Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Win32:Malware-gen worming through cpu


  • Please log in to reply
26 replies to this topic

#1 graydj

graydj

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 16 August 2010 - 08:55 AM

Last week wife downloaded RealPlayer for youtube conversions, a data cd from a friend's cpu, and a Windows Update. Since then, Avast! has detectedy "y.exe" in the Users/Public/Favorites folder, identified it as "Win32:Malware-gen", placed it in the virus chest, but it keeps popping up and the warnings are non-stop. No major slowdowns or other symptoms other than the usb autoplay not operating. Was also told my 64bit OS version is going to be a problem for removing malware. Pasted are HijackThis and my Uninstall log

The HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:42:18 PM, on 8/15/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMuxCdma.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Wonderland\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3042491351-3088990282-3481813002-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Wonderland')
O4 - S-1-5-21-3042491351-3088990282-3481813002-1002 Startup: Microsoft.exe (User 'Wonderland')
O4 - S-1-5-21-3042491351-3088990282-3481813002-1002 User Startup: Microsoft.exe (User 'Wonderland')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applica ... uncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Clearwire Con App Svc (CACLEARWIRE) - SmithMicro Inc. - C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe
O23 - Service: Clearwire Device Diagnostics Service (clearwireDeviceDiagnosticsService) - Unknown owner - C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
O23 - Service: Clearwire RcAppSvc (CLEARWIRERcAppSvc) - SmithMicro Inc. - C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Clearwire Device Launch Service (SMSI Device Launch Service) - Unknown owner - C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 17373 bytes

The uninstall_list:

Acrobat.com
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Amazon MP3 Downloader 1.0.9
AMD USB Audio Driver Filter
Apple Application Support
Apple Software Update
Ask Toolbar
Ask.com Search Assistant 1.0.1
Atheros Driver Installation Program
avast! Free Antivirus
Avi to Mpeg 2.3
Catalyst Control Center - Branding
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink DVD Suite
Darkened Skye
Data Lifeguard Diagnostic for Windows
DivX Codec
DivX Converter
DivX Player
DivX Web Player
ESU for Microsoft Vista
Hilton Head Island Vacation Planner 2009
Hilton Head Island Vacation Planner 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart Music/Photo/Video
HP MediaSmart TV
HP MediaSmart TV
HP MediaSmart Webcam
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons
HP Total Care Advisor
HP Update
HP User Guides 0129
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPTCSSetup
IDT Audio
Java™ 6 Update 14
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller
Juno Preloader
LabelPrint
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mindjet MindManager 8
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetZero Preloader
Oxelon Media Converter 1.1
PDF Settings
Power2Go
Power2Go
PowerDirector
PowerDirector
QLBCASL
QuickTime
RealPlayer
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Slingbox - Watch Your TV Anywhere
SlingPlayer
Spelling Dictionaries Support For Adobe Reader 9
SPORE Creature Creator Trial Edition
SUPERAntiSpyware Free Edition
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VC80CRTRedist - 8.0.50727.762
WinRAR archiver

Thank You


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 23 August 2010 - 06:54 PM

Hello graydj

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 graydj

graydj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 24 August 2010 - 05:20 PM

OTL logfile created on: 8/24/2010 5:58:25 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\pj\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 359.70 Gb Total Space | 117.66 Gb Free Space | 32.71% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 1.59 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LOVEBOX-PC
Current User Name: pj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\pj\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMuxCdma.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\pj\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msvcr100_clr0400.dll (Microsoft Corporation)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll (Microsoft Corporation)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe ()
SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CACLEARWIRE) -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (clearwireDeviceDiagnosticsService) -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys ()
DRV:64bit: - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\SysNative\DRIVERS\swmx00.sys ()
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\DRIVERS\swmsflt.sys ()
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.SYS ()
DRV:64bit: - (bcm) -- C:\Windows\SysNative\DRIVERS\drxvi314_64.sys ()
DRV:64bit: - (bcmbusctr) -- C:\Windows\SysNative\DRIVERS\BcmBusCtr_64.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys ()
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys ()
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys ()
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:30 | 000,000,000 | ---D | M]

[2009/06/19 16:10:22 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions
[2009/06/19 16:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applicatio...torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.22.7.12 75.94.255.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O24 - Desktop BackupWallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\Auto\command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\shell32.dll -- [2010/07/26 12:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\explore\Command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{1ee4e6ef-db58-11de-a91b-00235a24ac4c}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell - "" = AutoRun
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 17:50:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/12 01:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/08/12 01:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/08/12 01:42:32 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Real
[2010/08/11 01:48:31 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/07 08:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/04 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\hpqLog
[2010/08/04 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2010/08/03 19:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
[2010/08/03 19:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clearwire
[2010/08/03 19:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Clearwire
[2010/08/03 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Clearwire
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Sierra Wireless
[2010/07/12 15:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/12 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Apple Computer
[2010/07/12 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Apple Computer
[2010/07/12 15:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 90 Days ==========

[2010/08/24 18:00:00 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job
[2010/08/24 17:58:14 | 002,359,296 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT
[2010/08/24 17:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/24 17:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 03:00:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/23 01:58:41 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 01:58:41 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/23 01:14:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWonderland.job
[2010/08/18 21:17:26 | 003,321,235 | -H-- | M] () -- C:\Users\pj\AppData\Local\IconCache.db
[2010/08/15 20:26:11 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/15 20:26:11 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/15 20:26:11 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\tasks\sqlservr.exe
[2010/08/12 18:54:55 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 17:16:00 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 17:16:00 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/11 01:48:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/11 01:41:13 | 002,321,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\tasks\d2.exe
[2010/08/08 10:19:35 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\tasks\ID.Conf
[2010/08/07 09:00:12 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 09:00:12 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/08/04 19:11:29 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | M] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/07/21 03:07:04 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:03:36 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:03:36 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TM.blf
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 16:37:56 | 000,051,280 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 16:37:36 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 16:33:17 | 000,028,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 16:33:00 | 000,061,008 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 16:32:36 | 000,020,048 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/28 02:16:21 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 12:24:28 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 12:24:28 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TM.blf
[2010/06/26 02:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 02:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 02:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 02:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 02:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 02:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 02:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 02:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 02:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 00:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 00:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 00:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/18 13:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/15 03:33:19 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/13 18:51:39 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/13 18:51:39 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TM.blf
[2010/06/08 23:01:03 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/06/08 13:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe

========== Files Created - No Company Name ==========

[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 18:52:07 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/10 20:34:13 | 000,054,784 | ---- | C] () -- C:\Windows\tasks\d2.exe
[2010/08/10 18:05:12 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/10 18:05:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/10 18:05:06 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/10 18:04:58 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/10 18:04:55 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/10 18:04:48 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/10 18:04:28 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/10 18:04:27 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/10 18:04:26 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/10 18:04:23 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/10 18:04:20 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/10 18:04:19 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/10 18:04:19 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/10 18:04:19 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/10 18:04:18 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/10 18:04:12 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/10 18:04:12 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/10 18:04:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/10 18:04:11 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/10 18:04:10 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/10 18:04:10 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/10 18:04:09 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/10 18:04:09 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/10 18:04:09 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/10 18:04:07 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/10 18:04:07 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/10 18:04:06 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/10 18:04:04 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/10 18:03:59 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/08 10:19:29 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 10:19:28 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 10:19:28 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/08 09:56:27 | 000,000,082 | ---- | C] () -- C:\Windows\tasks\ID.Conf
[2010/08/04 18:56:36 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | C] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/08/03 19:42:57 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\drivers\macxvi.cfg
[2010/08/03 01:25:05 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/21 03:07:01 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:07:01 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:07:01 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/06/28 02:16:16 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/28 02:16:15 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 02:16:15 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TM.blf
[2010/06/24 01:10:41 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/24 01:10:41 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/24 01:10:31 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/24 01:10:29 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/24 01:10:28 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/24 01:09:04 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 01:09:04 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 01:09:04 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 01:09:04 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/24 01:09:03 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 00:45:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/24 00:45:39 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/15 03:33:11 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 03:33:11 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 03:33:11 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TM.blf
[2010/06/14 15:56:17 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/14 15:56:10 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/14 15:54:26 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/14 15:53:36 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/07 23:34:23 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/28 02:26:29 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/03/05 01:51:33 | 000,419,336 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5A86.txt
[2010/03/05 01:51:31 | 000,011,602 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5A86.txt
[2010/01/31 01:02:14 | 000,023,604 | ---- | C] () -- C:\Users\pj\AppData\Roaming\UserTile.png
[2010/01/30 00:54:18 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/27 10:07:16 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/19 23:47:09 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/06/19 16:09:37 | 000,425,816 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5ED4.txt
[2009/06/19 16:09:36 | 000,014,472 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5ED4.txt
[2009/04/02 13:41:18 | 000,031,744 | ---- | C] () -- C:\Users\pj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 23:21:14 | 000,006,836 | ---- | C] () -- C:\Users\pj\AppData\Local\d3d9caps.dat
[2009/03/29 19:29:20 | 000,000,374 | ---- | C] () -- C:\Users\pj\AppData\Roaming\wklnhst.dat
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\QSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\DSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\AtStart.txt
[2009/01/29 18:52:06 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/29 18:51:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/29 18:51:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/29 18:50:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/29 18:47:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/23 05:36:50 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 05:27:23 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 05:24:31 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 05:22:26 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/15 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\BitTorrent
[2009/09/11 11:54:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\OxelonMC
[2010/01/31 01:02:13 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\PeerNetworking
[2009/06/19 16:10:19 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Radical Software Ltd
[2010/08/03 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Sierra Wireless
[2009/03/29 19:29:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Template
[2010/08/15 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\uTorrent
[2009/03/31 19:13:36 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\WildTangent
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\Tasks\d2.exe
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\Tasks\ID.Conf
[2010/08/23 03:00:33 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\Tasks\sqlservr.exe
[2010/08/24 18:00:00 | 000,000,444 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 22:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2010/08/24 17:35:27 | 042,881,023 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< End of report >
PRC - C:\Users\pj\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMuxCdma.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\pj\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msvcr100_clr0400.dll (Microsoft Corporation)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll (Microsoft Corporation)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe ()
SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CACLEARWIRE) -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (clearwireDeviceDiagnosticsService) -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys ()
DRV:64bit: - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\SysNative\DRIVERS\swmx00.sys ()
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\DRIVERS\swmsflt.sys ()
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.SYS ()
DRV:64bit: - (bcm) -- C:\Windows\SysNative\DRIVERS\drxvi314_64.sys ()
DRV:64bit: - (bcmbusctr) -- C:\Windows\SysNative\DRIVERS\BcmBusCtr_64.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys ()
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys ()
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys ()
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:30 | 000,000,000 | ---D | M]

