Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtumonde.prx


  • This topic is locked This topic is locked
10 replies to this topic

#1 nightsystem2005

nightsystem2005

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 17 August 2010 - 01:02 AM

Description of Problem: Spyware S&D can not get rid of this trojan from my registry after trying to delete them.They keep on getting detected and supposedly they are removed when I close Spybot, but the trojan stays on my laptop. I would like to stop the error messages that I get when I turn on my laptop. The error messages says that it can not find the okukupugeb.dll, and sDIVCecl.dll files. My Malwarebytes Anti-Malware removed the trojan supossedly, but the autorun still keeps coming back. I have used Norton, Autorun, SuperAntiSpywareagent, and File shredder to fix this problem. Here is my log when I removed the files from Malwarebytes Anti-Malware program.

I also tried following this guide from your website ---->Rundll.exe Virtumonde.prx error but it didn't help much. I am running Vista not XP so this guide is not the useful since I have a different OS.




Here is my laptop info
Model: HP Pavilion dv5 Notebook PC
Processor: AMD Turion™ X2 Ultra Dual-Core Mobile ZM-80 2.10GHz
Memory (RAM): 4.00 GB
System Type: 64-bit Operating System
Windows Edition: Windows Vista Home Premium

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4438

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/16/2010 8:01:36 PM
mbam-log-2010-08-16 (20-01-36).txt

Scan type: Full scan (C:|D:|E:|)
Objects scanned: 397669
Time elapsed: 1 hour(s), 52 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunbcovexijokiqova (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunosibegede (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:ProgramDataUpdateseupd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:UsersNightsystemAppDataLocalfocwgyetivopayhwshdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:UsersNightsystemAppDataLocalxnpxfodjcvygdlidshdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:UsersNightsystemAppDataRoamingMicrosoftWindowsTemplatesmemory.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
C:UsersNightsystemDesktopBittorrent StuffAdobe Photoshop CS4 Extended Keygen [ kentuckykiid ]Adobe Photoshop CS4 Keygen [ kentuckykiid ].exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:UsersNightsystemLocal SettingsApplication DataWindows Serveradmin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:UsersNightsystemTemplatesmemory.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Here is my Hijack This Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:14 PM, on 8/16/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE
C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCtrl.exe
C:Program Files (x86)Javajre6binjusched.exe
C:Program Files (x86)LinksysLinksys EasyLink AdvisorLinksys EasyLink Advisor.exe
C:Program Files (x86)Common FilesPure Networks SharedPlatformnmctxth.exe
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
C:Program Files (x86)HpHP Software Updatehpwuschd2.exe
C:Program Files (x86)Winampwinampa.exe
C:Program Files (x86)MSN ToolbarPlatform4.0.0380.1mswinext.exe
C:Program Filesfirefox.exe
C:Program Files (x86)MicrosoftSearch Enhancement PackSCServerSCServer.exe
C:UsersNightsystemDesktopautorunautoruns.exe
C:UsersNightsystemDownloadsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:Windowssystem32userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Security SuiteEngine4.2.0.12coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Security SuiteEngine4.2.0.12IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSN ToolbarPlatform4.0.0380.1npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program Files (x86)Windows LiveToolbarwltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program Files (x86)Windows LiveToolbarwltcore.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MSN ToolbarPlatform4.0.0380.1npwinext.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Security SuiteEngine4.2.0.12coIEPlg.dll
O4 - HKLM..Run: [UCam_Menu] "C:Program Files (x86)Hewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe" "C:Program Files (x86)Hewlett-PackardMediaWebcam" update "SoftwareHewlett-PackardMediaWebcam"
O4 - HKLM..Run: [UpdateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"
O4 - HKLM..Run: [UpdatePSTShortCut] "C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"
O4 - HKLM..Run: [QlbCtrl.exe] "C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start
O4 - HKLM..Run: [UpdateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"
O4 - HKLM..Run: [UpdatePDIRShortCut] "C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Javajre6binjusched.exe"
O4 - HKLM..Run: [LELA] "C:Program Files (x86)LinksysLinksys EasyLink AdvisorLinksys EasyLink Advisor.exe" /minimized
O4 - HKLM..Run: [nmctxth] "C:Program Files (x86)Common FilesPure Networks SharedPlatformnmctxth.exe"
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [Microsoft Default Manager] "C:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"
O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [GrooveMonitor] "C:Program Files (x86)Microsoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [msnmsgr] "C:Program Files (x86)Windows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [Pando Media Booster] C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [Bcovexijokiqova] rundll32.exe "C:UsersNightsystemAppDataLocalokukupugeb.dll",Startup
O4 - HKCU..Run: [Osibegede] rundll32.exe "C:UsersNightsystemAppDataLocalsDIVCecl.dll",Startup
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://syccmdfic01.pcc.edu/dana-cached/sc/...SetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:Program FilesSUPERAntiSpywareSASCORE64.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_bd5387daAESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:Windowssystem32agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:Program Files (x86)AreschatServer.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:Windowssystem32Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:Program Files (x86)BonjourmDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program Files (x86)HP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:Windowssystem32Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:Program Files (x86)LinksysLinksys UpdaterbinLinksysUpdater.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:Program Files (x86)Norton Security SuiteEngine4.2.0.12ccSvcHst.exe
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:Program Files (x86)Common FilesPure Networks SharedPlatformnmsrvc.exe
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:Program Files (x86)SMINSTBLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program Files (x86)CyberLinkShared filesRichVideo.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (file missing)
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_bd5387daSTacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:Program Files (x86)Hewlett-PackardMediaTVKernelTVTVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:Program Files (x86)Hewlett-PackardMediaTVKernelTVTVSched.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 15614 bytes

DDS scan


DDS (Ver_10-03-17.01) - NTFSX64
Run by Nightsystem at 1:56:41.96 on Tue 08/17/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1908 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k secsvcs
C:Windowssystem32Ati2evxx.exe
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_bd5387daSTacSV64.exe
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32Hpservice.exe
C:Windowssystem32Ati2evxx.exe
C:Windowssystem32svchost.exe -k NetworkService
C:WindowsSystem32spoolsv.exe
C:Windowssystem32WLANExt.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program FilesSUPERAntiSpywareSASCORE64.EXE
C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_bd5387daAESTSr64.exe
C:Windowssystem32agr64svc.exe
C:WindowsSysWOW64svchost.exe -k Akamai
C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program Files (x86)BonjourmDNSResponder.exe
C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
C:Program Files (x86)LinksysLinksys UpdaterbinLinksysUpdater.exe
C:Program Files (x86)Norton Security SuiteEngine4.2.0.12ccSvcHst.exe
C:WindowsSystem32svchost.exe -k HPZ12
C:WindowsSystem32svchost.exe -k HPZ12
C:WindowsSysWOW64java.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program Files (x86)SMINSTBLService.exe
C:Program Files (x86)CyberLinkShared filesRichVideo.exe
C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Program Files (x86)Hewlett-PackardMediaTVKernelTVTVCapSvc.exe
C:Program Files (x86)Hewlett-PackardMediaTVKernelTVTVSched.exe
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Windowssystem32SearchIndexer.exe
C:Program Files (x86)Common FilesPure Networks SharedPlatformnmsrvc.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32Dwm.exe
C:Program Files (x86)Norton Security SuiteEngine4.2.0.12ccSvcHst.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:WindowsSysWOW64DllHost.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesIDTWDMsttray64.exe
C:Program FilesLogitechGaming SoftwareLWEMon.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:Windowsehomeehtray.exe
C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE
C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCtrl.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program Files (x86)Javajre6binjusched.exe
C:Program Files (x86)LinksysLinksys EasyLink AdvisorLinksys EasyLink Advisor.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program Files (x86)Common FilesPure Networks SharedPlatformnmctxth.exe
C:Windowsehomeehmsas.exe
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
C:Program Files (x86)HpHP Software Updatehpwuschd2.exe
C:Program Files (x86)Winampwinampa.exe
C:Windowssystem32taskeng.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program Files (x86)MSN ToolbarPlatform4.0.0380.1mswinext.exe
C:Program Filesfirefox.exe
C:Program Files (x86)MicrosoftSearch Enhancement PackSCServerSCServer.exe
C:UsersNightsystemDesktopautorunautoruns.exe
C:Windowssystem32NOTEPAD.EXE
c:program fileswindows defenderMpCmdRun.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersNightsystemDownloadsdds.scr
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:windowssyswow64blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=c:windowssystem32userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program files (x86)common filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:program filesspybot - search & destroySDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:program files (x86)norton security suiteengine4.2.0.12coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:program files (x86)norton security suiteengine4.2.0.12IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program files (x86)microsoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program files (x86)microsoft officeoffice12GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program files (x86)common filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:program files (x86)msn toolbarplatform4.0.0380.1npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program files (x86)javajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program files (x86)windows livetoolbarwltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program files (x86)windows livetoolbarwltcore.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:program files (x86)msn toolbarplatform4.0.0380.1npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:program files (x86)norton security suiteengine4.2.0.12coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: &AdVantage Branding Window: {d367a4af-8202-4173-a115-9831108f1e0a} - %SystemRoot%SysWow64shdocvw.dll
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
uRun: [msnmsgr] "c:program files (x86)windows livemessengermsnmsgr.exe" /background
uRun: [Pando Media Booster] c:program files (x86)pando networksmedia boosterPMB.exe
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [Bcovexijokiqova] rundll32.exe "c:usersnightsystemappdatalocalokukupugeb.dll",Startup
uRun: [Osibegede] rundll32.exe "c:usersnightsystemappdatalocalsDIVCecl.dll",Startup
mRun: [UCam_Menu] "c:program files (x86)hewlett-packardmediawebcammuitransfermuistartmenu.exe" "c:program files (x86)hewlett-packardmediawebcam" update "softwarehewlett-packardmediaWebcam"
mRun: [UpdateLBPShortCut] "c:program files (x86)cyberlinklabelprintmuitransfermuistartmenu.exe" "c:program files (x86)cyberlinklabelprint" updatewithcreateonce "softwarecyberlinklabelprint2.5"
mRun: [UpdatePSTShortCut] "c:program files (x86)cyberlinkdvd suitemuitransfermuistartmenu.exe" "c:program files (x86)cyberlinkdvd suite" updatewithcreateonce "softwarecyberlinkPowerStarter"
mRun: [QlbCtrl.exe] "c:program files (x86)hewlett-packardhp quick launch buttonsQlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "c:program files (x86)cyberlinkpower2gomuitransfermuistartmenu.exe" "c:program files (x86)cyberlinkpower2go" updatewithcreateonce "softwarecyberlinkpower2go6.0"
mRun: [UpdatePDIRShortCut] "c:program files (x86)cyberlinkpowerdirectormuitransfermuistartmenu.exe" "c:program files (x86)cyberlinkpowerdirector" updatewithcreateonce "softwarecyberlinkpowerdirector7.0"
mRun: [SunJavaUpdateSched] "c:program files (x86)javajre6binjusched.exe"
mRun: [LELA] "c:program files (x86)linksyslinksys easylink advisorLinksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:program files (x86)common filespure networks sharedplatformnmctxth.exe"
mRun: [HP Health Check Scheduler] c:program files (x86)hewlett-packardhp health checkHPHC_Scheduler.exe
mRun: [Microsoft Default Manager] "c:program files (x86)microsoftsearch enhancement packdefault managerDefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:program files (x86)adobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program files (x86)common filesadobearm1.0AdobeARM.exe"
mRun: [QuickTime Task] "c:program files (x86)quicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program files (x86)itunesiTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:program files (x86)common filesadobecs4servicemanagerCS4ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:program files (x86)microsoft officeoffice12GrooveMonitor.exe"
mRun: [HP Software Update] c:program files (x86)hphp software updateHPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WinampAgent] "c:program files (x86)winampwinampa.exe"
StartupFolder: c:usersnights~1appdataroamingmicros~1windowsstartm~1programsstartuponenot~1.lnk - c:program files (x86)microsoft officeoffice12ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program files (x86)windows livewriterWriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~2micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~2micros~2office12REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://syccmdfic01.pcc.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program files (x86)microsoft officeoffice12GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:program files (x86)common filespure networks sharedplatformpuresp3.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~2common~1skypeSKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program files (x86)microsoft officeoffice12GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:program files (x86)common fileslightscribeLSRunOnce.exe"
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {D367A4AF-8202-4173-A115-9831108F1E0A} - No File
mRun-x64: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun-x64: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun-x64: [SysTrayApp] %ProgramFiles%IDTWDMsttray64.exe
mRun-x64: [Start WingMan Profiler] c:program fileslogitechgaming softwareLWEMon.exe /noui

