C:\Users\Ken\Desktop\SUPPLEMENTAL INFORMATION.docx
[2010/04/13 21:03:21 | 000,197,418 | ---- | C] () -- C:\Users\Ken\Documents\All.m3u
[2010/04/02 22:30:00 | 000,055,389 | ---- | C] () -- C:\Users\Ken\Desktop\Nan tax form.pdf
[2010/03/10 01:09:08 | 000,296,447 | ---- | C] () -- C:\Users\Ken\Documents\2010 Fed Return Final.pdf
[2010/03/10 01:03:25 | 000,253,679 | ---- | C] () -- C:\Users\Ken\Documents\taxpreview copy.pdf
[2010/03/10 01:02:31 | 000,056,852 | ---- | C] () -- C:\Users\Ken\Documents\Year_End_Gain_Loss_Reporting_-_IM_Client_2010_2468.pdf
[2010/03/01 15:26:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2010/02/24 11:41:33 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2010/02/19 18:37:32 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/02/19 00:29:21 | 000,014,896 | ---- | C] () -- C:\Users\Ken\Documents\Poll.docx
[2010/02/18 01:19:10 | 000,010,903 | ---- | C] () -- C:\Users\Ken\Desktop\Geiger.docx
[2010/02/10 22:24:07 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/02/03 20:03:38 | 000,021,636 | ---- | C] () -- C:\Users\Ken\Desktop\Jennings research.docx
[2010/01/28 05:53:45 | 000,655,360 | ---- | C] () -- C:\Users\Ken\Documents\Database2.accdb
[2010/01/13 16:35:20 | 000,032,768 | ---- | C] () -- C:\Users\Ken\Documents\Shannon Bradshaw Resume.doc
[2009/12/21 15:46:10 | 000,632,053 | ---- | C] () -- C:\Users\Ken\Desktop\XML Technology - Comast Proposal.pdf
[2009/12/21 10:10:29 | 000,133,963 | ---- | C] () -- C:\Users\Ken\Desktop\FreeConferenceCall - New Ac...pdf
[2009/11/07 11:11:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDUPMON.DLL
[2009/11/07 11:11:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDUFXPU.DLL
[2009/11/07 11:10:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxduoem.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/06 09:32:13 | 000,000,579 | ---- | C] () -- C:\Windows\oregon.ini
[2008/08/05 18:43:23 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/06/21 01:57:13 | 000,000,285 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/03/26 11:45:56 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008/03/26 11:45:56 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008/03/26 11:45:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2008/03/26 11:45:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2008/03/26 11:42:11 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008/03/26 11:42:11 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2008/01/28 14:56:34 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2007/12/18 14:16:11 | 000,000,014 | ---- | C] () -- C:\Windows\hpmssnpjt.ini
[2007/11/12 12:43:42 | 000,003,249 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2007/11/12 12:43:41 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2007/06/16 15:36:30 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/06/16 15:36:30 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/06/16 15:36:30 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/06/16 13:36:04 | 000,003,120 | ---- | C] () -- C:\Windows\System32\2a700b3e-848e-485e-b458-90433d601fe5.dll
[2007/05/29 21:47:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/21 21:24:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/05/21 15:05:32 | 000,000,359 | ---- | C] () -- C:\Windows\wininit.ini
[2007/05/21 15:01:48 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2007/05/11 07:44:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/05/11 07:44:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/11 07:44:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/11 00:02:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2007/02/02 06:06:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbccur.dll
[2007/02/02 05:55:10 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbcutil.dll
[2007/01/22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbccoin.dll
[2006/11/06 17:49:36 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2005/10/05 13:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbcvs.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A94C9389
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7D6EC5BE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:307AA992
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 6/16/2010 21:22:12 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Ken\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.46 Gb Total Space | 18.44 Gb Free Space | 28.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.40 Gb Free Space | 64.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KBOUCHER-VISTA
Current User Name: Ken
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 180 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-267414065-3206514260-2667067380-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E326DFC-B047-4036-A3BD-1BFCFECDCDD0}" = rport=445 | protocol=6 | dir=out | app=system |
"{32CDC431-CC7A-45D1-AEDA-A04FCE9F8F2D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{39D520E6-8F4E-4DDA-A2AC-7736FCB761E1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{43487517-7D8A-4609-9FF6-BC8A700F9A35}" = lport=137 | protocol=17 | dir=in | app=system |
"{4F03E231-B7F8-46CE-B4CD-C3D1C513304C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{521ED010-FA44-430C-9A4A-03A00508D5D4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{58D73E34-0324-4079-BE9B-BD4F19CB5C9F}" = lport=445 | protocol=6 | dir=in | app=system |
"{692A36A6-9458-4296-91BA-193355BB9ED2}" = rport=139 | protocol=6 | dir=out | app=system |
"{870CB95A-A01B-4753-8B5C-3533AED97F34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87D3B47F-A91D-4C77-A80C-A3349065FFD0}" = lport=15283 | protocol=17 | dir=in | name=bitcomet 15283 udp |
"{8D95CCB0-ECF3-4EAE-9982-D7AE07708A37}" = rport=138 | protocol=17 | dir=out | app=system |
"{916551EA-58EB-426B-8258-101B463582AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99E2152D-73E9-4FBF-B89C-D04D992253C5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9D6747E2-F0BB-4633-A00F-0AECA0B9A319}" = rport=137 | protocol=17 | dir=out | app=system |
"{ADA3F601-B2EE-495F-B62D-27DD66141832}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BF24C9AB-FF31-421B-A958-1F4B208540B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C6A9C26C-5B33-4EC9-A167-29B3093F6272}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C72A06ED-C5D5-4A44-A678-FEF1568C319E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC80D373-013A-479E-A911-EF00C04434F0}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2E0DD91-88C6-41D2-9507-841FE26AA2C1}" = lport=139 | protocol=6 | dir=in | app=system |
"{EB41B29E-83EE-4C1B-8F78-EE86E4D574B0}" = lport=15283 | protocol=6 | dir=in | name=bitcomet 15283 tcp |
"{EC4F0DB0-6DAB-43B9-9A02-1245BB0A2B45}" = rport=2869 | protocol=6 | dir=out | app=system |