[2009/06/19 16:10:22 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions
[2009/06/19 16:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applicatio...torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.22.7.12 75.94.255.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O24 - Desktop BackupWallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\Auto\command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\shell32.dll -- [2010/07/26 12:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\explore\Command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{1ee4e6ef-db58-11de-a91b-00235a24ac4c}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell - "" = AutoRun
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 17:50:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/12 01:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/08/12 01:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/08/12 01:42:32 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Real
[2010/08/11 01:48:31 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/07 08:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/04 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\hpqLog
[2010/08/04 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2010/08/03 19:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
[2010/08/03 19:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clearwire
[2010/08/03 19:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Clearwire
[2010/08/03 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Clearwire
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Sierra Wireless
[2010/07/12 15:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/12 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Apple Computer
[2010/07/12 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Apple Computer
[2010/07/12 15:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 90 Days ==========

[2010/08/24 18:00:00 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job
[2010/08/24 17:58:14 | 002,359,296 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT
[2010/08/24 17:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/24 17:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 03:00:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/23 01:58:41 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 01:58:41 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/23 01:14:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWonderland.job
[2010/08/18 21:17:26 | 003,321,235 | -H-- | M] () -- C:\Users\pj\AppData\Local\IconCache.db
[2010/08/15 20:26:11 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/15 20:26:11 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/15 20:26:11 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\tasks\sqlservr.exe
[2010/08/12 18:54:55 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 17:16:00 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 17:16:00 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/11 01:48:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/11 01:41:13 | 002,321,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\tasks\d2.exe
[2010/08/08 10:19:35 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\tasks\ID.Conf
[2010/08/07 09:00:12 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 09:00:12 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/08/04 19:11:29 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | M] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/07/21 03:07:04 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:03:36 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:03:36 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TM.blf
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 16:37:56 | 000,051,280 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 16:37:36 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 16:33:17 | 000,028,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 16:33:00 | 000,061,008 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 16:32:36 | 000,020,048 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/28 02:16:21 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 12:24:28 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 12:24:28 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TM.blf
[2010/06/26 02:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 02:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 02:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 02:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 02:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 02:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 02:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 02:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 02:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 00:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 00:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 00:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/18 13:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/15 03:33:19 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/13 18:51:39 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/13 18:51:39 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TM.blf
[2010/06/08 23:01:03 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/06/08 13:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe

========== Files Created - No Company Name ==========

[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 18:52:07 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/10 20:34:13 | 000,054,784 | ---- | C] () -- C:\Windows\tasks\d2.exe
[2010/08/10 18:05:12 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/10 18:05:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/10 18:05:06 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/10 18:04:58 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/10 18:04:55 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/10 18:04:48 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/10 18:04:28 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/10 18:04:27 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/10 18:04:26 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/10 18:04:23 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/10 18:04:20 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/10 18:04:19 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/10 18:04:19 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/10 18:04:19 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/10 18:04:18 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/10 18:04:12 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/10 18:04:12 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/10 18:04:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/10 18:04:11 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/10 18:04:10 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/10 18:04:10 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/10 18:04:09 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/10 18:04:09 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/10 18:04:09 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/10 18:04:07 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/10 18:04:07 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/10 18:04:06 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/10 18:04:04 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/10 18:03:59 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/08 10:19:29 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 10:19:28 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 10:19:28 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/08 09:56:27 | 000,000,082 | ---- | C] () -- C:\Windows\tasks\ID.Conf
[2010/08/04 18:56:36 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | C] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/08/03 19:42:57 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\drivers\macxvi.cfg
[2010/08/03 01:25:05 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/21 03:07:01 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:07:01 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:07:01 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/06/28 02:16:16 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/28 02:16:15 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 02:16:15 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TM.blf
[2010/06/24 01:10:41 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/24 01:10:41 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/24 01:10:31 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/24 01:10:29 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/24 01:10:28 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/24 01:09:04 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 01:09:04 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 01:09:04 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 01:09:04 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/24 01:09:03 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 00:45:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/24 00:45:39 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/15 03:33:11 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 03:33:11 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 03:33:11 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TM.blf
[2010/06/14 15:56:17 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/14 15:56:10 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/14 15:54:26 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/14 15:53:36 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/07 23:34:23 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/28 02:26:29 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/03/05 01:51:33 | 000,419,336 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5A86.txt
[2010/03/05 01:51:31 | 000,011,602 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5A86.txt
[2010/01/31 01:02:14 | 000,023,604 | ---- | C] () -- C:\Users\pj\AppData\Roaming\UserTile.png
[2010/01/30 00:54:18 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/27 10:07:16 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/19 23:47:09 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/06/19 16:09:37 | 000,425,816 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5ED4.txt
[2009/06/19 16:09:36 | 000,014,472 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5ED4.txt
[2009/04/02 13:41:18 | 000,031,744 | ---- | C] () -- C:\Users\pj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 23:21:14 | 000,006,836 | ---- | C] () -- C:\Users\pj\AppData\Local\d3d9caps.dat
[2009/03/29 19:29:20 | 000,000,374 | ---- | C] () -- C:\Users\pj\AppData\Roaming\wklnhst.dat
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\QSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\DSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\AtStart.txt
[2009/01/29 18:52:06 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/29 18:51:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/29 18:51:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/29 18:50:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/29 18:47:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/23 05:36:50 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 05:27:23 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 05:24:31 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 05:22:26 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/15 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\BitTorrent
[2009/09/11 11:54:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\OxelonMC
[2010/01/31 01:02:13 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\PeerNetworking
[2009/06/19 16:10:19 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Radical Software Ltd
[2010/08/03 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Sierra Wireless
[2009/03/29 19:29:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Template
[2010/08/15 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\uTorrent
[2009/03/31 19:13:36 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\WildTangent
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\Tasks\d2.exe
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\Tasks\ID.Conf
[2010/08/23 03:00:33 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\Tasks\sqlservr.exe
[2010/08/24 18:00:00 | 000,000,444 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 22:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2010/08/24 17:35:27 | 042,881,023 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< End of report >
PRC - C:\Users\pj\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMuxCdma.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\pj\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msvcr100_clr0400.dll (Microsoft Corporation)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll (Microsoft Corporation)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe ()
SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CACLEARWIRE) -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (clearwireDeviceDiagnosticsService) -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)




========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys ()
DRV:64bit: - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\SysNative\DRIVERS\swmx00.sys ()
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\DRIVERS\swmsflt.sys ()
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.SYS ()
DRV:64bit: - (bcm) -- C:\Windows\SysNative\DRIVERS\drxvi314_64.sys ()
DRV:64bit: - (bcmbusctr) -- C:\Windows\SysNative\DRIVERS\BcmBusCtr_64.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys ()
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys ()
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys ()
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:30 | 000,000,000 | ---D | M]