================= FIREFOX ===================

FF - ProfilePath - c:usersnights~1appdataroamingmozillafirefoxprofiless4c0cokx.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:program files (x86)microsoftsearch enhancement packsearch helperfirefoxextensionsearchhelperextensioncomponentsSEPsearchhelperff.dll
FF - component: c:programdatanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}n360_4.0.0.127coffplgncomponentscoFFPlgn.dll
FF - component: c:programdatanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}n360_4.0.0.127ipsffplgncomponentsIPSFFPl.dll
FF - plugin: c:program files (x86)microsoftoffice livenpOLW.dll
FF - plugin: c:program files (x86)msn toolbarplatform4.0.0380.1npwinext.dll
FF - plugin: c:program files (x86)pando networksmedia boosternpPandoWebPlugin.dll
FF - plugin: c:program files (x86)windows livephoto galleryNPWLPG.dll
FF - plugin: c:program filespluginsnpwachk.dll
FF - plugin: c:usersnightsystemprogram files (x86)dnapluginsnpbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesextensions{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 ahcix64s;ahcix64s;c:windowssystem32driversahcix64s.sys [2008-4-15 210448]
R0 Amddfltr64;Amd Disk Lower Filter Driver;c:windowssystem32driversAmddfltr64.sys [2009-4-6 18488]
R0 SymDS;Symantec Data Store;c:windowssystem32driversn360x640402000.00csymds64.sys [2010-8-16 433200]
R0 SymEFA;Symantec Extended File Attributes;c:windowssystem32driversn360x640402000.00csymefa64.sys [2010-8-16 221232]
R1 BHDrvx64;BHDrvx64;c:programdatanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}n360_4.0.0.127definitionsbashdefs20100719.001BHDrvx64.sys [2010-7-19 945200]
R1 ccHP;Symantec Hash Provider;c:windowssystem32driversn360x640402000.00ccchpx64.sys [2010-8-16 615040]
R1 IDSVia64;IDSVia64;c:programdatanorton{0c55c096-0f1d-4f28-aaa2-85ef591126e7}n360_4.0.0.127definitionsipsdefs20100813.004IDSviA64.sys [2010-8-16 463408]
R1 mfehidk;McAfee Inc. mfehidk;c:windowssystem32driversmfehidk.sys [2009-9-25 308296]
R1 SymIRON;Symantec Iron Driver;c:windowssystem32driversn360x640402000.00cironx64.sys [2010-8-16 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:windowssystem32driversn360x640402000.00csymtdiv.sys [2010-8-16 451120]
R2 !SASCORE;SAS Core Service;"c:program filessuperantispywaresascore64.exe" --> c:program filessuperantispywareSASCORE64.EXE [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:program files (x86)hewlett-packardmediadvd000.fcl [2008-9-26 27632]
R2 AESTFilters;Andrea ST Filters Service;c:windowssystem32driverstorefilerepositorystwrt64.inf_bd5387daAESTSr64.exe [2008-12-15 89088]
R2 Akamai;Akamai NetSession Interface;c:windowssystem32svchost.exe -k Akamai [2008-1-20 27648]
R2 hpsrv;HP Service;c:windowssystem32hpservice.exe [2008-3-18 23040]
R2 LinksysUpdater;Linksys Updater;c:program files (x86)linksyslinksys updaterbinLinksysUpdater.exe [2008-4-18 204800]
R2 N360;Norton Security Suite;c:program files (x86)norton security suiteengine4.2.0.12ccsvchst.exe [2010-8-16 126392]
R2 Recovery Service for Windows;Recovery Service for Windows;c:program files (x86)sminstBLService.exe [2008-10-22 365904]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:program files (x86)hewlett-packardmediatvkerneltvTVCapSvc.exe [2008-9-24 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:program files (x86)hewlett-packardmediatvkerneltvTVSched.exe [2008-9-24 116096]
R3 enecir;ENE CIR Receiver;c:windowssystem32driversenecir.sys [2008-9-4 64000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program files (x86)common filessymantec sharedeengineEraserUtilRebootDrv.sys [2010-8-16 132656]
R3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys [2008-12-15 26168]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)spybot - search & destroysdwinsec.exe --> c:program files (x86)spybot - search & destroySDWinSec.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:windowsmicrosoft.netframework64v2.0.50727mscorsvw.exe [2009-9-11 89920]
S3 Com4QLBEx;Com4QLBEx;c:program files (x86)hewlett-packardhp quick launch buttonsCom4QLBEx.exe [2008-10-22 193840]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:program filescommon filesmacrovision sharedflexnet publisherFNPLicensingService64.exe [2010-4-21 1038088]
S3 JMCR;JMCR;c:windowssystem32driversjmcr.sys [2008-8-7 143360]
S3 mfeavfk;McAfee Inc. mfeavfk;c:windowssystem32driversmfeavfk.sys [2009-9-25 102472]
S3 mferkdk;McAfee Inc. mferkdk;c:windowssystem32driversmferkdk.sys [2009-9-25 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;c:windowssystem32driversmfesmfk.sys [2009-9-25 49480]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:windowssystem32driversNETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;c:windowssyswow64perfhost.exe [2008-1-20 19968]
S3 SynasUSB;SynasUSB;c:windowssystem32driverssynUSB64.sys [2009-3-17 31248]
S3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32driversusbaapl64.sys [2009-8-28 49152]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:windowssystem32driversyk60x64.sys [2006-11-2 273408]

============== File Associations ===============

JSEFile=c:windowssyswow64WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-17 01:07:23 0 d-----w- c:program files (x86)Malwarebytes' Anti-Malware
2010-08-16 22:15:04 0 d-----w- c:programdataSUPERAntiSpyware.com
2010-08-16 22:14:29 0 d-----w- c:programdata!SASCORE
2010-08-16 07:50:37 34152 ----a-r- c:windowssystem32driversGEARAspiWDM.sys
2010-08-16 07:50:37 126312 ----a-r- c:windowssystem32GEARAspi64.dll
2010-08-16 07:50:37 107368 ----a-r- c:windowssyswow64GEARAspi.dll
2010-08-16 07:50:34 854 ----a-w- c:windowssystem32driversSYMEVENT64x86.INF
2010-08-16 07:50:34 7440 ----a-w- c:windowssystem32driversSYMEVENT64x86.CAT
2010-08-16 07:50:34 173104 ----a-w- c:windowssystem32driversSYMEVENT64x86.SYS
2010-08-16 07:50:19 0 d-----w- c:program filesSymantec
2010-08-16 07:50:19 0 d-----w- c:program filescommon filesSymantec Shared
2010-08-16 07:49:31 0 d-----w- c:windowssystem32driversN360x64
2010-08-16 07:49:28 0 d-----w- c:program files (x86)Norton Security Suite
2010-08-16 07:49:14 0 d-----w- c:program files (x86)NortonInstaller
2010-08-16 05:56:02 0 d-----w- c:programdataUpdate
2010-08-16 02:52:41 0 d-----w- c:usersnights~1appdataroamingDVD Flick
2010-08-16 02:52:16 662288 ----a-w- c:windowssyswow64mscomct2.ocx
2010-08-16 02:52:16 609824 ----a-w- c:windowssyswow64comctl32.ocx
2010-08-16 02:52:16 40960 ----a-w- c:windowssyswow64ssubtmr6.dll
2010-08-16 02:52:16 36864 ----a-w- c:windowssyswow64trayicon_handler.ocx
2010-08-16 02:52:16 28672 ----a-w- c:windowssyswow64mousewheel.ocx
2010-08-16 02:52:16 212240 ----a-w- c:windowssyswow64richtx32.ocx
2010-08-16 02:52:16 164144 ----a-w- c:windowssyswow64comct232.ocx
2010-08-16 02:52:16 0 d-----w- c:program files (x86)DVD Flick
2010-08-11 19:17:29 81920 ----a-w- c:windowssyswow64iccvid.dll
2010-08-11 19:17:27 50688 ----a-w- c:windowssystem32rtutils.dll
2010-08-11 19:17:27 36864 ----a-w- c:windowssyswow64rtutils.dll
2010-08-11 19:17:25 343040 ----a-w- c:windowssystem32schannel.dll
2010-08-11 19:17:25 274944 ----a-w- c:windowssyswow64schannel.dll
2010-08-11 19:17:23 1869824 ----a-w- c:windowssystem32msxml3.dll
2010-08-11 19:17:22 1248768 ----a-w- c:windowssyswow64msxml3.dll
2010-08-11 19:17:20 4697992 ----a-w- c:windowssystem32ntoskrnl.exe
2010-08-11 19:15:32 1426816 ----a-w- c:windowssystem32driverstcpip.sys
2010-08-11 19:15:29 453120 ----a-w- c:windowssystem32driverssrv.sys
2010-08-11 19:15:28 175104 ----a-w- c:windowssystem32driverssrv2.sys
2010-08-11 19:15:26 2752000 ----a-w- c:windowssystem32win32k.sys
2010-08-10 00:52:05 0 d-----w- c:program files (x86)Diablo II
2010-08-09 22:17:51 0 d-----w- c:program files (x86)StarCraft
2010-08-03 09:58:14 0 d-----w- c:program files (x86)Exact Audio Copy PSP Edition
2010-08-02 19:45:47 11584512 ----a-w- c:windowssyswow64shell32.dll
2010-07-31 23:58:39 0 d-----w- c:programdataBlizzard Entertainment
2010-07-30 21:31:26 0 d-----w- c:usersnights~1appdataroamingUniblue
2010-07-30 21:27:01 0 d-----w- c:program files (x86)MediaCoder PSP Edition
2010-07-30 21:20:49 0 d-----w- c:program files (x86)Winamp Detect
2010-07-30 21:18:44 0 d-----w- c:program files (x86)Combined Community Codec Pack
2010-07-30 09:22:00 0 d-----w- c:program files (x86)FreeTime
2010-07-28 20:52:41 0 d-----w- c:usersnights~1appdataroamingAccurateRip