"{EEF0B542-49C4-423F-87DD-E06A50F57407}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8C66A94-7004-4580-9476-6AD8C624F96A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA50EE3B-F9DF-4A50-A4A2-DC858AF2BC68}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BC8639-763E-4112-BF62-3EE2D5A71FE9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{0700AE7A-5500-406A-B503-224D7BAC01F8}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{08476915-7098-4D7B-A26F-41B83F53C261}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{17255509-482E-4C32-9F5A-974E6AB54AF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{176454CF-2853-46DE-A354-EEEAB096F327}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{20120D1E-DE43-441F-8A71-371C33040E39}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2C49B297-C60E-40A2-8D4C-5763A9FB3EA6}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{2CAA7F02-13D5-4F17-B160-15D495AC70CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2FA48304-FFDF-49B8-A448-7EAE0DE53A16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{309BFC26-DBD6-414C-910B-2770A8C25AA2}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{34044705-C540-49EF-9E71-C8F048FEA7E8}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{365F21DC-045D-4295-A363-BE9C915BC9B8}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4577F174-F8A6-40E9-A1F9-14205F5ED77E}" = protocol=6 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"{4935C269-77B0-4C6A-B337-16630B9FBC7A}" = protocol=6 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{4992EAD5-1817-4A5C-84A9-9000DE0FDCB9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5203163B-4046-4242-BEA8-62A2E345A0DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5B552495-F114-4D16-8A31-4247F2AF3D95}" = protocol=17 | dir=in | app=c:\windows\system32\dlbccoms.exe |
"{5FA7ED5D-CB22-4D2D-83C0-0CFC814C22A0}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{610A5C32-05EA-4A75-B7BF-4D8B52FFA900}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{63A4F6E5-FC2F-48B0-9E09-B961B79A4429}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{6426C932-BAC1-4FE4-851A-554092E38B35}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{73B1EFD1-3BCB-4DED-BFC5-AE2A39FB530A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{7B588471-D941-4E2E-AA8C-81D41240C4C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{80F104AA-9812-47AF-8998-9C710282EB06}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{80F53FD9-22F6-45FA-8802-B219DCE0098A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{822D7831-C476-47AF-A736-9C54E460923C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{87A8F635-C8D7-4CE0-93AD-D1F834AAB068}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{8868416F-51C3-41B6-BB9D-DC10B68314AF}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8DA53BB2-479F-4FCE-AAB0-49741C0C3BFC}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{A05DAC39-65BC-406A-A6C8-33A5FEC87736}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{A07359BE-D1A7-4B38-96AD-6E7E75261A69}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{A459CE63-BCA9-4A33-B80D-9DDC6A03FC63}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A9534F1F-4C55-4DB6-81F9-9DC8DD5858B4}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{AB837712-4BAB-4646-BF33-098AFAF50542}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{B078A1CC-2284-4D49-842D-62D0D423BBAC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B1A545EB-9062-4423-BBE6-96E2A1BF30B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B672FEE4-B917-4572-85C6-511B5C124043}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BAD4693D-B6D9-4073-BD00-DC893229BFEE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D1C4A2D6-4B16-4153-A32F-4F3B24A61086}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D51096A7-7973-476B-A20B-270C6BCE2CC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D86D2575-18C9-4FBB-A9F7-008CA5D9B77F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D9AE2049-D3ED-4922-AEBB-CBDD64C8BF67}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DBB08B51-C4F5-4237-A49E-F35DED039DA0}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{DDF99A1E-EE58-4DDD-89DB-929127DF7DD6}" = protocol=17 | dir=in | app=c:\users\ken\appdata\roaming\dropbox\bin\dropbox.exe |
"{E08BA6B1-9AFE-48EB-85A7-DC0F895B95D3}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E137C056-F45F-4514-A327-AEAB77AA16EE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E272DABD-39B8-4DFA-A4FF-4D5BB98719BE}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{E60B2377-05D7-438A-BC53-F6BD7C1A5D1F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EE296551-4997-4275-A985-C0D9A0CAFA31}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F315C01E-D300-4E0A-807E-8BD73FF5BBCD}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{F4F84DA6-38F8-402D-8509-05D584710EF9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{F503C6AB-66DB-4E33-802A-4383627ADF38}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{F753AAF7-D4BB-4113-BDC3-260FDEA50AC0}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FBBBB840-C9EE-4F41-890C-5D9BC3F8F05A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{FEC44EF7-0AED-4AF9-8AF4-D17320788B38}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{228D62CA-12CF-46BE-B0DC-9F4D67620D0F}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{22C51810-B8E3-453C-BF00-82ECDCFF8E1B}C:\users\ken\desktop\empire earth.exe" = protocol=6 | dir=in | app=c:\users\ken\desktop\empire earth.exe |
"TCP Query User{29C10A97-8767-4067-B1C0-D3FC2A2964E6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4A1F3AC5-D863-4AB0-A6DD-F6002C1CE940}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{5D8C8461-EFB5-4DC3-AEA8-7AD8E386A089}C:\users\ken\desktop\empire earth.exe" = protocol=6 | dir=in | app=c:\users\ken\desktop\empire earth.exe |
"TCP Query User{7077F970-E014-46FB-AB9A-E69405E14023}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7BB50820-991D-4681-AE5B-C4435C82F804}C:\users\ken\desktop\ee\empire earth.exe" = protocol=6 | dir=in | app=c:\users\ken\desktop\ee\empire earth.exe |
"TCP Query User{7F523E9F-A716-47AF-B482-58F8A50AF0FF}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"TCP Query User{828E81D0-86E2-47D1-9EAB-5DC4F89F46BF}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe |
"TCP Query User{88E8B0E7-DFA8-4A39-BEDC-4B6AA51EA94C}C:\sierra\arcanum\arcanum.exe" = protocol=6 | dir=in | app=c:\sierra\arcanum\arcanum.exe |
"TCP Query User{8AA2D7CB-160C-4692-A3C7-78848BD15169}C:\program files\dell games\jeopardy\jeopardy!.exe" = protocol=6 | dir=in | app=c:\program files\dell games\jeopardy\jeopardy!.exe |
"TCP Query User{8BDDCEF4-4D25-48B8-A97C-3765B3338ACC}C:\users\ken\desktop\ee\empire earth.exe" = protocol=6 | dir=in | app=c:\users\ken\desktop\ee\empire earth.exe |
"TCP Query User{8CCFE274-3521-4395-A970-44B86B36EA18}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{8D119645-190E-4F06-A9FB-01DA0A6EDCF2}C:\sierra\arcanum\arcanum.exe" = protocol=6 | dir=in | app=c:\sierra\arcanum\arcanum.exe |
"TCP Query User{905256D8-BA9C-4C46-9A3C-D02C33EF6404}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{9B6672EC-B427-4DE2-94DF-4C5192542A6A}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"TCP Query User{B00D471F-D44E-480C-8A88-4E625CBC2243}C:\users\ken\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\ken\program files\dna\btdna.exe |