[2009/06/19 16:10:22 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions
[2009/06/19 16:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applicatio...torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.22.7.12 75.94.255.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O24 - Desktop BackupWallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\Auto\command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\shell32.dll -- [2010/07/26 12:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\explore\Command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{1ee4e6ef-db58-11de-a91b-00235a24ac4c}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell - "" = AutoRun
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 17:50:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/12 01:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/08/12 01:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/08/12 01:42:32 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Real
[2010/08/11 01:48:31 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/07 08:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/04 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\hpqLog
[2010/08/04 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2010/08/03 19:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
[2010/08/03 19:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clearwire
[2010/08/03 19:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Clearwire
[2010/08/03 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Clearwire
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Sierra Wireless
[2010/07/12 15:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/12 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Apple Computer
[2010/07/12 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Apple Computer
[2010/07/12 15:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 90 Days ==========

[2010/08/24 18:06:57 | 002,359,296 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT
[2010/08/24 18:04:59 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job
[2010/08/24 17:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/24 17:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 03:00:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/23 01:58:41 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 01:58:41 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/23 01:14:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWonderland.job
[2010/08/18 21:17:26 | 003,321,235 | -H-- | M] () -- C:\Users\pj\AppData\Local\IconCache.db
[2010/08/15 20:26:11 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/15 20:26:11 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/15 20:26:11 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\tasks\sqlservr.exe
[2010/08/12 18:54:55 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 17:16:00 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 17:16:00 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/11 01:48:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/11 01:41:13 | 002,321,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\tasks\d2.exe
[2010/08/08 10:19:35 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\tasks\ID.Conf
[2010/08/07 09:00:12 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 09:00:12 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/08/04 19:11:29 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | M] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/07/21 03:07:04 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:03:36 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:03:36 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TM.blf
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 16:37:56 | 000,051,280 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 16:37:36 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 16:33:17 | 000,028,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 16:33:00 | 000,061,008 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 16:32:36 | 000,020,048 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/28 02:16:21 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 12:24:28 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 12:24:28 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TM.blf
[2010/06/26 02:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 02:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 02:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 02:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 02:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 02:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 02:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 02:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 02:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 00:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 00:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 00:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/18 13:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/15 03:33:19 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/13 18:51:39 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/13 18:51:39 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TM.blf
[2010/06/08 23:01:03 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/06/08 13:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe

========== Files Created - No Company Name ==========

[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 18:52:07 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/10 20:34:13 | 000,054,784 | ---- | C] () -- C:\Windows\tasks\d2.exe
[2010/08/10 18:05:12 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/10 18:05:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/10 18:05:06 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/10 18:04:58 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/10 18:04:55 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/10 18:04:48 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/10 18:04:28 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/10 18:04:27 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/10 18:04:26 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/10 18:04:23 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/10 18:04:20 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/10 18:04:19 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/10 18:04:19 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/10 18:04:19 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/10 18:04:18 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/10 18:04:12 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/10 18:04:12 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/10 18:04:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/10 18:04:11 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/10 18:04:10 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/10 18:04:10 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/10 18:04:09 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/10 18:04:09 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/10 18:04:09 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/10 18:04:07 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/10 18:04:07 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/10 18:04:06 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/10 18:04:04 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/10 18:03:59 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/08 10:19:29 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 10:19:28 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 10:19:28 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/08 09:56:27 | 000,000,082 | ---- | C] () -- C:\Windows\tasks\ID.Conf
[2010/08/04 18:56:36 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | C] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/08/03 19:42:57 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\drivers\macxvi.cfg
[2010/08/03 01:25:05 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/21 03:07:01 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:07:01 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:07:01 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/06/28 02:16:16 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/28 02:16:15 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 02:16:15 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TM.blf
[2010/06/24 01:10:41 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/24 01:10:41 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/24 01:10:31 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/24 01:10:29 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/24 01:10:28 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/24 01:09:04 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 01:09:04 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 01:09:04 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 01:09:04 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/24 01:09:03 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 00:45:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/24 00:45:39 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/15 03:33:11 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 03:33:11 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 03:33:11 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TM.blf
[2010/06/14 15:56:17 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/14 15:56:10 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/14 15:54:26 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/14 15:53:36 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/07 23:34:23 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/28 02:26:29 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/03/05 01:51:33 | 000,419,336 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5A86.txt
[2010/03/05 01:51:31 | 000,011,602 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5A86.txt
[2010/01/31 01:02:14 | 000,023,604 | ---- | C] () -- C:\Users\pj\AppData\Roaming\UserTile.png
[2010/01/30 00:54:18 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/27 10:07:16 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/19 23:47:09 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/06/19 16:09:37 | 000,425,816 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5ED4.txt
[2009/06/19 16:09:36 | 000,014,472 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5ED4.txt
[2009/04/02 13:41:18 | 000,031,744 | ---- | C] () -- C:\Users\pj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 23:21:14 | 000,006,836 | ---- | C] () -- C:\Users\pj\AppData\Local\d3d9caps.dat
[2009/03/29 19:29:20 | 000,000,374 | ---- | C] () -- C:\Users\pj\AppData\Roaming\wklnhst.dat
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\QSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\DSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\AtStart.txt
[2009/01/29 18:52:06 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/29 18:51:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/29 18:51:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/29 18:50:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/29 18:47:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/23 05:36:50 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 05:27:23 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 05:24:31 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 05:22:26 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/15 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\BitTorrent
[2009/09/11 11:54:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\OxelonMC
[2010/01/31 01:02:13 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\PeerNetworking
[2009/06/19 16:10:19 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Radical Software Ltd
[2010/08/03 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Sierra Wireless
[2009/03/29 19:29:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Template
[2010/08/15 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\uTorrent
[2009/03/31 19:13:36 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\WildTangent
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\Tasks\d2.exe
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\Tasks\ID.Conf
[2010/08/23 03:00:33 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\Tasks\sqlservr.exe
[2010/08/24 18:04:59 | 000,000,444 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 22:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2010/08/24 17:35:27 | 042,881,023 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< End of report >
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe ()
SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CACLEARWIRE) -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (clearwireDeviceDiagnosticsService) -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys ()
DRV:64bit: - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\SysNative\DRIVERS\swmx00.sys ()
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\DRIVERS\swmsflt.sys ()
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.SYS ()
DRV:64bit: - (bcm) -- C:\Windows\SysNative\DRIVERS\drxvi314_64.sys ()
DRV:64bit: - (bcmbusctr) -- C:\Windows\SysNative\DRIVERS\BcmBusCtr_64.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys ()
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys ()
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys ()
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:30 | 000,000,000 | ---D | M]

[2009/06/19 16:10:22 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions
[2009/06/19 16:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applicatio...torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.22.7.12 75.94.255.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O24 - Desktop BackupWallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\Auto\command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\shell32.dll -- [2010/07/26 12:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\explore\Command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{1ee4e6ef-db58-11de-a91b-00235a24ac4c}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell - "" = AutoRun
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 17:50:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/12 01:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/08/12 01:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/08/12 01:42:32 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Real
[2010/08/11 01:48:31 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/07 08:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/04 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\hpqLog
[2010/08/04 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2010/08/03 19:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
[2010/08/03 19:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clearwire
[2010/08/03 19:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Clearwire
[2010/08/03 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Clearwire
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Sierra Wireless
[2010/07/12 15:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/12 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Apple Computer
[2010/07/12 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Apple Computer
[2010/07/12 15:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 90 Days ==========

[2010/08/24 18:09:59 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job
[2010/08/24 18:06:57 | 002,359,296 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT
[2010/08/24 17:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/24 17:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 03:00:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/23 01:58:41 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 01:58:41 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/23 01:14:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWonderland.job
[2010/08/18 21:17:26 | 003,321,235 | -H-- | M] () -- C:\Users\pj\AppData\Local\IconCache.db
[2010/08/15 20:26:11 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/15 20:26:11 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/15 20:26:11 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\tasks\sqlservr.exe
[2010/08/12 18:54:55 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 17:16:00 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 17:16:00 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/11 01:48:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/11 01:41:13 | 002,321,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\tasks\d2.exe
[2010/08/08 10:19:35 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\tasks\ID.Conf
[2010/08/07 09:00:12 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 09:00:12 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/08/04 19:11:29 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | M] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/07/21 03:07:04 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:03:36 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:03:36 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TM.blf
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 16:37:56 | 000,051,280 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 16:37:36 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 16:33:17 | 000,028,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 16:33:00 | 000,061,008 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 16:32:36 | 000,020,048 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/28 02:16:21 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 12:24:28 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 12:24:28 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TM.blf
[2010/06/26 02:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 02:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 02:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 02:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 02:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 02:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 02:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 02:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 02:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 00:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 00:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 00:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/18 13:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/15 03:33:19 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/13 18:51:39 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/13 18:51:39 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TM.blf
[2010/06/08 23:01:03 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/06/08 13:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe

========== Files Created - No Company Name ==========

[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 18:52:07 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/10 20:34:13 | 000,054,784 | ---- | C] () -- C:\Windows\tasks\d2.exe
[2010/08/10 18:05:12 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/10 18:05:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/10 18:05:06 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/10 18:04:58 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/10 18:04:55 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/10 18:04:48 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/10 18:04:28 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/10 18:04:27 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/10 18:04:26 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/10 18:04:23 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/10 18:04:20 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/10 18:04:19 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/10 18:04:19 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/10 18:04:19 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/10 18:04:18 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/10 18:04:12 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/10 18:04:12 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/10 18:04:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/10 18:04:11 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/10 18:04:10 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/10 18:04:10 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/10 18:04:09 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/10 18:04:09 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/10 18:04:09 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/10 18:04:07 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/10 18:04:07 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/10 18:04:06 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/10 18:04:04 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/10 18:03:59 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/08 10:19:29 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 10:19:28 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 10:19:28 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/08 09:56:27 | 000,000,082 | ---- | C] () -- C:\Windows\tasks\ID.Conf
[2010/08/04 18:56:36 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | C] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/08/03 19:42:57 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\drivers\macxvi.cfg
[2010/08/03 01:25:05 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/21 03:07:01 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:07:01 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:07:01 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/06/28 02:16:16 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/28 02:16:15 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/28 02:16:15 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TM.blf
[2010/06/24 01:10:41 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/24 01:10:41 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/06/24 01:10:31 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/06/24 01:10:29 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/06/24 01:10:28 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/06/24 01:09:04 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/06/24 01:09:04 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/24 01:09:04 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/24 01:09:04 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/06/24 01:09:03 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/06/24 00:45:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/06/24 00:45:39 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/06/15 03:33:11 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 03:33:11 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 03:33:11 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TM.blf
[2010/06/14 15:56:17 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/06/14 15:56:10 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/06/14 15:54:26 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/06/14 15:53:36 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/06/07 23:34:23 | 4024,262,656 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/28 02:26:29 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/03/05 01:51:33 | 000,419,336 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5A86.txt
[2010/03/05 01:51:31 | 000,011,602 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5A86.txt
[2010/01/31 01:02:14 | 000,023,604 | ---- | C] () -- C:\Users\pj\AppData\Roaming\UserTile.png
[2010/01/30 00:54:18 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/27 10:07:16 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/19 23:47:09 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/06/19 16:09:37 | 000,425,816 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5ED4.txt
[2009/06/19 16:09:36 | 000,014,472 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5ED4.txt
[2009/04/02 13:41:18 | 000,031,744 | ---- | C] () -- C:\Users\pj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 23:21:14 | 000,006,836 | ---- | C] () -- C:\Users\pj\AppData\Local\d3d9caps.dat
[2009/03/29 19:29:20 | 000,000,374 | ---- | C] () -- C:\Users\pj\AppData\Roaming\wklnhst.dat
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\QSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\DSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\AtStart.txt
[2009/01/29 18:52:06 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/29 18:51:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/29 18:51:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/29 18:50:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/29 18:47:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/23 05:36:50 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 05:27:23 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 05:24:31 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 05:22:26 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/15 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\BitTorrent
[2009/09/11 11:54:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\OxelonMC
[2010/01/31 01:02:13 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\PeerNetworking
[2009/06/19 16:10:19 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Radical Software Ltd
[2010/08/03 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Sierra Wireless
[2009/03/29 19:29:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Template
[2010/08/15 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\uTorrent
[2009/03/31 19:13:36 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\WildTangent
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\Tasks\d2.exe
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\Tasks\ID.Conf
[2010/08/23 03:00:33 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\Tasks\sqlservr.exe
[2010/08/24 18:09:59 | 000,000,444 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 22:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2010/08/24 17:35:27 | 042,881,023 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< End of report >
[2010/08/15 20:26:11 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/15 20:26:11 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/15 20:26:11 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/11 01:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/11 01:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/08/11 01:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/12 15:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/06/26 02:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/18 13:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/08 13:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

========== Files - Modified Within 90 Days ==========

[2010/08/24 18:09:59 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job
[2010/08/24 18:06:57 | 002,359,296 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT
[2010/08/24 17:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 17:35:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/24 17:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 03:00:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/23 01:58:41 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 01:58:41 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/23 01:14:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWonderland.job
[2010/08/18 21:17:26 | 003,321,235 | -H-- | M] () -- C:\Users\pj\AppData\Local\IconCache.db
[2010/08/15 20:26:11 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/15 20:26:11 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/15 20:26:11 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\tasks\sqlservr.exe
[2010/08/12 18:54:55 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 17:16:00 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 17:16:00 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/11 01:48:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/11 01:41:13 | 002,321,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\tasks\d2.exe
[2010/08/08 10:19:35 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\tasks\ID.Conf
[2010/08/07 09:00:12 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 09:00:12 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/08/04 19:11:29 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | M] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/07/21 03:07:04 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:03:36 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:03:36 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TM.blf
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 16:37:56 | 000,051,280 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 16:37:36 | 000,121,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 16:33:17 | 000,028,752 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 16:33:00 | 000,061,008 | ---- | M] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 16:32:36 | 000,020,048 | ---- | M] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/28 02:16:21 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{47d33b6a-81e4-11df-9fe9-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/27 12:24:28 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/27 12:24:28 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TM.blf
[2010/06/26 02:28:41 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2010/06/26 02:26:43 | 000,706,048 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2010/06/26 02:26:05 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/26 02:25:54 | 002,335,744 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2010/06/26 02:25:54 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2010/06/26 02:25:54 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2010/06/26 02:25:54 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2010/06/26 02:25:53 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2010/06/26 02:25:53 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2010/06/26 00:47:47 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/26 00:47:29 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/26 00:46:54 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/18 13:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll
[2010/06/15 03:33:19 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{f6f22de7-773e-11df-a185-00235a24ac4c}.TMContainer00000000000000000002.regtrans-ms
[2010/06/13 18:51:39 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/06/13 18:51:39 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{284dd8a2-412d-11df-94ac-00235a24ac4c}.TM.blf
[2010/06/08 23:01:03 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/06/08 13:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe

========== LOP Check ==========

[2010/08/15 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\BitTorrent
[2009/09/11 11:54:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\OxelonMC
[2010/01/31 01:02:13 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\PeerNetworking
[2009/06/19 16:10:19 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Radical Software Ltd
[2010/08/03 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Sierra Wireless
[2009/03/29 19:29:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Template
[2010/08/15 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\uTorrent
[2009/03/31 19:13:36 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\WildTangent
[2010/08/10 20:34:13 | 000,054,784 | ---- | M] () -- C:\Windows\Tasks\d2.exe
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\Tasks\ID.Conf
[2010/08/23 03:00:33 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/12 21:17:47 | 001,619,968 | -HS- | M] () -- C:\Windows\Tasks\sqlservr.exe
[2010/08/24 18:09:59 | 000,000,444 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 22:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/08/24 17:35:32 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2010/08/24 17:35:27 | 042,881,023 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< End of report >