==================== Find3M ====================

2010-07-23 21:42:55 51200 ----a-w- c:windowsinfinfpub.dat
2010-07-23 21:42:55 143360 ----a-w- c:windowsinfinfstrng.dat
2010-07-23 21:42:17 86016 ----a-w- c:windowsinfinfstor.dat
2010-06-26 06:30:12 1147904 ----a-w- c:windowssystem32wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:windowssystem32iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:windowssystem32iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:windowssyswow64wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:windowssyswow64urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:windowssyswow64occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:windowssyswow64mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:windowssyswow64mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:windowssyswow64msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:windowssyswow64msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:windowssyswow64jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:windowssyswow64iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:windowssyswow64iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:windowssyswow64ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:windowssyswow64iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:windowssyswow64iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:windowssyswow64iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:windowssyswow64ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:windowssyswow64iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:windowssystem32ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:windowssyswow64ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:windowssyswow64ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:windowssyswow64msfeedssync.exe
2010-05-26 17:23:46 48128 ----a-w- c:windowssystem32atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:windowssyswow64atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:windowssystem32atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:windowssyswow64atmfd.dll
2010-05-21 21:14:28 270208 ------w- c:windowssystem32MpSigStub.exe
2009-09-12 21:29:53 665600 ----a-w- c:windowsinfdrvindex.dat
2009-07-25 07:26:33 38538 ----a-w- c:program filesinstall.log
2009-07-15 18:10:00 707 ----a-w- c:program filesupdater.ini
2009-07-15 18:10:00 6 ----a-w- c:program filesupdate.locale
2009-07-15 18:10:00 583 ----a-w- c:program filescrashreporter-override.ini
2009-07-15 18:10:00 478 ----a-w- c:program filessoftokn3.chk
2009-07-15 18:10:00 478 ----a-w- c:program filesfreebl3.chk
2009-07-15 18:10:00 3801 ----a-w- c:program filescrashreporter.ini
2009-07-15 18:10:00 249856 ----a-w- c:program filesfreebl3.dll
2009-07-15 18:10:00 232 ----a-w- c:program filesbrowserconfig.properties
2009-07-15 18:10:00 155648 ----a-w- c:program filessoftokn3.dll
2009-07-15 18:10:00 112 ----a-w- c:program filesold-homepage-default.properties
2009-07-15 18:09:58 31393 ----a-w- c:program filesLICENSE
2009-07-15 18:09:58 2126 ----a-w- c:program filesapplication.ini
2009-07-15 18:09:58 2067 ----a-w- c:program filesblocklist.xml
2009-07-15 18:09:58 181 ----a-w- c:program filesREADME.txt
2009-07-15 18:09:58 141 ----a-w- c:program filesplatform.ini
2008-01-21 03:21:59 174 --sha-w- c:program filesdesktop.ini
2008-01-21 03:21:59 174 --sha-w- c:program files (x86)desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2010-04-09 16:31:05 245760 --sha-w- c:windowsserviceprofileslocalserviceappdataroamingmicrosoftwindowsietldcacheindex.dat
2008-10-22 17:55:26 8192 --sha-w- c:windowsusersdefaultNTUSER.DAT

============= FINISH: 1:58:30.95 ===============

DDS Attach file:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: DeviceHarddiskVolume1
Install Date: 12/15/2008 1:35:01 AM
System Uptime: 8/16/2010 8:03:08 PM (5 hours ago)

Motherboard: Quanta | | 3600
Processor: AMD Turion™ X2 Ultra Dual-Core Mobile ZM-80 | Socket M2/S1G1 | 2100/1800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 360 GiB total, 107.574 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.974 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT*6TO4MP0005
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT*6TO4MP0005
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT*TUNMP0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT*TUNMP0001
Service: tunmp

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: AYLOMNPN IDE Controller
Device ID: ACPIPNPA0004&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: AYLOMNPN IDE Controller
PNP Device ID: ACPIPNPA0004&5D18F2DF&0
Service: art8ibm6

==== System Restore Points ===================


==== Installed Programs ======================

4500_Help
7-Zip 4.65
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AGEIA PhysX v7.11.13
Akamai NetSession Interface
AMD USB Audio Driver Filter
Apple Application Support
Apple Software Update
Ares 2.0.9
Ares Vista 3.0.9.9002
ASIO4ALL
Atheros Driver Installation Program
BitTorrent
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Chipamp
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2009-09-09
Comical 0.8
Compatibility Pack for the 2007 Office system
Condition Zero
Connect
Counter-Strike: Source
CyberLink DVD Suite
Diablo II
DNA
DocProc
DocProcQFolder
DVD Flick 1.3.0.7
ESU for Microsoft Vista
Exact Audio Copy PSP Edition 1.0
Fax
Free DVD Ripper Version 2.25
FrostWire 4.18.6
Guitar Pro 5.2
Half-Life®
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart TV
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons 6.40 J1
HP Total Care Advisor
HP Update
HP User Guides 0128
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPTCSSetup
IDT Audio
J4500
Java™ 6 Update 15
Java™ 6 Update 3
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller
Juniper Networks Setup Client
Junk Mail filter update
Juno Preloader
kuler
LabelPrint
LightScribe System Software 1.14.17.1
LinksysEasyLinkAdvisor
Logitech Gaming Software 64
Malwarebytes' Anti-Malware
MediaCoder PSP Edition
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.5.1)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Norton Security Suite
OpenAL
Pando Media Booster
Pcsx2 0.9.6
PDF Settings CS4
Photoshop Camera Raw
Power Tab Editor 1.7
Power2Go
PowerDirector
ProductContext
Pure Networks Platform
QuickTime
Real Alternative 1.9.0
Realtek 8169 8168 8101E 8102E Ethernet Driver
RebirthRO
Scan
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skins
Skype web features
Skype™ 4.1
Slingbox - Watch Your TV Anywhere
SlingPlayer
Spybot - Search & Destroy
StarCraft
Steam
Suite Shared Configuration CS4
Syncrosoft License Control
The Rosetta Stone
Toolbox
Uniblue ProcessScanner
Uniblue RegistryBooster 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VLC media player 1.1.2
VoiceOver Kit
Warhammer 40,000: Dawn of War – Dark Crusade
WebEx Support Manager for Internet Explorer
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver

==== End Of File ===========================

GMER Scan

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-17 02:45:18
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s1 771343423
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@s2 285507792
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg@h0 1
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA1 0xC0 0x3E 0x14 ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:UsersHello SandyDesktopdesktop 2DAEMON Tools Lite
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001@hdf12 0x82 0x7E 0x22 0x23 ...
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001gdq0
Reg HKLMSYSTEMCurrentControlSetServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001gdq0@hdf12 0x13 0x13 0x78 0xA8 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA1 0xC0 0x3E 0x14 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:UsersHello SandyDesktopdesktop 2DAEMON Tools Lite
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001@hdf12 0x82 0x7E 0x22 0x23 ...
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001gdq0 (not active ControlSet)
Reg HKLMSYSTEMControlSet002ServicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC00000001gdq0@hdf12 0x13 0x13 0x78 0xA8 ...

---- EOF - GMER 1.0.15 ----

Bump

Here are the pictures of the boxes that I want to get rid of from my start up.
My Norton also detects some suscipicious temp file. I also ran autorun in safe mode to see if that would get rid of the problem and it did not.
I need some help really bad and I feel that I am being ignored.

EDIT: Please be patient. There are over 390 unanswered topics in this forum at present and the current average wait time to receive help is about a week. ~BP

Attached Files


Edited by nightsystem2005, 17 August 2010 - 11:02 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:36 PM

Posted 24 August 2010 - 07:04 AM

Hello nightsystem2005

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 nightsystem2005

nightsystem2005
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 26 August 2010 - 07:46 PM

Here is the OTL.txt Scan File

OTL logfile created on: 8/26/2010 5:26:44 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Nightsystem\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360.15 Gb Total Space | 123.14 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive D: | 12.46 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMANDSANDYS
Current User Name: Nightsystem
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Nightsystem\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\mswinext.exe (Microsoft Corp.)
PRC - C:\Windows\SysWOW64\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
PRC - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Nightsystem\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\rswin_3745.dll ()
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (LinksysUpdater) -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (AresChatServer) -- C:\Program Files (x86)\Ares\chatServer.exe (Ares Development Group)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (ASPI) -- C:\Windows\SysNative\DRIVERS\ASPI32.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\DRIVERS\ahcix64s.sys (AMD Technologies Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (Amddfltr64) -- C:\Windows\SysNative\DRIVERS\Amddfltr64.sys (Advanced Micro Devices)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\SynUSB64.sys (SIA Syncrosoft)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100826.023\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100826.023\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100825.001\IDSviA64.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ASPI) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {48E72D5A-F475-48BE-A3CE-3B02AB9B50D6}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/25 15:16:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\Firefox [2009/12/31 14:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 12:33:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/16 10:55:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/16 00:51:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/13 02:57:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/20 13:41:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\components [2010/02/13 02:57:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\plugins [2010/07/30 14:20:49 | 000,000,000 | ---D | M]