"TCP Query User{BD2A51D8-2A7C-43E5-BB8C-8D3400763C86}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{CE033C6A-CF5D-41FB-AB85-7E948EE3D1F7}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"TCP Query User{FE394CDF-A8C9-4746-824C-9B901902D2BD}C:\\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\\bittorrent\bittorrent.exe |
"UDP Query User{0800E233-AA08-4897-8B35-00B35BE95799}C:\users\ken\desktop\ee\empire earth.exe" = protocol=17 | dir=in | app=c:\users\ken\desktop\ee\empire earth.exe |
"UDP Query User{2EFF54ED-7DB4-4AF3-A8E6-E57D995B12CC}C:\users\ken\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\ken\program files\dna\btdna.exe |
"UDP Query User{39175374-EA5C-4626-A960-02A37BA73E75}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"UDP Query User{3BB45AF0-0A6A-470D-B0A7-EB1053518404}C:\sierra\arcanum\arcanum.exe" = protocol=17 | dir=in | app=c:\sierra\arcanum\arcanum.exe |
"UDP Query User{3DC410F6-3B9D-40EA-9CD6-F164BB72CC2F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{4116C58B-A4AA-4354-8CFB-092F2C1AD53A}C:\sierra\arcanum\arcanum.exe" = protocol=17 | dir=in | app=c:\sierra\arcanum\arcanum.exe |
"UDP Query User{440C45EA-C9FD-41FE-B3DF-C469DDDFCB65}C:\users\ken\desktop\ee\empire earth.exe" = protocol=17 | dir=in | app=c:\users\ken\desktop\ee\empire earth.exe |
"UDP Query User{44D721D4-8769-49BE-8C8D-414D5CD1919A}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{6A5C04C8-B36C-4621-814E-8BAC6F1A7428}C:\users\ken\desktop\empire earth.exe" = protocol=17 | dir=in | app=c:\users\ken\desktop\empire earth.exe |
"UDP Query User{7079C677-BF87-4753-93B2-F61AFBA9CCD3}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{7EB994EA-B278-41C8-8655-571E1F7BFDF4}C:\users\ken\desktop\empire earth.exe" = protocol=17 | dir=in | app=c:\users\ken\desktop\empire earth.exe |
"UDP Query User{8594D7AE-43D4-49B9-83BA-B15C45D9C994}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{94A9CB21-D2AE-46E3-8D07-961166184639}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A7C24085-F403-4638-A2ED-40FB34EB18CD}C:\\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\\bittorrent\bittorrent.exe |
"UDP Query User{B6FCA868-057C-4CE9-A425-74DDA886610F}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{B87A409F-01DD-401D-BBB6-18A29BA41A4D}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe |
"UDP Query User{B9419DD6-DAED-4570-BCDB-44EC191761E5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E303E5B1-0E33-4F02-8B72-0F80F7347DEB}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{FB09C5C0-72EC-44A4-80A0-64E0A8C9D8BB}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe |
"UDP Query User{FBF3C4D3-CF3C-4FDD-B7F7-E3C3DE72814A}C:\program files\dell games\jeopardy\jeopardy!.exe" = protocol=17 | dir=in | app=c:\program files\dell games\jeopardy\jeopardy!.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2B7B47E1-B482-4D3A-ABFD-2FF8E077ECA6}" = SmartFTP Client
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3345FF16-D028-4CA1-D980-1F0E6F9428EA}" = Skins
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{385FFF30-5DB3-4C18-B1F9-D7793D1B9A0B}" = WNDA3100
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45EB2CC1-0559-CF0E-8C05-D9C5B5A5F89C}" = Catalyst Control Center Core Implementation
"{472ABCE2-5B2E-4D29-ABF4-94E1097558A6}" = Diplomacy
"{4F89F17F-FE4F-4A9E-89D6-7A1A1C889C79}" = Front Office Football 2007
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6C30E300-8DDA-2F11-0B99-405F7DC83C7A}" = Catalyst Control Center InstallProxy
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76F6482D-17FB-1631-7C89-9DBDFD99E584}" = ccc-core-static
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}" = MyIdentityDefender Toolbar
"{8455CB94-00C5-9F25-D6E4-3AFB09B04FC4}" = Catalyst Control Center Graphics Previews Common
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DE6E6BE-D681-4FEF-A292-768C6050A4A0}" = Ektron Starter Sites - CMS400Developer
"{8ECB8220-F423-4BEB-9596-97033C533702}" = QuickBooks Premier: Accountant Edition 2008
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B47ACF3-8878-41AE-B1C6-E3706C942CEC}" = Ektron Starter Sites - Tech
"{9E695481-C107-08E0-FA5D-B4B9501EBFE5}" = Catalyst Control Center Graphics Previews Vista
"{A1E6B7D6-0F6A-4114-47B8-C9790B1BDF72}" = Catalyst Control Center Graphics Full New
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8AAE765-CD28-2806-0C3E-56EBB64FA5A5}" = ATI Catalyst Install Manager
"{A8AF597C-89A6-CC90-E54B-1AC124FAA0D3}" = ccc-utility
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA681C58-3280-2447-AC63-3CAE0458F43C}" = Catalyst Control Center HydraVision Full
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEBE5E06-3B28-8F6C-C6AE-A800232A1347}" = Catalyst Control Center Graphics Full Existing
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4403C36-EED1-0DF8-6BA5-906AEF1F561A}" = CCC Help English
"{E6459059-B943-4770-9EE4-180F70B765F4}" = Canon D460-490
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F3EE0E93-549E-E48D-52D6-1122B082131C}" = Catalyst Control Center Graphics Light
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"8531-1278-6363-8538" = Oxygen XML Editor 10.3
"AC3Filter" = AC3Filter (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Cake Poker" = Cake Poker
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Eschalon Book I_is1" = Eschalon Book 1 v1.0
"Eschalon Book II_is1" = Eschalon Book 2 1.01
"ExpressBurn" = Express Burn
"Font" = Font
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 1.99.1
"InstallShield_{385FFF30-5DB3-4C18-B1F9-D7793D1B9A0B}" = NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PrimoPDF4.0" = PrimoPDF
"RealPlayer 12.0" = RealPlayer
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Switch" = Switch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The College Years" = The College Years
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-267414065-3206514260-2667067380-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2009 13:16:36 | Computer Name = kboucher-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/27/2009 13:16:37 | Computer Name = kboucher-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/27/2009 13:16:38 | Computer Name = kboucher-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/27/2009 13:16:39 | Computer Name = kboucher-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/27/2009 13:16:39 | Computer Name = kboucher-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/27/2009 13:16:40 | Computer Name = kboucher-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/27/2009 13:16:40 | Computer Name = kboucher-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/27/2009 13:16:41 | Computer Name = kboucher-VISTA | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/27/2009 13:20:18 | Computer Name = kboucher-VISTA | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3012 (0xbc4) Thread address : 0x77280F34 Thread message : Build VSCORE.13.3.2.101
/ 5301.4018 Object being scanned = \Device\HarddiskVolume3\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\ymf9p8tx.default\sessionstore-2.js