OTL Extras logfile created on: 8/24/2010 5:58:25 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\pj\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 359.70 Gb Total Space | 117.66 Gb Free Space | 32.71% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 1.59 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LOVEBOX-PC
Current User Name: pj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Wyzo\wyzo.exe File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Wyzo\wyzo.exe File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Wyzo\wyzo.exe" -requestPending -osint -url "%1" File not found
https [open] -- "C:\Program Files (x86)\Wyzo\wyzo.exe" -requestPending -osint -url "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Wyzo\wyzo.exe" -requestPending -osint -url "%1" File not found
https [open] -- "C:\Program Files (x86)\Wyzo\wyzo.exe" -requestPending -osint -url "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMux.exe" = C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMux.exe" = C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{195196ED-4C76-4A77-8F8A-EB3AF3B6222F}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{3636BDB7-7FF2-4548-9F62-67ECCAEDB9D0}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{395899C9-893C-49E5-B04C-D85AD81AB0A5}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{3E27721C-84C6-499B-BEE8-B93AF2204590}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{482BF60A-0250-4E91-B1C2-B3C9C62D1043}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4A67287D-0CE3-47DD-B4D8-98F44775E3C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79F6FA73-1333-4A2D-895C-0F916168490A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0CF1E5C-C95F-42D3-93C1-605DFCEB13C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6EC10CA-D524-4D43-A4F9-8647D0400F81}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CF102D2A-723F-4E80-8A78-598755502247}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E467FDF9-ABA2-4214-825D-DBA689E9799B}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{E75823B7-146A-4DCC-AD9E-690983E2E8EE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F41937A0-FDAE-4CB7-9F8F-AEEE2C6E15A4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10EA42D7-5076-4E95-BD32-A24930C93AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{136236EE-F48A-4917-A7B9-D864EC9096F7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{23CEF153-7296-46DD-8085-B331D9C2A236}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{2D720E0B-FB17-4C8A-9F86-B55938CFA8A9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{2EC43627-4F58-41C0-8F0A-8690EF36E912}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{2FC9AAB6-53FC-4610-B5C8-73E124CEDBB3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{3131DB8D-D1AC-477E-9E2B-F2B4AD427485}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3E769435-6F2E-4AF5-93F3-D8CCDDB06FBB}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{3F316DF5-3C9C-4269-B7E4-52D6C81C870B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{41060E1F-724D-4670-B4B4-592C26D585AB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{4E2CB1D0-C482-4733-A1AC-FBE3BCAF23E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{65C57611-D755-4AF4-B91C-ED4909C2B229}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{6B381667-28F5-410E-858E-AF77B97E37FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{6D35107D-97D1-482D-B1E0-D57B848A9715}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{78BCB669-7D38-469D-8A51-CB6E739EFF11}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{87E9D799-2AB1-4FD2-A1F7-5852E5E87784}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8E941D9A-852A-4A7F-8F77-0B5B357A0EDE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{91820F76-C518-4200-9F07-178C4C726271}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{933A2036-E3A9-43FD-8008-BD550C5D9A49}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{95171EE7-D4C7-4817-A5C7-1E5F4350EE17}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{99755D0A-7DD7-4DAA-A220-71B68108E289}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A836AEC0-8F0C-49AB-BF20-F58383B181C6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D29BC6DD-7394-4906-B9CA-5D0816804783}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E2634B84-8172-400C-AB28-7BB504CDDA52}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{F133D1A0-49DD-4134-BDDF-BE26DFBE5F7B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2350ADE-1680-4C23-9FB0-4DA931E77B72}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{F737D706-453E-4972-B2B2-10CD3C28BF42}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"TCP Query User{221589A8-7CCD-4AC7-95BD-401024232B83}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{69CBC5E4-83CF-4547-A13A-BD2F5890D099}C:\users\pj\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pj\program files (x86)\dna\btdna.exe |
"TCP Query User{6F9555B3-746E-4627-B6CE-BBE586826E86}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{0EB83256-E4D5-4B20-91C5-D30ADBD5E3E8}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{985DDE84-757D-4573-AB8F-00F5D0FC20CB}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{9D53AE2E-CD7F-4647-A128-64F7AFF411A7}C:\users\pj\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pj\program files (x86)\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4BAD5736-35B9-F84D-9E1A-597F1B78FF44}" = ccc-utility64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7510991E-FE80-7466-2E31-561B52059618}" = ATI Catalyst Install Manager
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CC591B40-F733-4731-9240-CE86FA34532C}" = CLEAR Connection Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PDF-XChange 3_is1" = PDF-XChange 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{07E785BF-510A-AA43-084E-FF06B3CE8C4C}" = CCC Help Chinese Standard
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EB0FE7A-7F29-09CE-F716-DB898F9AAC4D}" = Hilton Head Island Vacation Planner 2009
"{129EE758-124A-593C-1EBE-9A2D3A100316}" = Catalyst Control Center Localization Czech
"{13C300AF-179C-7350-77E0-61D5566AF864}" = Catalyst Control Center Graphics Full New
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{14BF164E-80A4-422E-BE43-39FB759666C2}_is1" = Avi to Mpeg 2.3
"{1545BCD9-DC1A-579C-FB16-170FBE27101D}" = Catalyst Control Center Localization French
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{159B866E-596E-2428-03DD-FF19A8495791}" = CCC Help Finnish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1740C09B-7E44-D6D5-3694-EA668878B42D}" = CCC Help Swedish
"{178B8E49-2A8E-398E-259B-273311195950}" = Catalyst Control Center Localization Chinese Traditional
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A16E615-CA3F-3F53-EF0E-AA8B5C20294A}" = CCC Help Spanish
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1E98933B-FAA4-9E26-10E4-4EB58F4C6158}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{24457508-7194-C5D8-FA37-95AA7E8461A9}" = Catalyst Control Center Localization Norwegian
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{32224A1F-AEC1-739A-5D30-537AB4495CA6}" = CCC Help Japanese
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34642316-CC37-4A01-9C14-014E283346C5}" = Catalyst Control Center Graphics Previews Common
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3604540D-3537-F7FA-726D-F1E60AEC29B4}" = CCC Help Dutch
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39ABC33D-45D6-6ED0-4D64-681F71A1B8E9}" = Skins
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{558FF444-F562-4E4C-98BD-7B20EE184D2E}" = Catalyst Control Center - Branding
"{561F720C-344E-3684-8091-ADC65B5A1C1D}" = CCC Help Czech
"{563E6B6A-A8E6-8EEA-23D5-C7B277E0E59B}" = CCC Help Italian
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A793900-4ABA-A304-6BAC-D53DAC45E051}" = CCC Help Russian
"{5BAF6C19-B082-397F-808B-68BCE9443BD8}" = Catalyst Control Center Localization Polish
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E50E217-16CA-52FE-805C-A2B28DA5B4DC}" = CCC Help Korean
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70188CEB-B52D-E085-47FF-D6CADF0D855C}" = Catalyst Control Center Localization Korean
"{71E655A4-3023-A61A-B325-DDB889CBD365}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72F7ED33-5F14-1009-5517-30DBEA2C1681}" = Catalyst Control Center Graphics Light
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775A633A-DDE9-55D5-16C1-33702198ACF4}" = Catalyst Control Center Localization German
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7933FCE0-2C5C-2026-3E9D-7538A4C6CE67}" = CCC Help Portuguese
"{79719B38-DB69-9384-A52C-EA873A218072}" = Catalyst Control Center Localization Russian
"{79B44DF5-311C-99EC-470A-6558280DDBA4}" = CCC Help Polish
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7D512381-4BE8-AA6B-6D72-50A50DFF3C7B}" = Catalyst Control Center Localization Spanish
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7F753BCE-0775-A20F-C570-B35FABC3E5A6}" = CCC Help Hungarian
"{80161382-D1D4-A6B8-7972-1946882556C7}" = Catalyst Control Center Core Implementation
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{86F167DF-4007-A205-B420-BA5FFC6848D0}" = CCC Help Danish
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_WebDesigner_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{903B9154-FA33-61C4-5DBF-E22DB6CD02E4}" = Catalyst Control Center Localization Dutch
"{94369BC3-9ED5-9E95-F5AC-A5D747AFD50E}" = Catalyst Control Center Localization Thai
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99543043-20E1-5C4C-02E9-4579AA3E407C}" = Catalyst Control Center Graphics Previews Vista
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0E723B5-F219-1BA4-8E0F-E40AEF252CCB}" = Catalyst Control Center Localization Hungarian
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5AACBDB-7E50-6374-B1CA-BCC6DF7224C0}" = Catalyst Control Center Localization Greek
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A6C6F036-951A-532F-8BBE-D584E74C728E}" = CCC Help English
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD0CC7C0-2C63-1067-4F50-02F505D1D225}" = CCC Help Chinese Traditional
"{AD1963C9-501D-785F-8ADF-12668D9D7D6C}" = Catalyst Control Center Localization Finnish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7382BC7-D988-F92B-9EA0-96A057DB9711}" = CCC Help French
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B03499-F61D-FBA7-AEDE-E6CDAE983F2D}" = Catalyst Control Center Localization Italian
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAE19D51-2DC4-8154-DE72-EB78CAC7F08F}" = Catalyst Control Center Localization Swedish
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C0B31026-FA56-5F14-71B4-E956C83E6853}" = Catalyst Control Center Localization Portuguese
"{C32CD965-A0AF-19B7-C5D5-D314876762A4}" = Catalyst Control Center Localization Chinese Standard
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4ACD120-3F6C-D6C8-DC37-DDE0B77DCA2E}" = Catalyst Control Center Localization Japanese
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C88B6B79-A659-4DE5-0B4A-6FEEF9FA674F}" = Catalyst Control Center Graphics Full Existing
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7928776-A89D-C7DA-DAF3-9B7FB1D9FA76}" = CCC Help German
"{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}" = Mindjet MindManager 8
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF5E415F-71F2-CA46-A83D-5D4118939852}" = Catalyst Control Center Localization Danish
"{E1A4C03E-881C-128E-921C-A9D9F940E29F}" = Catalyst Control Center InstallProxy
"{E2D528DA-70E6-D634-47C8-BF80B59CC7EE}" = CCC Help Norwegian
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7DEB529-C2EF-DD45-DB4A-FA94F553D71C}" = Catalyst Control Center Localization Turkish
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F1DC3E29-B4F1-7969-900E-376D258F1D1D}" = CCC Help Thai
"{FB4C6AF2-315B-B351-8DA9-54F752B519BB}" = CCC Help Greek
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5ad632fd59bce047a4bca431edf41444.8A83BD0BE459142F50C111755484E359D8DBFFF2.1" = Hilton Head Island Vacation Planner 2009
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player 10 ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Ask Toolbar_is1" = Ask Toolbar
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.1
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Darkened Skye" = Darkened Skye
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"UnityWebPlayer" = Unity Web Player
"WebDesigner" = Microsoft Expression Web
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 25 August 2010 - 06:12 AM

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=============
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 graydj

graydj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 26 August 2010 - 08:18 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4481

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

8/25/2010 10:11:25 PM
mbam-log-2010-08-25 (22-11-25).txt

Scan type: Quick scan
Objects scanned: 163464
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Wonderland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Users\D. Gray Realm\AppData\Local\Temp\~TM5B5C.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Windows\Tasks\d2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\sqlservr.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Users\D. Gray Realm\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.



KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, August 26, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 26, 2010 01:37:08
Records in database: 4145875


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Objects scanned 411928
Threats found 7
Infected objects found 11
Suspicious objects found 0
Scan duration 06:36:24

File name Threat Threats count
C:\Users\D. Gray Realm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8ZQ95F6\game[1].exe Infected: Backdoor.Win32.Bredolab.hfm 1

C:\Users\D. Gray Realm\AppData\Local\Temp\jar_cache1633008978422030232.tmp Infected: Trojan-Downloader.Java.Agent.al 1

C:\Users\D. Gray Realm\AppData\Local\Temp\jar_cache5323272405556286371.tmp Infected: Trojan-Downloader.JS.Agent.fns 1

C:\Users\D. Gray Realm\AppData\Local\Temp\jar_cache8697112951327404030.tmp Infected: Exploit.Java.CVE-2009-3867.d 1

C:\Users\D. Gray Realm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-6e421bf2 Infected: Exploit.Java.Agent.f 1

C:\Users\D. Gray Realm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\24118b7c-64c0846f Infected: Trojan-Downloader.Java.Agent.al 1

C:\Users\Public\Favorites\alg.exe Infected: Trojan.Win32.Agent.elmx 1

C:\Users\Wonderland\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-2ae22c4b Infected: Exploit.Java.Agent.bu 2

C:\Users\Wonderland\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-4f0e8b9a Infected: Exploit.Java.Agent.bu 1

C:\Users\Wonderland\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\752509ab-7dfd5cf3 Infected: Exploit.Java.Agent.bu 1

Selected area has been scanned.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 26 August 2010 - 01:19 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :Files
    C:\Users\D. Gray Realm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N8ZQ95F6\game[1].exe
    C:\Users\D. Gray Realm\AppData\Local\Temp\jar_cache1633008978422030232.tmp
    C:\Users\D. Gray Realm\AppData\Local\Temp\jar_cache5323272405556286371.tmp
    C:\Users\D. Gray Realm\AppData\Local\Temp\jar_cache8697112951327404030.tmp
    C:\Users\D. Gray Realm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-6e421bf2
    C:\Users\D. Gray Realm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\24118b7c-64c0846f
    C:\Users\Public\Favorites\alg.exe
    C:\Users\Wonderland\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\743fee9f-2ae22c4b
    C:\Users\Wonderland\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\187b0ca2-4f0e8b9a
    C:\Users\Wonderland\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\752509ab-7dfd5cf3

    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Follow up scan=================================
After reboot let me know how things are running?
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 graydj

graydj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 26 August 2010 - 06:27 PM

To give a little background info, since the introduction of this situation I've experienced bank fraud from debit purchases. So we have to be doubley sure we've cleaned this thing out and there aren't any backdoors still kicked in on this machine.


Files\Folders moved on Reboot...
C:\Users\pj\AppData\Local\Temp\Low\AskBarDis\bar\History\search moved successfully.
C:\Users\pj\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Users\pj\AppData\Local\Temp\~DF379C.tmp not found!
File\Folder C:\Users\pj\AppData\Local\Temp\~DF37AC.tmp not found!
File\Folder C:\Users\pj\AppData\Local\Temp\~DF38BC.tmp not found!
File\Folder C:\Users\pj\AppData\Local\Temp\~DF38CB.tmp not found!
File\Folder C:\Users\pj\AppData\Local\Temp\~DF3958.tmp not found!
File\Folder C:\Users\pj\AppData\Local\Temp\~DF3967.tmp not found!
C:\Users\pj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7CDNQ4ZP\iframe[1].htm moved successfully.
C:\Users\pj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3DYP4JEL\topic340292[1].htm moved successfully.
C:\Users\pj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\Wonderland\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YHTTXX36\content_oceania;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=The+Temper+Trap+video+us+version;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=8897192833786748[1] not found!
File\Folder C:\Users\Wonderland\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VASSJH17\7FXxkvcAesAApkn%2FB%3Dg.N0F9j8fcY-%2FJ%3D1272709611295334%2FK%3DQ3JTVuaQaoQ5OazWvp389A%2FA%3D5761137%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mc456.mail.yahoo.com%2Fmc%2Fmd[1].htm not found!
File\Folder C:\Users\Wonderland\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VASSJH17\7FXxkvcAR4AB.Qh%2FB%3D6Q1UH2KJiUg-%2FJ%3D1272709406546010%2FK%3DtG7.FzEQb0NQ6gBwa.MeoA%2FA%3D5761138%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mc456.mail.yahoo.com%2Fmc%2Fmd[1].htm not found!
File\Folder C:\Users\Wonderland\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EO0T8G2X\7FXxkvcEaMADuIA%2FB%3D1gvCH0PDhC4-%2FJ%3D1272713636005900%2FK%3DgG2j9UuV6rWjX29cZBJfdA%2FA%3D5761137%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mc456.mail.yahoo.com%2Fmc%2Fmd[1].htm not found!
File\Folder C:\Users\Wonderland\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EO0T8G2X\ontent_oceania;sz=300x250;klg=en;kt=K;kga=-1;kr=F;kw=The+Temper+Trap+video+us+version;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;tile=1;dcopt=ist;ord=800026831740522[1].4 not found!
File\Folder C:\Users\Wonderland\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EO0T8G2X\QlM5VjhNUWtQQ0dlcGpxSSwmc29ydD1kYXRlJm9yZGVyPWRvd24mc3RhcnRNaWQ9MjUmaGFzaD1iY2UyMTZkY2NlNjI5ZWMxZWQzMWNjNGIwNjk2NzBkMiYuanNyYW5kPTI0MTg3NjgEdmlzaWJsZQMwBHd0AzAuMjUyMzMx[1] not found!

Registry entries deleted on Reboot...


OTL logfile created on: 8/26/2010 7:19:44 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\pj\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 359.70 Gb Total Space | 124.68 Gb Free Space | 34.66% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 1.66 Gb Free Space | 12.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LOVEBOX-PC
Current User Name: pj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\pj\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMuxCdma.exe (Sierra Wireless, Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
PRC - C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\pj\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msvcr100_clr0400.dll (Microsoft Corporation)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll (Microsoft Corporation)
MOD - C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe ()
SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (CLEARWIRERcAppSvc) -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CACLEARWIRE) -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (SMSI Device Launch Service) -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe ()
SRV - (clearwireDeviceDiagnosticsService) -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys ()
DRV:64bit: - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\SysNative\DRIVERS\swmx00.sys ()
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\DRIVERS\swmsflt.sys ()
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.SYS ()
DRV:64bit: - (bcm) -- C:\Windows\SysNative\DRIVERS\drxvi314_64.sys ()
DRV:64bit: - (bcmbusctr) -- C:\Windows\SysNative\DRIVERS\BcmBusCtr_64.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys ()
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys ()
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys ()
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:01:30 | 000,000,000 | ---D | M]