[2010/04/11 18:10:49 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions
[2009/03/31 21:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
[2009/02/23 00:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/11 18:10:49 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2009/03/01 17:14:33 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/26 00:33:51 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\extensions
[2009/08/25 15:51:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/08 03:45:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/02/24 01:23:19 | 000,000,682 | ---- | M] () -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\searchplugins\ask.xml
[2009/02/23 20:16:33 | 000,001,632 | ---- | M] () -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\searchplugins\live-search.xml
[2009/07/12 12:50:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/24 23:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/16 20:36:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/07/24 23:54:41 | 000,023,032 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/07/24 23:54:41 | 000,134,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2009/07/24 23:54:42 | 000,065,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/04/03 16:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2008/09/10 12:56:44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2010/02/13 02:57:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/02/13 02:57:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/02/13 02:57:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/02/13 02:57:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/02/13 02:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/02/13 02:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/02/13 02:57:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/09/10 12:37:54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2009/02/19 12:33:08 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/02/19 12:33:08 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/02/19 12:33:08 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/02/19 12:33:08 | 000,002,343 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/02/19 12:33:08 | 000,001,706 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/02/19 12:33:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/02/19 12:33:08 | 000,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LELA] C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Bcovexijokiqova] C:\Users\Nightsystem\AppData\Local\okukupugeb.DLL File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Osibegede] C:\Users\Nightsystem\AppData\Local\sDIVCecl.DLL File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://syccmdfic01.pcc.edu/dana-cached/sc/...SetupClient.cab (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9d1e19c8-01a0-11de-9778-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9d1e19c8-01a0-11de-9778-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{b57f401f-7630-11de-8761-00238b6d996d}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
O33 - MountPoints2\{b57f401f-7630-11de-8761-00238b6d996d}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 19:24:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/08/22 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/08/22 16:44:16 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/20 01:48:40 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\Desktop\DDO standard res install files
[2010/08/19 18:03:46 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\Desktop\Incomplete
[2010/08/18 23:14:56 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\mp3fhg.acm
[2010/08/18 23:14:55 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010/08/18 23:14:55 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010/08/18 23:14:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/08/18 02:00:58 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\Apple Computer
[2010/08/17 17:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/08/17 16:58:19 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\Adobe
[2010/08/17 16:13:47 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\Sunbelt Software
[2010/08/17 16:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/08/17 14:46:16 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\Tific
[2010/08/16 18:07:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/16 18:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/16 15:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/16 15:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/08/16 04:07:41 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/08/16 04:07:41 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
[2010/08/16 04:07:37 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys
[2010/08/16 04:07:37 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
[2010/08/16 04:07:36 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
[2010/08/16 04:07:35 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys
[2010/08/16 04:07:35 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
[2010/08/16 03:55:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C
[2010/08/16 00:50:37 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/08/16 00:50:37 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/08/16 00:50:37 | 000,034,152 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/08/16 00:50:34 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/08/16 00:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/16 00:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/16 00:49:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2010/08/16 00:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2010/08/16 00:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/08/15 22:57:38 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\{48E72D5A-F475-48BE-A3CE-3B02AB9B50D6}
[2010/08/15 22:56:12 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\focwgyeti
[2010/08/15 22:56:04 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\xnpxfodjc
[2010/08/15 22:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/15 22:55:52 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\Windows Server
[2010/08/15 20:06:25 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\Documents\dvd
[2010/08/15 19:52:41 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\DVD Flick
[2010/08/15 19:52:16 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx
[2010/08/15 19:52:16 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2010/08/15 19:52:16 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx
[2010/08/15 19:52:16 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2010/08/15 19:52:16 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll
[2010/08/15 19:52:16 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx
[2010/08/15 19:52:16 | 000,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx
[2010/08/15 19:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick
[2010/08/11 12:17:29 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 12:17:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 12:17:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 12:17:20 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 12:16:26 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 12:16:23 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 12:16:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 12:16:23 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 12:16:23 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 12:16:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 12:16:22 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 12:16:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 12:16:22 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 12:16:22 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 12:16:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 12:16:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 12:16:22 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 12:16:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 12:16:22 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 12:16:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 12:16:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 12:16:22 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 12:16:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 12:16:22 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 12:16:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 12:16:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 12:16:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/09 17:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo II
[2010/08/09 15:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft
[2010/08/03 02:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exact Audio Copy PSP Edition
[2010/07/31 16:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/07/30 14:31:26 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\Uniblue
[2010/07/30 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaCoder PSP Edition
[2010/07/30 14:20:53 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\OpenCandy
[2010/07/30 14:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/07/30 14:20:36 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\Winamp
[2010/07/30 14:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010/07/30 14:18:29 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\vlc
[2010/07/30 02:22:38 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\Documents\FFOutput
[2010/07/30 02:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2010/07/28 13:52:41 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\AccurateRip
[2009/07/25 00:26:30 | 010,764,792 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2009/07/25 00:26:30 | 000,918,008 | ---- | C] (Netscape Communications Corporation) -- C:\Program Files\js3250.dll
[2009/07/25 00:26:30 | 000,908,280 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2009/07/25 00:26:30 | 000,722,424 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozcrt19.dll
[2009/07/25 00:26:30 | 000,632,312 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2009/07/25 00:26:30 | 000,428,024 | ---- | C] (sqlite.org) -- C:\Program Files\sqlite3.dll
[2009/07/25 00:26:30 | 000,316,920 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2009/07/25 00:26:30 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2009/07/25 00:26:30 | 000,244,728 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2009/07/25 00:26:30 | 000,169,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2009/07/25 00:26:30 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2009/07/25 00:26:30 | 000,136,696 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2009/07/25 00:26:30 | 000,120,312 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2009/07/25 00:26:30 | 000,103,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2009/07/25 00:26:30 | 000,103,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2009/07/25 00:26:30 | 000,087,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2009/07/25 00:26:30 | 000,020,472 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2009/07/25 00:26:30 | 000,017,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2009/07/25 00:26:30 | 000,017,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2009/07/25 00:26:30 | 000,017,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/26 17:23:15 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 17:23:15 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 17:22:59 | 012,058,624 | -HS- | M] () -- C:\Users\Nightsystem\NTUSER.DAT
[2010/08/26 17:15:54 | 002,373,400 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/08/26 13:30:53 | 000,704,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/26 13:30:53 | 000,604,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/26 13:30:53 | 000,105,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/26 13:23:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/26 13:23:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/26 13:23:02 | 4292,698,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 04:45:37 | 000,524,288 | -HS- | M] () -- C:\Users\Nightsystem\NTUSER.DAT{17800c81-2f6a-11de-8c33-00238b6d996d}.TMContainer00000000000000000001.regtrans-ms
[2010/08/26 04:45:37 | 000,065,536 | -HS- | M] () -- C:\Users\Nightsystem\NTUSER.DAT{17800c81-2f6a-11de-8c33-00238b6d996d}.TM.blf
[2010/08/26 04:45:23 | 004,116,283 | -H-- | M] () -- C:\Users\Nightsystem\AppData\Local\IconCache.db
[2010/08/25 18:26:55 | 000,007,052 | ---- | M] () -- C:\Users\Nightsystem\AppData\Local\d3d9caps.dat
[2010/08/25 18:26:43 | 000,046,592 | ---- | M] () -- C:\Users\Nightsystem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 16:46:45 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/08/20 19:39:37 | 000,001,033 | ---- | M] () -- C:\Users\Nightsystem\Desktop\Format Factory.lnk
[2010/08/20 02:50:46 | 000,001,822 | ---- | M] () -- C:\Users\Nightsystem\Desktop\mce.lnk
[2010/08/16 18:07:28 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 04:23:57 | 000,002,327 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/08/16 03:43:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2010/08/16 00:50:19 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/08/16 00:50:19 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/08/16 00:50:19 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/08/15 22:57:40 | 000,000,120 | ---- | M] () -- C:\Users\Nightsystem\AppData\Local\Dkugefu.dat
[2010/08/15 19:52:19 | 000,001,753 | ---- | M] () -- C:\Users\Nightsystem\Desktop\DVD Flick.lnk
[2010/08/12 14:40:19 | 000,654,271 | ---- | M] () -- C:\Users\Nightsystem\Documents\WR227 Comp Tech Manual.docx
[2010/08/12 14:26:49 | 000,015,122 | ---- | M] () -- C:\Users\Nightsystem\Documents\school resume.docx
[2010/08/12 03:29:23 | 003,000,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 01:00:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/12 01:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/08/11 17:47:13 | 000,714,493 | ---- | M] () -- C:\Users\Nightsystem\Documents\Quick Computer Tips Manual Guide.pptx
[2010/08/09 21:33:06 | 512,814,017 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/09 17:54:41 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2010/08/09 15:19:59 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2010/08/09 01:03:06 | 000,013,281 | ---- | M] () -- C:\Users\Nightsystem\Documents\WR227 Comp Tech Manual WC.docx
[2010/08/05 00:31:57 | 000,001,637 | ---- | M] () -- C:\Users\Nightsystem\Desktop\Paint.lnk
[2010/08/03 02:58:15 | 000,000,891 | ---- | M] () -- C:\Users\Nightsystem\Desktop\Exact Audio Copy PSP Edition.lnk
[2010/08/03 01:52:43 | 000,108,704 | ---- | M] () -- C:\Users\Nightsystem\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/01 16:17:07 | 000,054,180 | ---- | M] () -- C:\Users\Nightsystem\Documents\FinalProjectManual.docx
[2010/07/31 14:54:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNightsystem.job
[2010/07/30 14:27:07 | 000,000,968 | ---- | M] () -- C:\Users\Nightsystem\Desktop\MediaCoder PSP Edition.lnk
[2010/07/30 14:21:06 | 000,000,943 | ---- | M] () -- C:\Users\Nightsystem\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/30 14:21:06 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/30 14:20:57 | 000,000,842 | ---- | M] () -- C:\Users\Nightsystem\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/30 14:20:57 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/07/30 14:18:16 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/29 15:17:41 | 000,016,009 | ---- | M] () -- C:\Users\Nightsystem\Documents\proposalwr227.docx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/22 16:45:39 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/08/20 19:39:36 | 000,001,033 | ---- | C] () -- C:\Users\Nightsystem\Desktop\Format Factory.lnk
[2010/08/20 17:07:23 | 000,372,164 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistMSI6798.txt
[2010/08/20 17:07:22 | 000,011,170 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistUI6798.txt
[2010/08/20 02:50:46 | 000,001,822 | ---- | C] () -- C:\Users\Nightsystem\Desktop\mce.lnk
[2010/08/18 23:14:58 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/08/18 23:14:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/08/18 23:14:55 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/08/18 23:14:55 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/18 23:14:54 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/18 23:14:54 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/08/18 13:05:32 | 4292,698,112 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/16 23:02:14 | 000,015,616 | ---- | C] () -- C:\Users\Nightsystem\hijackthis.log
[2010/08/16 18:07:28 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 04:22:10 | 002,373,400 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/08/16 04:07:41 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat
[2010/08/16 04:07:41 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat
[2010/08/16 04:07:41 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/08/16 04:07:41 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/08/16 04:07:37 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
[2010/08/16 04:07:37 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
[2010/08/16 04:07:37 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat
[2010/08/16 04:07:37 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
[2010/08/16 04:07:37 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf
[2010/08/16 04:07:37 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
[2010/08/16 04:07:36 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
[2010/08/16 04:07:36 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
[2010/08/16 04:07:35 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
[2010/08/16 04:07:35 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat
[2010/08/16 04:07:35 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf
[2010/08/16 04:07:35 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
[2010/08/16 03:55:01 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/08/16 00:50:34 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/08/16 00:50:34 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/08/16 00:50:06 | 000,002,327 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/08/16 00:41:12 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\Install_NSS.job
[2010/08/15 22:57:40 | 000,000,120 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\Dkugefu.dat
[2010/08/15 19:52:19 | 000,001,753 | ---- | C] () -- C:\Users\Nightsystem\Desktop\DVD Flick.lnk
[2010/08/11 01:44:12 | 000,714,493 | ---- | C] () -- C:\Users\Nightsystem\Documents\Quick Computer Tips Manual Guide.pptx
[2010/08/09 17:52:05 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2010/08/09 15:17:51 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2010/08/05 14:50:11 | 000,013,281 | ---- | C] () -- C:\Users\Nightsystem\Documents\WR227 Comp Tech Manual WC.docx
[2010/08/05 00:31:57 | 000,001,637 | ---- | C] () -- C:\Users\Nightsystem\Desktop\Paint.lnk
[2010/08/04 02:18:54 | 000,654,271 | ---- | C] () -- C:\Users\Nightsystem\Documents\WR227 Comp Tech Manual.docx
[2010/08/03 02:58:15 | 000,000,891 | ---- | C] () -- C:\Users\Nightsystem\Desktop\Exact Audio Copy PSP Edition.lnk
[2010/08/01 16:17:04 | 000,054,180 | ---- | C] () -- C:\Users\Nightsystem\Documents\FinalProjectManual.docx
[2010/07/30 14:27:07 | 000,000,968 | ---- | C] () -- C:\Users\Nightsystem\Desktop\MediaCoder PSP Edition.lnk
[2010/07/30 14:21:06 | 000,000,943 | ---- | C] () -- C:\Users\Nightsystem\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/07/30 14:21:06 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/07/30 14:20:57 | 000,000,842 | ---- | C] () -- C:\Users\Nightsystem\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/07/30 14:20:57 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/07/30 14:18:16 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/07/01 23:28:33 | 000,363,372 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistMSI48AE.txt
[2010/07/01 23:28:32 | 000,011,138 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistUI48AE.txt
[2010/05/19 01:10:02 | 000,438,374 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistMSI2883.txt
[2010/05/19 01:10:02 | 000,012,182 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistUI2883.txt
[2010/05/02 19:42:35 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock
[2010/02/22 09:28:05 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\FnF4.txt
[2009/12/17 01:16:05 | 000,000,099 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\fusioncache.dat
[2009/12/17 01:09:08 | 000,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/11 22:12:29 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/11 22:11:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/10 23:34:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/25 00:26:32 | 000,000,707 | ---- | C] () -- C:\Program Files\updater.ini
[2009/07/25 00:26:32 | 000,000,232 | ---- | C] () -- C:\Program Files\browserconfig.properties
[2009/07/25 00:26:32 | 000,000,112 | ---- | C] () -- C:\Program Files\old-homepage-default.properties
[2009/07/25 00:26:32 | 000,000,006 | ---- | C] () -- C:\Program Files\update.locale
[2009/07/25 00:26:30 | 000,038,538 | ---- | C] () -- C:\Program Files\install.log
[2009/07/25 00:26:30 | 000,031,393 | ---- | C] () -- C:\Program Files\LICENSE
[2009/07/25 00:26:30 | 000,003,801 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2009/07/25 00:26:30 | 000,002,126 | ---- | C] () -- C:\Program Files\application.ini
[2009/07/25 00:26:30 | 000,002,067 | ---- | C] () -- C:\Program Files\blocklist.xml
[2009/07/25 00:26:30 | 000,000,583 | ---- | C] () -- C:\Program Files\crashreporter-override.ini
[2009/07/25 00:26:30 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk
[2009/07/25 00:26:30 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk
[2009/07/25 00:26:30 | 000,000,181 | ---- | C] () -- C:\Program Files\README.txt
[2009/07/25 00:26:30 | 000,000,141 | ---- | C] () -- C:\Program Files\platform.ini
[2009/07/03 14:08:16 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/07/03 14:08:16 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/07/03 14:08:16 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/06/02 17:36:13 | 000,008,520 | ---- | C] () -- C:\Users\Nightsystem\AppData\Roaming\wklnhst.dat
[2009/04/04 10:42:22 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/17 19:58:09 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2009/03/07 16:39:37 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2009/02/26 21:41:36 | 000,046,592 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/23 00:18:09 | 000,007,052 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\d3d9caps.dat
[2009/02/22 21:11:07 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\QSwitch.txt
[2009/02/22 21:11:07 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\DSwitch.txt
[2009/02/22 21:11:07 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\AtStart.txt
[2008/12/15 03:38:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2008/12/15 03:38:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2008/12/15 03:37:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2008/12/15 03:36:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2008/12/15 03:34:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/22 11:59:18 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/22 11:51:15 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/22 11:48:25 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/22 11:46:32 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2009/05/24 22:26:22 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Acreon
[2010/07/14 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Audacity
[2010/08/25 18:35:38 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\BitTorrent
[2010/07/30 14:27:12 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Broad Intelligence
[2010/08/22 16:44:16 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/21 11:58:01 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\DAEMON Tools Lite
[2009/07/03 13:51:39 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\DAEMON Tools Pro
[2010/08/18 18:42:17 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\DNA
[2010/05/22 18:34:54 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\edxLabs
[2010/08/25 14:53:07 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\FrostWire
[2010/05/22 20:44:15 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\GetRightToGo
[2010/06/02 02:37:33 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\IrfanView
[2009/03/12 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Juniper Networks
[2010/01/21 23:45:45 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\LimeWire
[2010/07/30 14:20:52 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\OpenCandy
[2009/03/17 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Steinberg
[2010/01/03 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Stella
[2009/06/02 17:36:16 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Template
[2010/08/17 14:46:16 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Tific
[2009/12/17 01:16:10 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Turbine
[2010/07/30 14:31:26 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Uniblue
[2010/08/16 03:43:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2010/08/26 04:45:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/17 22:14:56 | 000,000,623 | ---- | M] () -- C:\aaw7boot.log
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/08/26 13:23:02 | 4292,698,112 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/06 23:29:48 | 000,000,356 | ---- | M] () -- C:\LGSInst.Log
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/26 13:23:00 | 311,320,575 | -HS- | M] () -- C:\pagefile.sys
[2010/08/17 15:56:56 | 000,000,369 | ---- | M] () -- C:\rkill.log
[2010/08/17 16:06:24 | 000,065,004 | ---- | M] () -- C:\TDSSKiller.2.4.1.2_17.08.2010_16.03.37_log.txt