by C:\Program Files\Mozilla Firefox\firefox.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 7/27/2009 13:20:42 | Computer Name = kboucher-VISTA | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly. Please review event 5019
or 5051 for details. The McShield service will be restarted in 5 seconds;

[ Broadcom Wireless LAN Events ]
Error - 4/28/2010 13:40:54 | Computer Name = kboucher-VISTA | Source = WLAN-Tray | ID = 0
Description = 13:40:53, Wed, Apr 28, 10 Error - Unable to gain access to user store


[ NTPS Events ]
Error - 10/26/2009 14:55:11 | Computer Name = kboucher-VISTA | Source = NTPS | ID = 0
Description = <?xml version="1.0" encoding="utf-16"?> <structLoggedError xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <UserName>KBOUCHER-VISTA\Ken</UserName>

<ErrorTime>2009-10-26T14:55:11.5724549-04:00</ErrorTime> <Source>NTPS_Client</Source>

<Message>A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because connected
host has failed to respond</Message> <StackTrace> at NTPS_Client.frmLogOn.btnLogOn_Click(Object
sender, EventArgs e)</StackTrace> </structLoggedError>

[ ODiag Events ]
Error - 6/21/2008 11:29:41 | Computer Name = kboucher-VISTA | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

Error - 6/21/2008 11:29:51 | Computer Name = kboucher-VISTA | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

Error - 7/14/2008 19:48:19 | Computer Name = kboucher-VISTA | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

[ OSession Events ]
Error - 3/14/2008 22:07:46 | Computer Name = kboucher-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/21/2008 11:29:41 | Computer Name = kboucher-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/21/2008 11:29:50 | Computer Name = kboucher-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/14/2008 19:48:18 | Computer Name = kboucher-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32801
seconds with 660 seconds of active time. This session ended with a crash.

Error - 6/28/2009 12:54:25 | Computer Name = kboucher-VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 312281
seconds with 6840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/14/2010 20:44:09 | Computer Name = kboucher-VISTA | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AA3BCBCC-A90C-4A82-BF9A-FFF8967FCCE0}
because another computer on the network has the same name. The server could not
start.

Error - 6/14/2010 20:44:09 | Computer Name = kboucher-VISTA | Source = netbt | ID = 4321
Description = The name "KBOUCHER-VISTA :0" could not be registered on the interface
with IP address 192.168.1.3. The computer with the IP address 169.254.86.255 did
not allow the name to be claimed by this computer.

Error - 6/14/2010 20:44:09 | Computer Name = kboucher-VISTA | Source = netbt | ID = 4321
Description = The name "KBOUCHER-VISTA :20" could not be registered on the interface
with IP address 192.168.1.3. The computer with the IP address 169.254.86.255 did
not allow the name to be claimed by this computer.

Error - 6/16/2010 21:13:41 | Computer Name = kboucher-VISTA | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AA3BCBCC-A90C-4A82-BF9A-FFF8967FCCE0}
because another computer on the network has the same name. The server could not
start.

Error - 6/16/2010 21:13:34 | Computer Name = kboucher-VISTA | Source = netbt | ID = 4321
Description = The name "KBOUCHER-VISTA :0" could not be registered on the interface
with IP address 169.254.86.255. The computer with the IP address 192.168.1.3 did
not allow the name to be claimed by this computer.

Error - 6/16/2010 21:13:34 | Computer Name = kboucher-VISTA | Source = netbt | ID = 4321
Description = The name "KBOUCHER-VISTA :20" could not be registered on the interface
with IP address 169.254.86.255. The computer with the IP address 192.168.1.3 did
not allow the name to be claimed by this computer.

Error - 6/16/2010 21:13:57 | Computer Name = kboucher-VISTA | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AA3BCBCC-A90C-4A82-BF9A-FFF8967FCCE0}
because another computer on the network has the same name. The server could not
start.