[2009/06/19 16:10:22 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions
[2009/06/19 16:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions
[2009/09/02 19:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pj\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applicatio...torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.22.7.12 75.94.255.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O24 - Desktop BackupWallPaper: C:\Users\Wonderland\Pictures\2009-07-23\045.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\Auto\command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\AutoRun\command - "" = C:\Windows\SysWow64\shell32.dll -- [2010/07/26 12:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{00cdf871-1ccf-11de-8773-00235a24ac4c}\Shell\explore\Command - "" = G:\autorun.bat -- File not found
O33 - MountPoints2\{1ee4e6ef-db58-11de-a91b-00235a24ac4c}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell - "" = AutoRun
O33 - MountPoints2\{e89d5954-ffc4-11de-824f-00235a24ac4c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/26 19:01:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/25 22:28:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/25 22:01:19 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\pj\Desktop\mbam-setup-1.46.exe
[2010/08/24 18:26:16 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\WinRAR
[2010/08/24 17:50:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/12 01:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/08/12 01:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/08/12 01:42:32 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Real
[2010/08/11 01:48:31 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/10 18:04:55 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/10 18:04:52 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/10 18:04:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/10 18:04:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/10 18:04:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/10 18:04:09 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/10 18:04:09 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/10 18:04:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/10 18:04:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/10 18:04:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/10 18:04:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/10 18:04:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/10 18:04:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/07 08:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/04 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\hpqLog
[2010/08/04 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2010/08/03 19:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
[2010/08/03 19:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clearwire
[2010/08/03 19:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Clearwire
[2010/08/03 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Clearwire
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2010/08/03 19:39:05 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Sierra Wireless

========== Files - Modified Within 30 Days ==========

[2010/08/26 19:20:00 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A924743-178D-4F33-9EDB-2E030881F3C0}.job
[2010/08/26 19:19:35 | 002,359,296 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT
[2010/08/26 19:13:59 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWonderland.job
[2010/08/26 19:12:48 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 19:12:48 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 19:12:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/26 19:12:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/26 19:12:29 | 4024,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 19:11:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/26 19:11:12 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/26 19:11:11 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/26 19:11:04 | 003,240,416 | -H-- | M] () -- C:\Users\pj\AppData\Local\IconCache.db
[2010/08/26 09:14:15 | 000,005,063 | ---- | M] () -- C:\Users\pj\Desktop\Kapersky Online Scan.html
[2010/08/25 22:14:45 | 000,006,836 | ---- | M] () -- C:\Users\pj\AppData\Local\d3d9caps.dat
[2010/08/25 22:02:19 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 22:01:39 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\pj\Desktop\mbam-setup-1.46.exe
[2010/08/24 17:50:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\pj\Desktop\OTL.exe
[2010/08/15 20:26:11 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/15 20:26:11 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/15 20:26:11 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/12 18:54:55 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 17:16:00 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 17:16:00 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/11 01:48:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/08/11 01:41:13 | 002,321,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/08 10:19:35 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 09:56:27 | 000,000,082 | ---- | M] () -- C:\Windows\tasks\ID.Conf
[2010/08/07 09:00:12 | 000,524,288 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 09:00:12 | 000,065,536 | -HS- | M] () -- C:\Users\pj\NTUSER.DAT{fdb6a632-9450-11df-8b12-00235a24ac4c}.TM.blf
[2010/08/04 19:11:29 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | M] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk

========== Files Created - No Company Name ==========

[2010/08/26 09:14:15 | 000,005,063 | ---- | C] () -- C:\Users\pj\Desktop\Kapersky Online Scan.html
[2010/08/25 22:02:19 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/12 18:52:07 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 18:52:07 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{bb0877d5-a662-11df-b05c-00a0d5202c04}.TM.blf
[2010/08/10 18:05:12 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/10 18:05:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/10 18:05:06 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/10 18:04:58 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/10 18:04:55 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/10 18:04:48 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/10 18:04:28 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/10 18:04:27 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/10 18:04:26 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/10 18:04:23 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/10 18:04:20 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/10 18:04:19 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/10 18:04:19 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/10 18:04:19 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/10 18:04:18 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/10 18:04:12 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/10 18:04:12 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/10 18:04:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/10 18:04:11 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/10 18:04:10 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/10 18:04:10 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/10 18:04:09 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/10 18:04:09 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/10 18:04:09 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/10 18:04:07 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/10 18:04:07 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/10 18:04:06 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/10 18:04:04 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/10 18:03:59 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/08 10:19:29 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000002.regtrans-ms
[2010/08/08 10:19:28 | 000,524,288 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 10:19:28 | 000,065,536 | -HS- | C] () -- C:\Users\pj\NTUSER.DAT{8c4f0fa0-a2f3-11df-b391-00a0d5202c04}.TM.blf
[2010/08/08 09:56:27 | 000,000,082 | ---- | C] () -- C:\Windows\tasks\ID.Conf
[2010/08/04 18:56:36 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForD. Gray Realm.job
[2010/08/04 04:17:57 | 000,001,866 | ---- | C] () -- C:\Users\pj\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/03 19:53:53 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\CLEAR Connection Manager.lnk
[2010/08/03 19:42:57 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\drivers\macxvi.cfg
[2010/08/03 01:25:05 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/03/05 01:51:33 | 000,419,336 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5A86.txt
[2010/03/05 01:51:31 | 000,011,602 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5A86.txt
[2010/01/31 01:02:14 | 000,023,604 | ---- | C] () -- C:\Users\pj\AppData\Roaming\UserTile.png
[2010/01/30 00:54:18 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/27 10:07:16 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/07/19 23:47:09 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/06/19 16:09:37 | 000,425,816 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistMSI5ED4.txt
[2009/06/19 16:09:36 | 000,014,472 | ---- | C] () -- C:\Users\pj\AppData\Local\dd_vcredistUI5ED4.txt
[2009/04/02 13:41:18 | 000,031,744 | ---- | C] () -- C:\Users\pj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/29 23:21:14 | 000,006,836 | ---- | C] () -- C:\Users\pj\AppData\Local\d3d9caps.dat
[2009/03/29 19:29:20 | 000,000,374 | ---- | C] () -- C:\Users\pj\AppData\Roaming\wklnhst.dat
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\QSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\DSwitch.txt
[2009/03/29 19:18:20 | 000,000,000 | ---- | C] () -- C:\Users\pj\AppData\Local\AtStart.txt
[2009/01/29 18:52:06 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/29 18:51:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/29 18:51:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/29 18:50:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/29 18:47:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/23 05:36:50 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 05:27:23 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 05:24:31 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 05:22:26 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 27 August 2010 - 06:16 AM

I understand and if I had experienced those things it would be wise to reformat the system but you are not too infected from the logs just some leftovers.

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\SysNative\userinit.exe
C:\Windows\SysNative\shell32.dll


This will produce a report after the scan is complete, please copy and paste those results in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 graydj

graydj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 27 August 2010 - 06:20 PM

Well, I tried both sites and when entering the copied paths into browse.... the cpu said that the neither path exist. So.... what next? Are they making themselves hidden or have they done seppuku?

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 28 August 2010 - 09:41 AM

I would like to try another scanner.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
  • (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply, please include the following:
Dr. Web.cvs
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 graydj

graydj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 29 August 2010 - 03:55 PM

It took almost a day to finish the complete scan, and now having trouble pulling up the report. I saved the scan log, and the three infected filed that were found [alg; descript.ion; gameconsoleservice] were placed in Quarantine folder under DoctorWeb. I saved the log, but I only see a massive "CureIt" notepad file, no "Dr. Web.cvs." I don"t think I can begin to put the whole text into a reply, but here is the first part before it lists every single file that is OK.