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
< End of report >


Here is the Extras.txt scan

OTL Extras logfile created on: 8/26/2010 5:26:44 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Nightsystem\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360.15 Gb Total Space | 123.14 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive D: | 12.46 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMANDSANDYS
Current User Name: Nightsystem
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 3C 2B 5D F0 F0 33 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03002047-F7AC-4024-BEF2-9773FC6838DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3A871BBE-6F48-4EAA-9D9F-5A93A60CDC1C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3AA09364-5056-446D-A139-82ADFA260265}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{4682684A-D8EC-43A2-82BF-A68AB0BC17A0}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{590831E0-6219-4621-87E8-3A616EB124F1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6622BB1F-9DF1-442F-8FDB-751C40C7B889}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{710300EF-1C61-4AF4-BD62-98F4DC83D9BA}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{74946D7B-EB74-43F9-B11D-9ED4C3A59275}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{76B00EFB-6CB4-440C-B987-DA37575FAB31}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{AE1D2CD8-382B-42E3-94EE-B26460D61624}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{B4882218-8A96-429D-99AA-47ECACD595B3}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{CCF980A8-A4B2-4A22-B283-886F1B129CF8}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{F332F0BF-65F4-405F-8630-652FCE7A13BF}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016614F0-5569-4608-84F5-D16504C6B025}" = protocol=6 | dir=in | app=c:\program files\superantispyware\runsas.exe |
"{02226EB1-4E9D-48BE-85FE-3A3D055E2D7E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0459AC44-ABBD-4AAF-82AD-58544C54EA6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{0BCFDC55-139F-4DB1-8ACB-5D8C1E7B15B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{0CAC587F-7DDD-4F2D-8A83-F707F2E67BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{17C23724-A3AE-4BCD-8EB9-42480FDE4CCA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{1FB5D257-0F1A-40D2-AB88-D0873C3BE650}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{206306FB-5626-473A-9A3C-8082AD9FCD5B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{22C1A09B-3218-4BF6-9005-8A0733AC9C18}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{239491FD-C510-4FC0-B7D7-CB6D3450F124}" = protocol=6 | dir=in | app=c:\program files\silkroad\silkroad.exe |
"{23B19B6B-1F9F-4868-9773-715F38F3C795}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{24A8C094-BE7A-48C5-A769-31AEDB79806A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{25CD221B-7927-4ECB-BEBB-BBC67358EFC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{293694CF-CB62-49E5-9305-3149A88C975F}" = protocol=6 | dir=in | app=c:\users\nightsystem\desktop\ribot.exe |
"{2B5F12A1-C181-44B2-B522-55515DA5389C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{2ECA05F5-FD5B-4DEE-BE12-EBB51EC0060C}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2F6E0ACE-1C4B-4146-9C32-C3BD8143E299}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{386BFB57-E5EF-4503-9B7D-75153C827A2E}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{3A646BC0-AF2C-48AC-AE8D-4B7C3D027B9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\counter-strike source\hl2.exe |
"{3EAE4A24-C72D-4A55-B03D-11C30846EBC8}" = protocol=6 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{439396BA-1BBD-4388-A00C-252CD35E3A77}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{44A32398-81E3-4EBD-B907-0EF8DF7C596B}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{45186943-E305-4766-9A0B-436A969A942D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{477C02B7-0ABA-47FC-B75A-9C3A0A5AF188}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{47F9B495-10C8-42BE-A64C-4A375EF76D89}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{4EB54FF4-0FC4-42C7-BFCF-C6B91609B31C}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{57D80160-8188-427E-ABD9-07D0BE89491E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{58AEDE17-B89F-4B81-8E08-7D647CB6CA63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\counter-strike source\hl2.exe |
"{58C5D6A2-341C-4C99-AFBB-5568C9B3C0C0}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"{5C114D75-0379-47AE-B7EC-D2D9B74B8953}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5CE4CBD9-E1E8-44F2-9494-405209F3511B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{60599D3E-985F-421A-B4A8-1BC6A4E7A29F}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{619BAED7-019C-418B-941D-50413A2064FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\counter-strike source\hl2.exe |
"{6538910C-6640-4624-98EC-E669485F9F61}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{672BEDA1-8BCC-4331-B399-5B9E6D609EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6CF5BADF-5BB2-46AD-8349-5639EF9B2F44}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{716B3636-5CB3-425C-89E4-B8F5038DAB59}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{72FD85E7-0956-4950-AF7F-0EC106E5146F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{7BE05708-DE56-46CE-9DAB-22D9CD89A81F}" = protocol=17 | dir=in | app=c:\users\nightsystem\desktop\edxkrcaptchagen.exe |
"{7CA42D0A-AC2F-4D01-9BEE-E864F7E47C2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\counter-strike source\hl2.exe |
"{8131D813-671C-40FE-9549-5FF1EDBB24CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{823197D6-C343-4885-9A86-11EA10D6C82B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{83EAF5EB-0170-4E27-8C4B-3C09E1E69E2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{843D7B77-B0DF-43BC-A3ED-1CE366462FDD}" = protocol=17 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{85B7982D-E58C-4673-B21A-834C53D9045C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{882FA00B-D068-4C31-83AC-088754B924A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88BBBDF5-CD9A-4B70-8179-6F0364B2D0B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{893437DE-CB94-438D-B9E0-508819F5C1C8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{89B8F80D-E270-4F4F-B19D-F5ECF52942B0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8FBC72C4-555F-4DB6-A14B-51DF0FCC5FFE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{919C5978-4499-49E9-907D-69E7A369438F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{93657433-3464-4332-81BB-A4C70CB1EA0A}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"{958E864B-F608-4B64-A4BF-81DA0789C882}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{99FD5FC3-06D0-4B25-B63B-F52E49467535}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{9A37C2BD-CFAD-42C8-A870-46345E6C65FE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{9C8D4911-6C4C-4CC9-B333-F4165B6C74BB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{9CD6B1E9-B139-4EE4-B4D8-3DAC63872B2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"{9EB77882-DB0E-4138-B6E8-49709F47A366}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{9F183C35-174B-41AD-A053-E7F2E2189FA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{9F6BDCAE-420B-4D33-A1ED-6A31819E49BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A01B0942-FD70-4A14-8B26-9286AC3A4ABB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A4B8D754-792C-4C2E-83D6-1C222E22AD41}" = protocol=17 | dir=in | app=c:\program files\silkroad\silkroad.exe |
"{A6C9F11A-A2AB-4FFC-93C6-9E3009D4E61C}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A73ED30B-EB76-4C65-8435-96E4831E6B24}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{A76F0375-7517-4872-B68A-C57271F7A4BB}" = protocol=17 | dir=in | app=c:\users\nightsystem\desktop\ribot.exe |
"{A84D0008-5888-4628-BF37-6830D0332E5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\condition zero\hl.exe |
"{AB3AEBC5-4E8A-47FD-BF76-9914CBEE7FD9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{AF9BA433-C3AD-41C3-AEDE-83F36AE94906}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{AFE3F0A4-92B1-433A-A357-E2CF7BC9AE57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\condition zero\hl.exe |
"{B2563F43-0995-40B1-9199-1005ACABE7AF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{B71AA6D8-F2E5-42A4-8EA3-A9F1285FBC08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C3BC235E-5A97-4648-BB69-48F962336318}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{C742415C-ADC6-42C5-A3D4-A8600DC87BE9}" = protocol=17 | dir=in | app=c:\program files\superantispyware\runsas.exe |
"{C85745C1-BB92-4D49-AB8C-3FEADD0F9A7D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{CAB44B08-BD89-4058-9EB9-7DAE163483AF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{CD10F6FF-0865-452E-AD52-E90841CC459D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{CD752E65-4576-44B8-8F56-775054A5CA57}" = protocol=17 | dir=in | app=c:\users\nightsystem\desktop\edxsilkroadloader_lite.exe |
"{D1F0C032-9F27-45CA-B4B9-29ECDC183078}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D35E5F4C-45A6-4DD9-A771-D5D2E61F648F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\condition zero\hl.exe |
"{D36E40A5-D1B8-46F4-848A-7CF61392C00B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D39750C8-0356-486D-A4F3-B03E3BD86201}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D40D7CCF-1260-43FA-B517-CAB886A07DAE}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{D4B24BE9-8A24-4AA2-94E1-94E6AF3BA414}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D4DA48E0-A07A-4661-B362-43470BE9E656}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{D5A980EF-887A-4153-AB25-9F3952B57270}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D8B146EF-4C20-4FD1-BB79-BA554C742258}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{D97E5C0C-637D-46C1-AF5E-C62B67F6A6D6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{DAB97CFB-5ACB-414E-B3C5-7E69913E60C1}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{DAE2DBB7-DC20-453F-8583-4F23EAF4E88E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DF296A31-703E-43A7-9129-DCB152EF4B10}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{E2829C06-0375-4201-BC8F-767FD1173857}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\condition zero\hl.exe |
"{E592D2B8-7226-4FE4-85DE-BEBA43387154}" = protocol=6 | dir=in | app=c:\users\nightsystem\desktop\edxkrcaptchagen.exe |
"{E868406F-997E-4E61-96EA-7AFB2C36D90E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA7876D0-411F-4976-90FB-D0D5F794EEDB}" = protocol=6 | dir=in | app=c:\users\nightsystem\desktop\edxsilkroadloader_lite.exe |
"{EAEEC2A1-FAE3-43E7-97E1-1CF44DA55822}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F0BA931C-E383-4403-BCB1-145C3EC49740}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{F13C40F2-D9C8-41C8-8E4A-CAD5258050CA}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F2C73B61-2F42-4A54-BD4A-38E2E7C4A08B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{F7AE9D34-769F-474C-99D0-6E84F9E24973}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB21D9D9-2EC8-4CDE-A285-BAAAE3E89E5C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"TCP Query User{0D6A0A96-43AC-4B0D-96AF-52603E3A861D}C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"TCP Query User{0F88080E-F704-4620-80B7-D176C6F86DF5}C:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"TCP Query User{15960C16-8F2C-44D9-B381-935B3ECB0C4A}C:\program files (x86)\steam\steamapps\nightsystem2007\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\half-life\hl.exe |
"TCP Query User{16A80463-5708-4538-88D2-1C396AFF98AD}C:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"TCP Query User{17A37490-7DD2-4F86-AB19-9F11CB25FA14}C:\users\nightsystem\desktop\silkroad bleep\srproxy.exe" = protocol=6 | dir=in | app=c:\users\nightsystem\desktop\silkroad bleep\srproxy.exe |
"TCP Query User{2E36A3B6-A15C-4ADD-B5DD-396E752ECC74}C:\program files (x86)\ares vista\aresvista.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares vista\aresvista.exe |
"TCP Query User{3257652E-9135-45A5-80B6-AB69A293869A}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{33E75E9B-7105-44A6-9DC7-C593B5075F99}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{3B2F4B63-099F-4705-8F04-7DB93CCB13A1}C:\users\nightsystem\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\nightsystem\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{3E8341BF-537E-44C0-AB63-7CE215EAFF70}C:\program files (x86)\steam\steamapps\fallenbeaner23\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fallenbeaner23\day of defeat source\hl2.exe |
"TCP Query User{494679BE-245C-46E1-B585-0A4B206C02BE}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{4D88EAA5-58CE-49D5-893A-448F9E85724F}C:\program files (x86)\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\repair.exe |
"TCP Query User{57DF7BF3-A903-4BDD-8980-400AD9E23638}C:\program files (x86)\steam\steamapps\fallenbeaner23\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fallenbeaner23\counter-strike source\hl2.exe |
"TCP Query User{5DC35540-25BD-42F8-ADFC-E49D842703F5}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{609D3953-64B7-40E8-A2D7-FC8B7A931F63}C:\program files (x86)\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\repair.exe |