Error - 6/16/2010 21:13:57 | Computer Name = kboucher-VISTA | Source = netbt | ID = 4321
Description = The name "KBOUCHER-VISTA :0" could not be registered on the interface
with IP address 192.168.1.3. The computer with the IP address 169.254.86.255 did
not allow the name to be claimed by this computer.

Error - 6/16/2010 21:13:57 | Computer Name = kboucher-VISTA | Source = netbt | ID = 4321
Description = The name "KBOUCHER-VISTA :20" could not be registered on the interface
with IP address 192.168.1.3. The computer with the IP address 169.254.86.255 did
not allow the name to be claimed by this computer.

Error - 6/16/2010 21:14:01 | Computer Name = kboucher-VISTA | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >


#4 FTWanderer

FTWanderer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 16 June 2010 - 09:26 PM

GMER ran for a long time, then rebooted my computer, and I got nothing. :shrug:

It looked like it found a bunch of stuff, though. I'll try again overnight and see what happens.

#5 FTWanderer

FTWanderer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 16 June 2010 - 10:55 PM

Okay Elise, here is the GMER log. I couldn't use the copy button because I had to reboot before I could get back online (safe mode), but I assume copy/pasting the log yields the same output:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-16 23:43:10
Windows 6.0.6000
Running: gmer.exe; Driver: C:\Users\Ken\AppData\Local\Temp\axldrpog.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 84D15BF8
INT 0x62 ? 84D15BF8
INT 0x72 ? 84D15BF8
INT 0x81 ? 84B43BF8
INT 0x82 ? 84D15BF8
INT 0x91 ? 84B43BF8
INT 0xA1 ? 84B43BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spnq.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8B7F2ACF 5 Bytes JMP 84D151D8
.text a5seux69.SYS 8B6C9000 22 Bytes [1A, 72, 7A, 82, 04, 71, 7A, ...]
.text a5seux69.SYS 8B6C9017 95 Bytes [00, 99, 07, 24, 80, A4, 05, ...]
.text a5seux69.SYS 8B6C9077 85 Bytes [82, D6, 2E, 48, 82, 13, 8A, ...]
.text a5seux69.SYS 8B6C90CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text a5seux69.SYS 8B6C90DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [807026D2] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80702040] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [807027FC] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [807020BE] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8070213C] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80712048] \SystemRoot\System32\Drivers\spnq.sys
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8B6EEFBC] \SystemRoot\System32\Drivers\a5seux69.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 01F045C7
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E8000000
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortMoveMemory] 0001E4E4
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortReadPortUshort] 4675C73B
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 6EEFC8A1
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 8D526A8B
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\a5seux69.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84B481F8
Device \FileSystem\fastfat \FatCdrom 85036368

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84B451F8
Device \Driver\usbohci \Device\USBPDO-0 84D851F8
Device \Driver\usbohci \Device\USBPDO-1 84D851F8
Device \Driver\usbohci \Device\USBPDO-2 84D851F8
Device \Driver\usbohci \Device\USBPDO-3 84D851F8
Device \Driver\usbohci \Device\USBPDO-4 84D851F8
Device \Driver\usbehci \Device\USBPDO-5 84D861F8
Device \Driver\volmgr \Device\HarddiskVolume1 84B451F8
Device \Driver\volmgr \Device\HarddiskVolume2 84B451F8
Device \Driver\cdrom \Device\CdRom0 84DB71F8
Device \Driver\volmgr \Device\HarddiskVolume3 84B451F8
Device \Driver\cdrom \Device\CdRom1 84DB71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84B471F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84B471F8
Device \Driver\atapi \Device\Ide\IdePort0 84B471F8
Device \Driver\atapi \Device\Ide\IdePort1 84B471F8
Device \Driver\atapi \Device\Ide\IdePort2 84B471F8
Device \Driver\atapi \Device\Ide\IdePort3 84B471F8
Device \Driver\iScsiPrt \Device\RaidPort0 84E071F8
Device \Driver\usbohci \Device\USBFDO-0 84D851F8
Device \Driver\PCI_PNP2562 \Device\0000006d spnq.sys
Device \Driver\usbohci \Device\USBFDO-1 84D851F8
Device \Driver\usbohci \Device\USBFDO-2 84D851F8
Device \Driver\usbohci \Device\USBFDO-3 84D851F8
Device \Driver\sptd \Device\2332408812 spnq.sys
Device \Driver\usbohci \Device\USBFDO-4 84D851F8
Device \Driver\usbehci \Device\USBFDO-5 84D861F8
Device \Driver\a5seux69 \Device\Scsi\a5seux691Port5Path0Target0Lun0 84E03408
Device \Driver\a5seux69 \Device\Scsi\a5seux691 84E03408
Device \FileSystem\fastfat \Fat 85036368