=============================================================================
Dr.Web Scanner for Windows v6.00.04 (6.00.04.08230)
© Doctor Web, Ltd., 1992-2010
Log generated on: 2010-08-28, 17:39:30 [LOVEBOX-PC][pj]
Command line: "C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\b6749_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows Vista Premium x64/WOW (Build 6001), Service Pack 1
=============================================================================
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\4676a8e2 - 771 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\585f9fc1 - 5843 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\58da6d97 - 7873 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\542fabe0 - 6904 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\57854191 - 6503 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\3401b585 - 9823 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\ce77f3eb - 7572 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\fdb420c1 - 6996 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\518209bf - 16360 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\f103872b - 29168 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\f801d722 - 34202 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\dcb5e43a - 28292 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\f84227c2 - 27164 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\f880d953 - 25131 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\c79463b8 - 31464 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\42e3ad17 - 18281 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\e3244da4 - 18009 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\4a572780 - 24685 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\0a40aa91 - 13715 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\28a83a0f - 16025 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\dfaa6ddd - 15644 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\b22f1f4e - 23265 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\3c82ea5b - 23135 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\5b207e6c - 20510 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\461e0c27 - 25475 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\b0e4d2c5 - 16298 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\dd5fb22b - 19357 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\5e31b6ac - 18381 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\339ddcf0 - 19562 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\dcbf128c - 27102 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\a124eec0 - 21223 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\689d259b - 26228 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\4ad0032e - 23251 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\524f98c3 - 14982 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\ee248de4 - 17748 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\9a8c2372 - 18725 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\3173aaa2 - 18429 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\ed3b3cea - 6228 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\4006caea - 142240 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\113bd9f9 - 66726 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\7a27b992 - 24512 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\86640b1b - 82762 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\79287198 - 508543 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\3f69f156 - 919 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\d6259a65 - 1959 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\d0207e8b - 2033 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\9cb9f404 - 1812 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\1a217c9b - 1738 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\f7b09700 - 1885 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\9294186b - 2091 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\fa80dcaa - 1569 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\f5eecf4e - 1834 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\2ba10eba - 1610 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\7bf6b324 - 2297 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\58f20b40 - 2110 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\daadc9e8 - 2007 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\ee4db81f - 2370 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\64d298da - 2241 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\22c8b4d3 - 2596 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\8d079efc - 2024 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\07939916 - 1609 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\9e5db02f - 1471 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\5766027a - 1445 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\5860581b - 1895 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\55d0d8ca - 2312 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\8db39646 - 3006 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\fc58d3ad - 2146 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\630290a2 - 1714 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\0287db6a - 2095 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\af4f66fd - 2715 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\ad7bb4ef - 2545 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\e4bf12a0 - 2801 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\a7090048 - 6197 virus records
[Virus database] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\b9015d1c - 28348 virus records
Total virus records: 1608501
[Self-checking] C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\b6749_xp.exe
Key file: C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\setup.key
License key number: 0014068946
Registered to: An unauthorized User
License key activates on: 2010-03-16
License key expires on: 2010-09-16
Process in memory: C:\Windows\System32\smss.exe:444 - OK
Process in memory: C:\Windows\System32\csrss.exe:576 - OK
Process in memory: C:\Windows\System32\wininit.exe:668 - OK
Process in memory: C:\Windows\System32\csrss.exe:688 - OK
Process in memory: C:\Windows\System32\services.exe:724 - OK
Process in memory: C:\Windows\System32\lsass.exe:736 - OK
Process in memory: C:\Windows\System32\lsm.exe:744 - OK
Process in memory: C:\Windows\System32\winlogon.exe:828 - OK
Process in memory: C:\Windows\System32\svchost.exe:928 - OK
Process in memory: C:\Windows\System32\svchost.exe:1004 - OK
Process in memory: C:\Windows\System32\svchost.exe:276 - OK
Process in memory: C:\Windows\System32\Ati2evxx.exe:384 - OK
Process in memory: C:\Windows\System32\svchost.exe:452 - OK
Process in memory: C:\Windows\System32\svchost.exe:12 - OK
Process in memory: C:\Windows\System32\svchost.exe:712 - OK
Process in memory: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\stacsv64.exe:684 - OK
Process in memory: C:\Windows\System32\svchost.exe:1320 - OK
Process in memory: C:\Windows\System32\SLsvc.exe:1340 - OK
Process in memory: C:\Windows\System32\svchost.exe:1376 - OK
Process in memory: C:\Windows\System32\Ati2evxx.exe:1444 - OK
Process in memory: C:\Windows\System32\hpservice.exe:1524 - OK
Process in memory: C:\Windows\System32\svchost.exe:1592 - OK
Process in memory: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe:1708 - OK
Process in memory: C:\Windows\System32\wlanext.exe:1768 - OK
Process in memory: C:\Windows\System32\spoolsv.exe:2040 - OK
Process in memory: C:\Windows\System32\svchost.exe:1288 - OK
Process in memory: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe:2080 - OK
Process in memory: C:\Windows\System32\agr64svc.exe:2096 - OK
Process in memory: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe:2124 - OK
Process in memory: C:\Program Files (x86)\Bonjour\mDNSResponder.exe:2144 - OK
Process in memory: C:\Windows\System32\svchost.exe:2184 - OK
Process in memory: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe:2268 - OK
Process in memory: C:\Windows\System32\svchost.exe:2400 - OK
Process in memory: C:\Program Files (x86)\SMINST\BLService.exe:2416 - OK
Process in memory: C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe:2464 - OK
Process in memory: C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe:2552 - OK
Process in memory: C:\Windows\System32\dwm.exe:2608 - OK
Process in memory: C:\Windows\System32\taskeng.exe:2628 - OK
Process in memory: C:\Windows\explorer.exe:2704 - OK
Process in memory: C:\Windows\System32\svchost.exe:2748 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe:2772 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe:2804 - OK
Process in memory: C:\Windows\System32\svchost.exe:2832 - OK
Process in memory: C:\Windows\System32\SearchIndexer.exe:2868 - OK
Process in memory: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:2068 - OK
Process in memory: C:\Program Files\IDT\WDM\sttray64.exe:2500 - OK
Process in memory: C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe:2636 - OK
Process in memory: C:\Program Files\Windows Defender\MSASCui.exe:2688 - OK
Process in memory: C:\Program Files\Zune\ZuneLauncher.exe:2800 - OK
Process in memory: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe:2192 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe:2356 - OK
Process in memory: C:\Windows\ehome\ehtray.exe:3092 - OK
Process in memory: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE:3220 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe:3276 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:3288 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:3316 - OK
Process in memory: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:3372 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe:3600 - OK
Process in memory: C:\Program Files (x86)\Java\jre6\bin\jusched.exe:3744 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe:3764 - OK
Process in memory: C:\Windows\System32\wbem\WmiPrvSE.exe:3792 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe:3924 - OK
Process in memory: C:\Windows\ehome\ehmsas.exe:4020 - OK
Process in memory: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe:4028 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe:4060 - OK
Process in memory: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe:4088 - OK
Process in memory: C:\Windows\System32\wbem\WmiPrvSE.exe:1092 - OK
Process in memory: C:\Program Files\Alwil Software\Avast5\AvastUI.exe:3496 - OK
Process in memory: C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe:3568 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe:3460 - OK
Process in memory: C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe:3680 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe:4156 - OK
Process in memory: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe:4280 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe:4480 - OK
Process in memory: C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe:4680 - OK
Process in memory: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe:3468 - OK
Process in memory: C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe:1292 - OK
Process in memory: C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe:156 - OK
Process in memory: C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe:4592 - OK
Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe:4640 - OK
Process in memory: C:\Program Files (x86)\Clearwire\Connection Manager\SwiApiMuxCdma.exe:4880 - OK
Process in memory: C:\Windows\System32\wbem\unsecapp.exe:4884 - OK
Process in memory: C:\Program Files (x86)\Internet Explorer\iexplore.exe:4404 - OK
Process in memory: C:\Program Files (x86)\Internet Explorer\iexplore.exe:5048 - OK
Process in memory: C:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe:4336 - OK
Process in memory: C:\Program Files\Windows Media Player\wmpnscfg.exe:5164 - OK
Process in memory: C:\Program Files\Windows Media Player\wmpnetwk.exe:5208 - OK
Process in memory: C:\Windows\System32\taskeng.exe:5652 - OK
Process in memory: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe:5980 - OK
Process in memory: C:\Windows\System32\wuauclt.exe:5232 - OK
Process in memory: C:\Windows\SysWOW64\ctfmon.exe:296 - OK
Process in memory: C:\Windows\System32\taskeng.exe:5216 - OK
Process in memory: C:\Windows\SysWOW64\ctfmon.exe:2668 - OK
Process in memory: C:\Users\pj\Desktop\launch.exe:5528 - OK
Process in memory: C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\6c2545.exe:5152 - OK
Process in memory: C:\Windows\SysWOW64\ctfmon.exe:6020 - OK
Process in memory: C:\Users\pj\AppData\Local\Temp\6A8692C0-38841520-E626EAF0-7CD3B600\b6749_xp.exe:5676 - OK
[Memory scanning] No viruses found
Master Boot Record HDD1 - OK
Active OS/2 or WinNT Boot Sector HDD1 - OK
OS/2 or WinNT Boot Sector HDD1 - OK


#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 30 August 2010 - 06:47 AM

Do you have the file paths as to what was quarantined?
Was it items already removed previously by OTL,Avast?.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 graydj

graydj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 30 August 2010 - 09:26 PM

C:\Users\pj\DoctorWeb\Quarantine\alg (application)
C:\Users\pj\DoctorWeb\Quarantine\descript.ion (ION file)
C:\Users\pj\DoctorWeb\Quarantine\gameconsoleservice (application)

no clue about their origin or what they could be, except Dr. Web mentioned backdoor trojans. Should I run more scans or redo some previous scans?

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 31 August 2010 - 05:13 AM

You can run more scans but in my opinion if you have already experienced data theft it would be the safest bet to reformat you can always be sure it is safe after that.
No traces are left over.

The backdoors it found I do not see from the log layout.
Do you know which one it said was a backdoor?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 graydj

graydj
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 31 August 2010 - 12:11 PM

Unsure which one said what. When I reformat, will the cpu will lose everything on it, including custom programs and all program updates? Will the virus items or potentially bad programs be present on the backups that were saved as suggested right before the cleaning? A monthly maintainance scan with these downloaded and online resources sounds like a good idea.

Other than, you've been an epic help. Thanks! you should get a medal, or at least a beer.

Edited by graydj, 31 August 2010 - 12:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users