"TCP Query User{627FDB87-3152-4C72-9FA6-4CACA7CF291B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{681EC554-DFAB-4170-AD4C-5B17A72842D0}C:\program files (x86)\silkroad\srproxy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\silkroad\srproxy.exe |
"TCP Query User{683C7011-0350-417E-9063-B0E2FF5CCA6A}C:\program files (x86)\steam\steamapps\nightsystem2007\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\half-life\hl.exe |
"TCP Query User{6D2A06A2-53E5-4A0F-A81C-F971808ABEFC}C:\program files (x86)\ares vista\aresvista.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares vista\aresvista.exe |
"TCP Query User{6E608DCB-47FF-4C17-A67B-4DD2E6818628}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{71282D7C-1E12-48D0-95A4-C8DCC81D0BB1}C:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"TCP Query User{74C38D73-8C71-47F9-A8F2-28DFCD78EFCC}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{75E5609A-D9AE-4B3E-B7EE-0A3AA53FB748}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{7831468A-D368-4FB8-BF3F-A0E83F459A42}C:\program files (x86)\steam\steamapps\fallenbeaner23\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fallenbeaner23\counter-strike source\hl2.exe |
"TCP Query User{799230B2-B7EF-42AF-A166-02323674D455}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{7F1D7BBA-2C4F-4E74-AFEF-7BF6F1FD89E2}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{82593FB4-8F95-43C0-8FCA-8C7EC35B2AF8}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{84762D4F-0E66-4EBC-A5A7-297282699BCE}C:\users\nightsystem\downloads\sro_l4.5_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\nightsystem\downloads\sro_l4.5_full_client_downloader.exe |
"TCP Query User{96E02F66-CDD8-4C5F-BB8D-44894AEC370C}C:\users\nightsystem\downloads\announce_trailer_en_us.exe" = protocol=6 | dir=in | app=c:\users\nightsystem\downloads\announce_trailer_en_us.exe |
"TCP Query User{9B707AC7-C974-4CDC-A9A8-6F99BFE3DA3A}C:\program files\silkroad\srproxy.exe" = protocol=6 | dir=in | app=c:\program files\silkroad\srproxy.exe |
"TCP Query User{A176E6FE-CAAC-4053-B110-A3DAC785B132}C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{ABFAC974-E4CB-44C5-A881-EA20A9048A5E}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{B23CD5EF-853A-4E41-9ABA-9DF73E28519F}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{B2A399D1-6269-4E03-8224-0308B6ABCAEE}C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"TCP Query User{B338759F-B8A6-43CE-8EB0-7713A04EF559}C:\users\nightsystem\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nightsystem\program files (x86)\dna\btdna.exe |
"TCP Query User{BA265BC4-C680-47A9-97BB-97C68403A99D}C:\users\nightsystem\downloads\downloader_diablo2_enus.exe" = protocol=6 | dir=in | app=c:\users\nightsystem\downloads\downloader_diablo2_enus.exe |
"TCP Query User{BBFE92AB-2A0F-43B7-8C79-D2F3E550E9AF}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{CB28C040-E0D9-4567-8683-BE28F0EDCEE6}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{CC4F3263-D4EF-420D-AEEC-8837BDE7F202}C:\users\nightsystem\desktop\srproxy.exe" = protocol=6 | dir=in | app=c:\users\nightsystem\desktop\srproxy.exe |
"TCP Query User{E098F43A-02A4-413F-A3FA-7106BA75C5D7}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{F06DD0F0-9742-4A8F-902C-B37DC8EB670D}C:\users\nightsystem\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nightsystem\program files (x86)\dna\btdna.exe |
"TCP Query User{F106469D-C8BC-4139-B6F9-026F8E36120F}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{F938A669-03C2-468C-A19E-42D652227630}C:\program files (x86)\steam\steamapps\nightsystem2007\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\counter-strike\hl.exe |
"UDP Query User{09EB776E-813B-4365-BDD1-53754BE6CCCE}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{0BEF84FE-CB4C-4C90-909E-A0ADD896D43A}C:\program files (x86)\ares vista\aresvista.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares vista\aresvista.exe |
"UDP Query User{0F876CDB-99FF-4057-8A7A-5AA5AB9F28FC}C:\users\nightsystem\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\nightsystem\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{1D613FD7-26EF-4354-81E6-8C602FA9E6EA}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{1F1BE81E-59C3-497A-8A99-8325B41AF083}C:\users\nightsystem\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nightsystem\program files (x86)\dna\btdna.exe |
"UDP Query User{24CCE590-2D41-4028-871D-D643060D1860}C:\program files (x86)\steam\steamapps\fallenbeaner23\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fallenbeaner23\counter-strike source\hl2.exe |
"UDP Query User{255E23E5-C827-4F03-B1AA-A940F8344F23}C:\program files (x86)\steam\steamapps\nightsystem2007\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\counter-strike\hl.exe |
"UDP Query User{2693AF4B-C386-4002-9179-C83B506292BF}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{2C9B6B27-B65E-4BDD-96C0-D57797622DE7}C:\program files\silkroad\srproxy.exe" = protocol=17 | dir=in | app=c:\program files\silkroad\srproxy.exe |
"UDP Query User{2C9E3338-2522-4E41-BB81-816A6391777C}C:\program files (x86)\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\repair.exe |
"UDP Query User{2D62912F-77D8-439F-B667-E293EE69BBBF}C:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{31AFE451-5118-4C52-93DE-D83D33006A68}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{341DB853-5235-4225-AD28-68899149A3F4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{38583FB2-66E5-48D8-ACCD-EDF36CEC1A24}C:\users\nightsystem\downloads\downloader_diablo2_enus.exe" = protocol=17 | dir=in | app=c:\users\nightsystem\downloads\downloader_diablo2_enus.exe |
"UDP Query User{3B55DDB9-13AD-4914-8ABB-96B30929D771}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{4C26BC8F-D7E4-4255-93A8-AC1659537947}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{4E3F3F58-342E-4E6B-A12E-0CAE83372AF0}C:\program files (x86)\steam\steamapps\fallenbeaner23\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fallenbeaner23\counter-strike source\hl2.exe |
"UDP Query User{57A3D86A-8AE4-4E05-A740-5F2B045599EB}C:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{5A67E565-CFD3-4C8B-8653-07E105B7636F}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{6108321A-439D-4D0C-830D-0B7B24974F66}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{69B62C20-2303-45C5-97B6-C5EB7CF2534F}C:\program files (x86)\steam\steamapps\fallenbeaner23\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fallenbeaner23\day of defeat source\hl2.exe |
"UDP Query User{6EF0907D-536E-4633-B8FC-7DA46FCB3FD1}C:\program files (x86)\silkroad\srproxy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\silkroad\srproxy.exe |
"UDP Query User{6F352F41-D58E-4644-B4D6-0B81A2E8AE31}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{7272C10E-26BC-4EE9-B008-4B025C2F5562}C:\program files (x86)\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\repair.exe |
"UDP Query User{75B34669-549F-4BCC-93E7-E0ADB2509E07}C:\users\nightsystem\desktop\srproxy.exe" = protocol=17 | dir=in | app=c:\users\nightsystem\desktop\srproxy.exe |
"UDP Query User{7614086A-A38D-443D-898F-1CF74107CAC0}C:\users\nightsystem\downloads\announce_trailer_en_us.exe" = protocol=17 | dir=in | app=c:\users\nightsystem\downloads\announce_trailer_en_us.exe |
"UDP Query User{81032DF0-69E3-431E-9458-0E166FC22D7E}C:\users\nightsystem\downloads\sro_l4.5_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\nightsystem\downloads\sro_l4.5_full_client_downloader.exe |
"UDP Query User{832147C4-ADD9-42B5-B8FA-3A760A81FCAB}C:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe |
"UDP Query User{8B4B2D18-ED08-4A8F-961C-1BDFF9C82ED6}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{918CC8AB-A379-43F2-9237-A5B4C1A9B849}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{93A747BC-A9A5-49B6-92BF-06C1C04E43B9}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{9650EF45-E612-465E-9E48-64D36B32AA20}C:\users\nightsystem\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nightsystem\program files (x86)\dna\btdna.exe |
"UDP Query User{AA7CDF86-62BE-4B54-9BB5-EF5439824A89}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"UDP Query User{B46DFDAB-CFBD-4B22-80D2-4224CF5F76F3}C:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{B9260F44-4DE4-4AE0-A996-A6786B4EB5D2}C:\program files (x86)\ares vista\aresvista.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares vista\aresvista.exe |
"UDP Query User{BC49A8E0-61D9-4E96-8987-22FF485DCD20}C:\program files (x86)\steam\steamapps\nightsystem2007\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\half-life\hl.exe |
"UDP Query User{BCC06132-0BBD-4A2A-A270-3CD398104222}C:\program files (x86)\steam\steamapps\nightsystem2007\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\nightsystem2007\half-life\hl.exe |
"UDP Query User{C95AD2E9-E508-46EC-8E2C-561FACE0C9EF}C:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"UDP Query User{C99481AF-10D2-4BD7-823D-03A04C0E049B}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{E8E657E0-9D61-475A-A112-226E7337C102}C:\users\nightsystem\desktop\silkroad bleep\srproxy.exe" = protocol=17 | dir=in | app=c:\users\nightsystem\desktop\silkroad bleep\srproxy.exe |
"UDP Query User{EEE6E46A-6D93-42B8-8F81-94E6FB7F6F84}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{EFCEFA02-5E41-4CA5-8832-D5B524E3885A}C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe |
"UDP Query User{FD9B0096-E101-4201-AA0C-E724B24E3114}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2369561B-FD79-47F0-905D-B5FC7BAA9C80}" = LinksysEasyLinkAdvisor
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{3646658E-336E-FFEB-F8C8-AAE15750D3AC}" = ccc-utility64
"{380BCF92-9D7B-0AD9-AE5D-DCFF1C7F347F}" = ATI Catalyst Install Manager
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{58BF5D14-CBCF-473C-B0E0-A7955A23224E}" = Logitech Gaming Software 64
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{FB36E9ED-F7AB-4E9B-8434-386658D7B58E}" = HP MediaSmart SmartMenu
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Stella_is1" = Stella 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{005A00DD-F955-CAF8-8DB4-C15C3A1E715F}" = Catalyst Control Center Graphics Previews Vista
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{150586B4-E85A-4B8B-4C60-CADA9121FA08}" = Catalyst Control Center Graphics Previews Common
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25049BA9-E395-283F-8B6A-F2D78BC96BB5}" = Skins
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{300FB2C5-1328-A7F1-DBB3-925452E7D763}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33D4AAA7-F95F-476E-99CD-5E2EA61984AD}" = MSN Toolbar Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 J1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39177B0B-800F-4129-8C87-8B8B8AD8B4F8}_is1" = Ares Vista 3.0.9.9002
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65AEB203-D3AA-6B95-1251-7B992C151C1F}" = Catalyst Control Center InstallProxy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F878A3-0032-6276-7909-3FE5B451C966}" = Catalyst Control Center Graphics Full New
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{96BC4472-AB51-50BD-93D9-37B5CE88D3A2}" = Catalyst Control Center Core Implementation
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A7D837CD-C485-B501-6033-993FC68335FC}" = CCC Help English
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B39B02E2-F711-BE47-E2D3-76F458F14CF6}" = Catalyst Control Center Graphics Full Existing
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BACBC990-8681-4D00-9227-F3A32123BB7A}" = Half-Life®
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D286752E-1AE7-3FA1-1306-E6DC0C4F13BA}" = ccc-core-static
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE250486-0A4C-9689-FDCD-D8C82EDE989E}" = Catalyst Control Center InstallProxy
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.12.00.803
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"Ares" = Ares 2.0.9
"ASIO4ALL" = ASIO4ALL
"Chipamp" = Chipamp
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comical_is1" = Comical 0.8
"Diablo II" = Diablo II
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy PSP Edition" = Exact Audio Copy PSP Edition 1.0
"FormatFactory" = FormatFactory 2.50
"Free DVD Ripper 2.25_is1" = Free DVD Ripper Version 2.25
"FrostWire" = FrostWire 4.18.6
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2369561B-FD79-47F0-905D-B5FC7BAA9C80}" = LinksysEasyLinkAdvisor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{58BF5D14-CBCF-473C-B0E0-A7955A23224E}" = Logitech Gaming Software 64
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder PSP Edition" = MediaCoder PSP Edition
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"N360" = Norton Security Suite
"OpenAL" = OpenAL
"ProcessScanner_is1" = Uniblue ProcessScanner
"RealAlt_is1" = Real Alternative 1.9.0
"RebirthRO01/10/2009/ FULL-CLIENT" = RebirthRO
"StarCraft" = StarCraft
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 4580" = Warhammer 40,000: Dawn of War – Dark Crusade
"Steam App 80" = Condition Zero
"Syncrosoft License Control" = Syncrosoft License Control
"The Rosetta Stone" = The Rosetta Stone
"VLC media player" = VLC media player 1.1.2
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2010 12:55:54 AM | Computer Name = SAMandSANDYS | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/28/2010 4:42:10 AM | Computer Name = SAMandSANDYS | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e0421d,
exception code 0xc0000374, fault offset 0x00000000000aef37, process id 0xe04, application
start time 0x01ca9fd5b976b460.