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 850311F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Fonts@LogPixels 96
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings@ProxyEnable 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\QuickBooks PDF Converter@Activation Error Text You cannot print directly to the QuickBooks PDF Converter. Try using QuickBooks Save as PDF menu option.
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\QuickBooks PDF Converter@Activation Error Title QuickBooks PDF Converter Activation Error -20
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Canon D460-490 (Copy 1)
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Canon D460-490 (Copy 1)@PrinterOnLine 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Canon D460-490 (FAX) (Copy 1)
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Canon D460-490 (FAX) (Copy 1)@PrinterOnLine 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Dell Photo Printer 720
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Dell Photo Printer 720@PrinterOnLine 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\HP LaserJet P1006
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\HP LaserJet P1006@PrinterOnLine 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 5600-6600 Series
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 5600-6600 Series@PrinterOnLine 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 5600-6600 Series (USB)
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 5600-6600 Series (USB)@PrinterOnLine 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@Attach.ToDesktop 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.BitsPerPel 8
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.XResolution 1024
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.YResolution 768
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.VRefresh 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@Attach.RelativeX 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@Attach.RelativeY 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@Attach.ToDesktop 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.BitsPerPel 8
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.XResolution 1024
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.YResolution 768
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.VRefresh 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@Attach.RelativeX 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@Attach.RelativeY 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@Attach.ToDesktop 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.BitsPerPel 32
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.XResolution 1280
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.YResolution 800
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.VRefresh 60
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@Attach.RelativeX 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@Attach.RelativeY 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@Attach.ToDesktop 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.BitsPerPel 32
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.XResolution 1280
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.YResolution 800
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.VRefresh 60
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@Attach.RelativeX 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@Attach.RelativeY 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@Attach.ToDesktop 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.BitsPerPel 32
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.XResolution 1280
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.YResolution 800
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.VRefresh 60
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{E2360F6D-9882-493F-9657-C019F7FA0ED5}
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{E2360F6D-9882-493F-9657-C019F7FA0ED5}\0000
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{E2360F6D-9882-493F-9657-C019F7FA0ED5}\0000@Attach.ToDesktop 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\USB
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD\DEVICE0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD\DEVICE0@Attach.ToDesktop 1
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0
Reg HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@Attach.ToDesktop 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x95 0x24 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x88 0x12 0xE3 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x84 0x91 0x11 0x1A ...
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\Software\Fonts@LogPixels 96
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\Software\Microsoft\windows (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings@ProxyEnable 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\Software\QuickBooks PDF Converter@Activation Error Text You cannot print directly to the QuickBooks PDF Converter. Try using QuickBooks Save as PDF menu option.
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\Software\QuickBooks PDF Converter@Activation Error Title QuickBooks PDF Converter Activation Error -20
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Canon D460-490 (Copy 1) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Canon D460-490 (Copy 1)@PrinterOnLine 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Canon D460-490 (FAX) (Copy 1) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Canon D460-490 (FAX) (Copy 1)@PrinterOnLine 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Dell Photo Printer 720 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Dell Photo Printer 720@PrinterOnLine 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\HP LaserJet P1006 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\HP LaserJet P1006@PrinterOnLine 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 5600-6600 Series (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 5600-6600 Series@PrinterOnLine 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 5600-6600 Series (USB) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\Lexmark 5600-6600 Series (USB)@PrinterOnLine 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D} (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@Attach.ToDesktop 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.BitsPerPel 8
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.XResolution 1024
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.YResolution 768
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.VRefresh 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@Attach.RelativeX 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000@Attach.RelativeY 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@Attach.ToDesktop 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.BitsPerPel 8
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.XResolution 1024
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.YResolution 768
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.VRefresh 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@Attach.RelativeX 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{186E1953-AF49-4C89-92EC-82B1335EB08D}\0000\Mon12345678@Attach.RelativeY 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643} (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@Attach.ToDesktop 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.BitsPerPel 32
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.XResolution 1280
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.YResolution 800
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.VRefresh 60
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@Attach.RelativeX 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000@Attach.RelativeY 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@Attach.ToDesktop 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.BitsPerPel 32
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.XResolution 1280
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.YResolution 800
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.VRefresh 60
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@Attach.RelativeX 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0000\Mon10000000@Attach.RelativeY 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@Attach.ToDesktop 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.BitsPerPel 32
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.XResolution 1280
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.YResolution 800
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.VRefresh 60
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.Flags 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.XPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.YPanning 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.Orientation 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{A7FC6DD1-4FF1-490E-A114-8285CDA85643}\0001@DefaultSettings.FixedOutput 0
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{E2360F6D-9882-493F-9657-C019F7FA0ED5} (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{E2360F6D-9882-493F-9657-C019F7FA0ED5}\0000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{E2360F6D-9882-493F-9657-C019F7FA0ED5}\0000@Attach.ToDesktop 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\Enum\USB (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\SERVICES (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD\DEVICE0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\TSDDD\DEVICE0@Attach.ToDesktop 1
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Hardware Profiles\0001\System\CurrentControlSet\SERVICES\VGASAVE\DEVICE0@Attach.ToDesktop 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x95 0x24 0x44 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x88 0x12 0xE3 0x86 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x84 0x91 0x11 0x1A ...

---- EOF - GMER 1.0.15 ----

Okay, tell me how messed up my laptop is: it's running silly-slow and this redirect is killing me.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:06 AM

Posted 17 June 2010 - 06:25 AM

Hello again,
Lets start some cleaning up...

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 FTWanderer

FTWanderer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 17 June 2010 - 08:12 PM

Thanks Elise. Here you go:

ComboFix 10-06-17.02 - Ken 06/17/2010 20:56:09.1.2 - x86
Running from: c:\users\Ken\Desktop\Temp Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\users\Ken\AppData\Roaming\Adobe\crc.dat
c:\users\Ken\GoToAssistDownloadHelper.exe
c:\windows\93bfe3ca-1bf1-4ae8-b812-1f3bc95e7619.ocx
c:\windows\Fonts\UNWISE.EXE
c:\windows\system32\2a700b3e-848e-485e-b458-90433d601fe5.dll
c:\windows\system32\tmp.reg
c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-18 01:06 . 2010-06-18 01:06 -------- d-----w- c:\users\Ken\AppData\Local\temp
2010-06-18 00:11 . 2010-06-18 00:45 -------- d-----w- C:\32788R22FWJFW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 00:51 . 2007-11-12 16:43 3249 --sha-w- c:\windows\system32\mmf.sys
2010-06-18 00:43 . 2007-05-11 04:16 -------- d-----w- c:\program files\McAfee
2010-06-18 00:43 . 2007-05-11 04:16 -------- d-----w- c:\programdata\McAfee
2010-06-13 02:20 . 2010-04-06 18:13 439816 ----a-w- c:\users\Ken\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-06-13 02:17 . 2010-05-03 00:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-10 14:51 . 2007-06-29 13:49 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 19:21 . 2009-01-01 02:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 21:21 . 2007-05-21 19:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-01 02:08 . 2008-09-17 02:03 -------- d-----w- c:\users\Ken\AppData\Roaming\dvdcss
2010-05-24 18:14 . 2008-01-22 20:52 -------- d-----w- c:\users\Ken\AppData\Roaming\U3
2010-05-21 18:14 . 2009-10-03 05:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-17 23:23 . 2010-04-27 14:31 -------- d-----w- c:\program files\Alwil Software
2010-05-13 03:19 . 2010-05-13 03:19 -------- d-----w- c:\users\Ken\AppData\Roaming\Basilisk Games
2010-05-13 02:56 . 2010-05-13 02:54 -------- d-----w- c:\program files\Eschalon Book II
2010-05-10 01:01 . 2010-05-08 18:40 -------- d-----w- c:\programdata\NOS
2010-05-09 17:18 . 2010-05-09 17:17 20854256 ----a-w- c:\users\Ken\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe
2010-05-08 18:36 . 2010-05-08 18:32 -------- d-----w- c:\program files\InterActual
2010-05-07 18:39 . 2009-11-01 19:36 -------- d-----w- c:\program files\The Rosetta Stone
2010-05-07 18:15 . 2007-11-12 16:43 -------- d-----w- c:\program files\Solecismic Software
2010-05-07 18:15 . 2007-06-29 13:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-07 18:15 . 2008-08-18 06:42 -------- d-----w- c:\program files\DOSBox-0.72
2010-05-07 18:15 . 2008-01-19 18:15 -------- d-----w- c:\program files\DivX
2010-05-07 18:00 . 2010-05-07 17:59 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-07 17:59 . 2010-05-07 17:59 -------- d-----w- c:\program files\Research In Motion
2010-05-07 17:54 . 2010-01-22 19:41 -------- d---a-w- c:\program files\Cake Poker
2010-05-07 17:54 . 2009-12-15 07:23 -------- d-----w- c:\program files\MagicISO
2010-05-07 04:25 . 2010-05-07 04:25 63488 ----a-w- c:\users\Ken\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-07 04:25 . 2010-05-03 00:43 117760 ----a-w- c:\users\Ken\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-07 04:23 . 2008-08-08 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 14:35 . 2010-05-05 14:35 -------- d-----w- c:\programdata\IObit
2010-05-05 13:52 . 2008-07-22 15:04 -------- d-----w- c:\programdata\eFax Messenger 4.3 Setup
2010-05-05 13:52 . 2007-05-11 04:12 -------- d-----w- c:\programdata\Roxio
2010-05-05 13:50 . 2008-08-06 19:01 -------- d-----w- c:\program files\VLC
2010-05-05 13:40 . 2010-02-11 02:23 -------- d-----w- c:\users\Ken\AppData\Roaming\IObit
2010-05-03 00:43 . 2010-05-03 00:43 52224 ----a-w- c:\users\Ken\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-03 00:40 . 2010-05-03 00:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-03 00:39 . 2010-05-03 00:39 -------- d-----w- c:\users\Ken\AppData\Roaming\SUPERAntiSpyware.com
2010-05-03 00:38 . 2010-05-03 00:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-30 20:03 . 2007-05-21 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-29 19:39 . 2008-08-08 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-08-08 03:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 14:31 . 2010-04-27 14:31 -------- d-----w- c:\programdata\Alwil Software
2010-04-15 00:41 . 2010-04-15 00:41 75264 ----a-w- c:\windows\system32\ffdb.sys
2010-04-07 02:31 . 2010-04-07 02:31 79368 ----a-w- c:\users\Ken\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-04-07 02:31 . 2010-04-07 02:31 64000 ----a-w- c:\users\Ken\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll
2010-04-07 02:31 . 2010-04-07 02:31 52288 ----a-w- c:\users\Ken\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll
2010-04-07 02:31 . 2010-04-07 02:31 50688 ----a-w- c:\users\Ken\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll
2010-04-07 02:31 . 2010-04-07 02:31 49152 ----a-w- c:\users\Ken\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll
2010-04-07 02:31 . 2010-04-07 02:31 118784 ----a-w- c:\users\Ken\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll
2007-05-11 11:43 . 2007-05-11 11:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-13 2403568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1540096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-21 1006264]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-19 202256]

c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-4-1 1716224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-08-05 717296]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-11-12 2560]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [x]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31v.sys [2008-03-18 425944]
R4 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-03-01 538096]
S1 ffdb;ffdb;c:\windows\system32\ffdb.sys [2010-04-15 75264]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-08-31 20352]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-26 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-18 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-11 15:03]

2010-06-18 c:\windows\Tasks\User_Feed_Synchronization-{B7F1480B-B800-49C3-8061-E5E2671C3939}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Linked&In Search
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\ymf9p8tx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official|http://www.yahoo.com/|http://www.netflix.com/WiGenre?sgid=387&lnkctr=mhwG387
FF - plugin: c:\users\Ken\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\Ken\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Font - c:\windows\Fonts\UNWISE.EXE
AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\users\Ken\AppData\Local\{18FA3A4F-75BB-4F0E-B631-C9C47B7BD948}\NBCDirectInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 21:06
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-17 21:10:28
ComboFix-quarantined-files.txt 2010-06-18 01:10

Pre-Run: 20,041,256,960 bytes free
Post-Run: 20,184,244,224 bytes free

- - End Of File - - F2A439A3F4F9CD5ED42087A9CDA0542E


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:06 AM

Posted 18 June 2010 - 08:23 AM

Hello again,
Please let me know how things are running now.

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avira or McAfee.


CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 FTWanderer

FTWanderer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 22 June 2010 - 08:44 PM

I'm still getting redirected from google searches, but the computer overall is running pretty well.

I don't show McAfee on the programs. I do have Malwarebytes, but not real time scanning, just to bring up the control panel. I also have superantispyware, but I disable it after startup every time. I got rid of it.

I wanted to check in so you didn't close my thread, but I'm travelling right now. I'll try to run that script soon, but it may take me a couple of days to check in.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:06 AM

Posted 23 June 2010 - 11:48 AM

Hello,
Thank you for letting me know, its no problem, I'll keep this open a couple of more days smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 FTWanderer

FTWanderer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 29 June 2010 - 07:32 PM

I can't seem to shake McAfee. It's not in my programs, I can't find it in applications, services, or processes, yet combofix insists I'm running it.