Error - 1/28/2010 4:42:40 AM | Computer Name = SAMandSANDYS | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/28/2010 4:44:56 AM | Computer Name = SAMandSANDYS | Source = Application Error | ID = 1000
Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
0x19e8, application start time 0x01ca9ff605eca820.

Error - 1/28/2010 6:35:46 AM | Computer Name = SAMandSANDYS | Source = WinMgmt | ID = 10
Description =

Error - 1/28/2010 10:11:14 PM | Computer Name = SAMandSANDYS | Source = WinMgmt | ID = 10
Description =

Error - 1/28/2010 10:41:58 PM | Computer Name = SAMandSANDYS | Source = McLogEvent | ID = 5051
Description =

Error - 1/29/2010 3:24:24 AM | Computer Name = SAMandSANDYS | Source = Application Error | ID = 1000
Description = Faulting application OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, faulting module OfficeLiveSignIn.exe, version 2.0.2313.0, time
stamp 0x491c0a79, exception code 0xc0000005, fault offset 0x00003ce7, process id
0x1ad8, application start time 0x01caa0a3d60c25aa.

Error - 1/29/2010 5:04:52 AM | Computer Name = SAMandSANDYS | Source = Application Error | ID = 1000
Description = Faulting application RebirthRO Patcher.exe, version 1.0.0.1, time
stamp 0x492cbcd6, faulting module composer.dll, version 0.0.0.0, time stamp 0x49e52336,
exception code 0xc0000417, fault offset 0x00005a57, process id 0x1944, application
start time 0x01caa0c21215e27a.

Error - 1/29/2010 5:41:06 AM | Computer Name = SAMandSANDYS | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 8/25/2010 9:23:57 PM | Computer Name = SAMandSANDYS | Source = bowser | ID = 8003
Description =

Error - 8/26/2010 1:09:44 AM | Computer Name = SAMandSANDYS | Source = bowser | ID = 8003
Description =

Error - 8/26/2010 4:57:23 AM | Computer Name = SAMandSANDYS | Source = bowser | ID = 8003
Description =

Error - 8/26/2010 4:23:22 PM | Computer Name = SAMandSANDYS | Source = Service Control Manager | ID = 7000
Description =

Error - 8/26/2010 4:23:22 PM | Computer Name = SAMandSANDYS | Source = Service Control Manager | ID = 7000
Description =

Error - 8/26/2010 4:27:54 PM | Computer Name = SAMandSANDYS | Source = PlugPlayManager | ID = 12
Description = The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_197B&DEV_2380&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0050)
disappeared from the system without first being prepared for removal.

Error - 8/26/2010 4:27:54 PM | Computer Name = SAMandSANDYS | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0150)
disappeared from the system without first being prepared for removal.

Error - 8/26/2010 4:27:54 PM | Computer Name = SAMandSANDYS | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0250)
disappeared from the system without first being prepared for removal.

Error - 8/26/2010 4:27:54 PM | Computer Name = SAMandSANDYS | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0350)
disappeared from the system without first being prepared for removal.

Error - 8/26/2010 4:27:54 PM | Computer Name = SAMandSANDYS | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0450)
disappeared from the system without first being prepared for removal.


< End of report >

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:36 PM

Posted 27 August 2010 - 06:35 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    [2009/03/31 21:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
    O4 - HKCU..\Run: [Bcovexijokiqova] C:\Users\Nightsystem\AppData\Local\okukupugeb.DLL File not found
    O4 - HKCU..\Run: [Osibegede] C:\Users\Nightsystem\AppData\Local\sDIVCecl.DLL File not found
    [2010/08/15 22:57:38 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\{48E72D5A-F475-48BE-A3CE-3B02AB9B50D6}
    [2010/08/15 22:56:12 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\focwgyeti
    [2010/08/15 22:56:04 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\xnpxfodjc
    [2010/08/15 22:55:52 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\Windows Server
    [2010/08/15 22:57:40 | 000,000,120 | ---- | M] () -- C:\Users\Nightsystem\AppData\Local\Dkugefu.dat

    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 nightsystem2005

nightsystem2005
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 28 August 2010 - 12:29 AM

Seems like everything is all right thumbup.gif! Here are the logs

OTL LOG

All processes killed
========== OTL ==========
C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Bcovexijokiqova deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Osibegede deleted successfully.
C:\Users\Nightsystem\AppData\Local\{48E72D5A-F475-48BE-A3CE-3B02AB9B50D6}\chrome\content folder moved successfully.
C:\Users\Nightsystem\AppData\Local\{48E72D5A-F475-48BE-A3CE-3B02AB9B50D6}\chrome folder moved successfully.
C:\Users\Nightsystem\AppData\Local\{48E72D5A-F475-48BE-A3CE-3B02AB9B50D6} folder moved successfully.
C:\Users\Nightsystem\AppData\Local\focwgyeti folder moved successfully.
C:\Users\Nightsystem\AppData\Local\xnpxfodjc folder moved successfully.
C:\Users\Nightsystem\AppData\Local\Windows Server folder moved successfully.
C:\Users\Nightsystem\AppData\Local\Dkugefu.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Nightsystem
->Temp folder emptied: 869342721 bytes
->Temporary Internet Files folder emptied: 52152275 bytes
->Java cache emptied: 68901066 bytes
->FireFox cache emptied: 56742013 bytes
->Flash cache emptied: 2122823 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2336586 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 88442852 bytes

Total Files Cleaned = 1,087.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08272010_171704

Files\Folders moved on Reboot...
C:\Users\Nightsystem\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

MBAM LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4492

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/27/2010 7:57:25 PM
mbam-log-2010-08-27 (19-57-25).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 387329
Time elapsed: 1 hour(s), 56 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\osibegede (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bcovexijokiqova (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET LOG

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Attached Files


Edited by nightsystem2005, 28 August 2010 - 12:30 AM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:36 PM

Posted 28 August 2010 - 10:37 AM

Greta please reopen OTL and click on Run scan at the top.
Please post the OTL.txt that opens.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 nightsystem2005

nightsystem2005
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 30 August 2010 - 03:30 AM

Sorry for not replying so soon. I have been really caught up with work and all. Here is the log...I think I'm still infected because I keep on getting these pop up boxes when I boot up my computer. I could turn them off by entering msconfig into my run and disabling it, but it does not solve the problem of maybe being infected.

OTL Log

OTL logfile created on: 8/30/2010 1:20:32 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Nightsystem\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 360.15 Gb Total Space | 121.37 Gb Free Space | 33.70% Space Free | Partition Type: NTFS
Drive D: | 12.46 Gb Total Space | 1.97 Gb Free Space | 15.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMANDSANDYS
Current User Name: Nightsystem
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Nightsystem\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files (x86)\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
PRC - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Nightsystem\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\rswin_3745.dll ()
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (LinksysUpdater) -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (AresChatServer) -- C:\Program Files (x86)\Ares\chatServer.exe (Ares Development Group)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (ASPI) -- C:\Windows\SysNative\DRIVERS\ASPI32.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0402000.00C\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\DRIVERS\ahcix64s.sys (AMD Technologies Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NETw3v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (Amddfltr64) -- C:\Windows\SysNative\DRIVERS\Amddfltr64.sys (Advanced Micro Devices)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\SynUSB64.sys (SIA Syncrosoft)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100829.004\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100829.004\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100827.001\IDSviA64.sys (Symantec Corporation)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ASPI) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\Firefox [2009/12/31 14:41:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 12:33:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/16 10:55:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/16 00:51:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/13 02:57:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/20 13:41:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\components [2010/02/13 02:57:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\plugins [2010/07/30 14:20:49 | 000,000,000 | ---D | M]