#12 FTWanderer

FTWanderer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 29 June 2010 - 08:28 PM

Okay, here it is:
ComboFix 10-06-29.02 - Ken 06/29/2010 21:08:11.3.2 - x86
Running from: c:\users\Ken\Desktop\Temp Downloads\ComboFix.exe
Command switches used :: c:\users\Ken\Desktop\Temp Downloads\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: AntiVir Desktop *disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 01:20 . 2010-06-30 01:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-30 01:20 . 2010-06-30 01:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-30 01:20 . 2010-06-30 01:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-30 01:04 . 2010-06-30 01:05 -------- d-----w- C:\32788R22FWJFW
2010-06-30 00:52 . 2010-06-30 01:21 -------- d-----w- c:\users\Ken\AppData\Local\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 00:59 . 2007-11-12 16:43 3249 --sha-w- c:\windows\system32\mmf.sys
2010-06-30 00:26 . 2007-05-21 19:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-30 00:26 . 2007-05-21 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-23 01:42 . 2010-05-03 00:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 01:29 . 2008-09-17 02:03 -------- d-----w- c:\users\Ken\AppData\Roaming\dvdcss
2010-06-18 00:43 . 2007-05-11 04:16 -------- d-----w- c:\program files\McAfee
2010-06-18 00:43 . 2007-05-11 04:16 -------- d-----w- c:\programdata\McAfee
2010-06-10 14:51 . 2007-06-29 13:49 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 19:21 . 2009-01-01 02:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-24 18:14 . 2008-01-22 20:52 -------- d-----w- c:\users\Ken\AppData\Roaming\U3
2010-05-21 18:14 . 2009-10-03 05:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-17 23:23 . 2010-04-27 14:31 -------- d-----w- c:\program files\Alwil Software
2010-05-13 03:19 . 2010-05-13 03:19 -------- d-----w- c:\users\Ken\AppData\Roaming\Basilisk Games
2010-05-13 02:56 . 2010-05-13 02:54 -------- d-----w- c:\program files\Eschalon Book II
2010-05-10 01:01 . 2010-05-08 18:40 -------- d-----w- c:\programdata\NOS
2010-05-08 18:36 . 2010-05-08 18:32 -------- d-----w- c:\program files\InterActual
2010-05-07 18:39 . 2009-11-01 19:36 -------- d-----w- c:\program files\The Rosetta Stone
2010-05-07 18:15 . 2007-11-12 16:43 -------- d-----w- c:\program files\Solecismic Software
2010-05-07 18:15 . 2007-06-29 13:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-07 18:15 . 2008-08-18 06:42 -------- d-----w- c:\program files\DOSBox-0.72
2010-05-07 18:15 . 2008-01-19 18:15 -------- d-----w- c:\program files\DivX
2010-05-07 18:00 . 2010-05-07 17:59 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-07 17:59 . 2010-05-07 17:59 -------- d-----w- c:\program files\Research In Motion
2010-05-07 17:54 . 2010-01-22 19:41 -------- d---a-w- c:\program files\Cake Poker
2010-05-07 17:54 . 2009-12-15 07:23 -------- d-----w- c:\program files\MagicISO
2010-05-07 04:23 . 2008-08-08 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 14:35 . 2010-05-05 14:35 -------- d-----w- c:\programdata\IObit
2010-05-05 13:52 . 2008-07-22 15:04 -------- d-----w- c:\programdata\eFax Messenger 4.3 Setup
2010-05-05 13:52 . 2007-05-11 04:12 -------- d-----w- c:\programdata\Roxio
2010-05-05 13:50 . 2008-08-06 19:01 -------- d-----w- c:\program files\VLC
2010-05-05 13:40 . 2010-02-11 02:23 -------- d-----w- c:\users\Ken\AppData\Roaming\IObit
2010-05-03 00:40 . 2010-05-03 00:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-29 19:39 . 2008-08-08 03:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-08-08 03:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 00:41 . 2010-04-15 00:41 75264 ----a-w- c:\windows\system32\ffdb.sys
2007-05-11 11:43 . 2007-05-11 11:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1540096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-05-21 1006264]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-19 202256]

c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-4-1 1716224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-11-12 2560]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [x]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WNDA31v.sys [2008-03-18 425944]
R4 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-03-01 538096]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-08-05 717296]
S1 ffdb;ffdb;c:\windows\system32\ffdb.sys [2010-04-15 75264]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-08-31 20352]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-30 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-11 15:03]

2010-06-30 c:\windows\Tasks\User_Feed_Synchronization-{B7F1480B-B800-49C3-8061-E5E2671C3939}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Linked&In Search
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\ymf9p8tx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official|http://www.yahoo.com/|http://www.netflix.com/WiGenre?sgid=387&lnkctr=mhwG387
FF - plugin: c:\users\Ken\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\Ken\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 21:21
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-29 21:26:53
ComboFix-quarantined-files.txt 2010-06-30 01:26
ComboFix2.txt 2010-06-18 01:10

Pre-Run: 17,875,857,408 bytes free
Post-Run: 17,721,581,568 bytes free

- - End Of File - - 8B071D8EE7AEEED9D339D7590B438394


And I still can't shake McAfee.

Thanks again.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:06 AM

Posted 30 June 2010 - 03:27 AM

QUOTE
I can't seem to shake McAfee. It's not in my programs, I can't find it in applications, services, or processes, yet combofix insists I'm running it.
I take it from this you want to get rid of it smile.gif

Dowload and save McAfee Removal Tool to your desktop.

Run it to remove McAfee. After this, please restart your computer.

When done, please let me know how things are running and what problems you still have left.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 FTWanderer

FTWanderer
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 01 July 2010 - 08:03 PM

My redirect seems to have been solved, thank you very much.

The McAfee tool didn't work, though. The install went all the way to 100%, then I got the message "McAfee Enterprise software detected. Cannot continue. Please contact McAfee Technical Support."

Ah, well. McAfee was the least of my problems. So much so that I didn't know it was a problem. If you have a solution, I'll take it, but if not, don't sweat it - you've been a huge help. smile.gif

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:06 AM

Posted 02 July 2010 - 05:12 AM

Please see if these steps help.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users