[2010/08/27 17:17:05 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions
[2010/04/11 18:10:49 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2009/03/01 17:14:33 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/29 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\extensions
[2009/08/25 15:51:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/08 03:45:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/02/24 01:23:19 | 000,000,682 | ---- | M] () -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\searchplugins\ask.xml
[2009/02/23 20:16:33 | 000,001,632 | ---- | M] () -- C:\Users\Nightsystem\AppData\Roaming\Mozilla\Firefox\Profiles\s4c0cokx.default\searchplugins\live-search.xml
[2009/07/12 12:50:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0380.1\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LELA] C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Bcovexijokiqova] C:\Users\Nightsystem\AppData\Local\okukupugeb.DLL File not found
O4 - HKCU..\Run: [Osibegede] C:\Users\Nightsystem\AppData\Local\sDIVCecl.DLL File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://syccmdfic01.pcc.edu/dana-cached/sc/...SetupClient.cab (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102 192.168.1.1 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9d1e19c8-01a0-11de-9778-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9d1e19c8-01a0-11de-9778-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{b57f401f-7630-11de-8761-00238b6d996d}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
O33 - MountPoints2\{b57f401f-7630-11de-8761-00238b6d996d}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/29 22:42:29 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\dsjubtshf
[2010/08/29 22:38:06 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\pcsx2
[2010/08/29 21:49:26 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010/08/29 21:49:26 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010/08/29 21:49:26 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010/08/29 21:49:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010/08/29 21:49:23 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010/08/29 21:49:23 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010/08/29 21:49:19 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010/08/29 21:49:19 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010/08/29 21:49:16 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010/08/29 21:49:16 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010/08/29 21:48:54 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010/08/29 21:48:54 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010/08/29 21:48:53 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010/08/29 21:48:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010/08/29 21:48:53 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010/08/29 21:48:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010/08/29 21:48:52 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010/08/29 21:48:52 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010/08/29 21:48:52 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010/08/29 21:48:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010/08/29 21:48:51 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010/08/29 21:48:51 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010/08/29 21:48:50 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010/08/29 21:48:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010/08/29 21:48:11 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/08/27 20:03:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/08/27 17:17:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/25 19:24:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2010/08/22 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/08/22 16:44:16 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/19 18:03:46 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\Desktop\Incomplete
[2010/08/18 23:14:56 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\mp3fhg.acm
[2010/08/18 23:14:55 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010/08/18 23:14:55 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010/08/18 23:14:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/08/18 02:00:58 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\Apple Computer
[2010/08/17 17:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/08/17 16:58:19 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\Adobe
[2010/08/17 16:13:47 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\Sunbelt Software
[2010/08/17 16:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/08/17 14:46:16 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\Tific
[2010/08/16 18:07:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/16 18:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/16 15:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/16 15:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/08/16 04:07:41 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys
[2010/08/16 04:07:41 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys
[2010/08/16 04:07:37 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys
[2010/08/16 04:07:37 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys
[2010/08/16 04:07:36 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys
[2010/08/16 04:07:35 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys
[2010/08/16 04:07:35 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys
[2010/08/16 03:55:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C
[2010/08/16 00:50:37 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/08/16 00:50:37 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/08/16 00:50:37 | 000,034,152 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/08/16 00:50:34 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/08/16 00:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/16 00:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/16 00:49:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2010/08/16 00:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2010/08/16 00:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/08/15 22:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/15 20:06:25 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\Documents\dvd
[2010/08/15 19:52:41 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Roaming\DVD Flick
[2010/08/15 19:52:16 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx
[2010/08/15 19:52:16 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2010/08/15 19:52:16 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx
[2010/08/15 19:52:16 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2010/08/15 19:52:16 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll
[2010/08/15 19:52:16 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx
[2010/08/15 19:52:16 | 000,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx
[2010/08/15 19:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick
[2010/08/11 12:17:29 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 12:17:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 12:17:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 12:17:20 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 12:16:26 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/11 12:16:23 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/08/11 12:16:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/08/11 12:16:23 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 12:16:23 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/08/11 12:16:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/08/11 12:16:22 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/11 12:16:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/08/11 12:16:22 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 12:16:22 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/08/11 12:16:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 12:16:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 12:16:22 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/11 12:16:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/08/11 12:16:22 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/08/11 12:16:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/08/11 12:16:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/08/11 12:16:22 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/08/11 12:16:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/08/11 12:16:22 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/11 12:16:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/08/11 12:16:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 12:16:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/09 17:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo II
[2010/08/09 15:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft
[2010/08/03 02:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exact Audio Copy PSP Edition
[2010/07/31 16:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2009/07/25 00:26:30 | 010,764,792 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2009/07/25 00:26:30 | 000,918,008 | ---- | C] (Netscape Communications Corporation) -- C:\Program Files\js3250.dll
[2009/07/25 00:26:30 | 000,908,280 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2009/07/25 00:26:30 | 000,722,424 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozcrt19.dll
[2009/07/25 00:26:30 | 000,632,312 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2009/07/25 00:26:30 | 000,428,024 | ---- | C] (sqlite.org) -- C:\Program Files\sqlite3.dll
[2009/07/25 00:26:30 | 000,316,920 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2009/07/25 00:26:30 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2009/07/25 00:26:30 | 000,244,728 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2009/07/25 00:26:30 | 000,169,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2009/07/25 00:26:30 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2009/07/25 00:26:30 | 000,136,696 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2009/07/25 00:26:30 | 000,120,312 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2009/07/25 00:26:30 | 000,103,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2009/07/25 00:26:30 | 000,103,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2009/07/25 00:26:30 | 000,087,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2009/07/25 00:26:30 | 000,020,472 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2009/07/25 00:26:30 | 000,017,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2009/07/25 00:26:30 | 000,017,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2009/07/25 00:26:30 | 000,017,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/30 01:23:07 | 000,704,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/30 01:23:07 | 000,604,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/30 01:23:07 | 000,105,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/30 01:20:40 | 012,058,624 | -HS- | M] () -- C:\Users\Nightsystem\NTUSER.DAT
[2010/08/30 01:15:42 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/30 01:15:42 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/30 01:15:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/30 01:15:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/30 01:15:21 | 4292,698,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/30 01:14:06 | 000,524,288 | -HS- | M] () -- C:\Users\Nightsystem\NTUSER.DAT{17800c81-2f6a-11de-8c33-00238b6d996d}.TMContainer00000000000000000001.regtrans-ms
[2010/08/30 01:14:06 | 000,065,536 | -HS- | M] () -- C:\Users\Nightsystem\NTUSER.DAT{17800c81-2f6a-11de-8c33-00238b6d996d}.TM.blf
[2010/08/30 01:14:04 | 004,120,098 | -H-- | M] () -- C:\Users\Nightsystem\AppData\Local\IconCache.db
[2010/08/29 22:46:01 | 002,373,400 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/08/29 21:47:57 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\PCSX2 0.9.7 (r3113).lnk
[2010/08/25 18:26:55 | 000,007,052 | ---- | M] () -- C:\Users\Nightsystem\AppData\Local\d3d9caps.dat
[2010/08/25 18:26:43 | 000,046,592 | ---- | M] () -- C:\Users\Nightsystem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/22 16:46:45 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/08/20 19:39:37 | 000,001,033 | ---- | M] () -- C:\Users\Nightsystem\Desktop\Format Factory.lnk
[2010/08/20 02:50:46 | 000,001,822 | ---- | M] () -- C:\Users\Nightsystem\Desktop\mce.lnk
[2010/08/16 18:07:28 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 04:23:57 | 000,002,327 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/08/16 03:43:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2010/08/16 00:50:19 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/08/16 00:50:19 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/08/16 00:50:19 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/08/15 19:52:19 | 000,001,753 | ---- | M] () -- C:\Users\Nightsystem\Desktop\DVD Flick.lnk
[2010/08/12 14:40:19 | 000,654,271 | ---- | M] () -- C:\Users\Nightsystem\Documents\WR227 Comp Tech Manual.docx
[2010/08/12 14:26:49 | 000,015,122 | ---- | M] () -- C:\Users\Nightsystem\Documents\school resume.docx
[2010/08/12 03:29:23 | 003,000,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 01:00:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/12 01:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010/08/11 17:47:13 | 000,714,493 | ---- | M] () -- C:\Users\Nightsystem\Documents\Quick Computer Tips Manual Guide.pptx
[2010/08/09 21:33:06 | 512,814,017 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/09 17:54:41 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2010/08/09 15:19:59 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2010/08/09 01:03:06 | 000,013,281 | ---- | M] () -- C:\Users\Nightsystem\Documents\WR227 Comp Tech Manual WC.docx
[2010/08/05 00:31:57 | 000,001,637 | ---- | M] () -- C:\Users\Nightsystem\Desktop\Paint.lnk
[2010/08/03 02:58:15 | 000,000,891 | ---- | M] () -- C:\Users\Nightsystem\Desktop\Exact Audio Copy PSP Edition.lnk
[2010/08/03 01:52:43 | 000,108,704 | ---- | M] () -- C:\Users\Nightsystem\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/01 16:17:07 | 000,054,180 | ---- | M] () -- C:\Users\Nightsystem\Documents\FinalProjectManual.docx
[2010/07/31 14:54:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNightsystem.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/29 23:13:49 | 4292,698,112 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/29 21:48:01 | 000,367,306 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistMSI7D98.txt
[2010/08/29 21:48:01 | 000,011,144 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistUI7D98.txt
[2010/08/29 21:47:57 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\PCSX2 0.9.7 (r3113).lnk
[2010/08/22 16:45:39 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2010/08/20 19:39:36 | 000,001,033 | ---- | C] () -- C:\Users\Nightsystem\Desktop\Format Factory.lnk
[2010/08/20 17:07:23 | 000,372,164 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistMSI6798.txt
[2010/08/20 17:07:22 | 000,011,170 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistUI6798.txt
[2010/08/20 02:50:46 | 000,001,822 | ---- | C] () -- C:\Users\Nightsystem\Desktop\mce.lnk
[2010/08/18 23:14:58 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/08/18 23:14:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/08/18 23:14:55 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/08/18 23:14:55 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/18 23:14:54 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/18 23:14:54 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/08/16 23:02:14 | 000,015,616 | ---- | C] () -- C:\Users\Nightsystem\hijackthis.log
[2010/08/16 18:07:28 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/16 04:22:10 | 002,373,400 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\Cat.DB
[2010/08/16 04:07:41 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv64.cat
[2010/08/16 04:07:41 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet64.cat
[2010/08/16 04:07:41 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnetv.inf
[2010/08/16 04:07:41 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symnet.inf
[2010/08/16 04:07:37 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.cat
[2010/08/16 04:07:37 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.cat
[2010/08/16 04:07:37 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.cat
[2010/08/16 04:07:37 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa.inf
[2010/08/16 04:07:37 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds.inf
[2010/08/16 04:07:37 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.inf
[2010/08/16 04:07:36 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.cat
[2010/08/16 04:07:36 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.inf
[2010/08/16 04:07:35 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.cat
[2010/08/16 04:07:35 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.cat
[2010/08/16 04:07:35 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.inf
[2010/08/16 04:07:35 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\iron.inf
[2010/08/16 03:55:01 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\isolate.ini
[2010/08/16 00:50:34 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/08/16 00:50:34 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/08/16 00:50:06 | 000,002,327 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2010/08/16 00:41:12 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\Install_NSS.job
[2010/08/15 19:52:19 | 000,001,753 | ---- | C] () -- C:\Users\Nightsystem\Desktop\DVD Flick.lnk
[2010/08/11 01:44:12 | 000,714,493 | ---- | C] () -- C:\Users\Nightsystem\Documents\Quick Computer Tips Manual Guide.pptx
[2010/08/09 17:52:05 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2010/08/09 15:17:51 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2010/08/05 14:50:11 | 000,013,281 | ---- | C] () -- C:\Users\Nightsystem\Documents\WR227 Comp Tech Manual WC.docx
[2010/08/05 00:31:57 | 000,001,637 | ---- | C] () -- C:\Users\Nightsystem\Desktop\Paint.lnk
[2010/08/04 02:18:54 | 000,654,271 | ---- | C] () -- C:\Users\Nightsystem\Documents\WR227 Comp Tech Manual.docx
[2010/08/03 02:58:15 | 000,000,891 | ---- | C] () -- C:\Users\Nightsystem\Desktop\Exact Audio Copy PSP Edition.lnk
[2010/08/01 16:17:04 | 000,054,180 | ---- | C] () -- C:\Users\Nightsystem\Documents\FinalProjectManual.docx
[2010/07/01 23:28:33 | 000,363,372 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistMSI48AE.txt
[2010/07/01 23:28:32 | 000,011,138 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistUI48AE.txt
[2010/05/19 01:10:02 | 000,438,374 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistMSI2883.txt
[2010/05/19 01:10:02 | 000,012,182 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\dd_vcredistUI2883.txt
[2010/05/02 19:42:35 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\Temp0cdab112c4a6e11872374c7bded4a529.lock
[2010/02/22 09:28:05 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\FnF4.txt
[2009/12/17 01:16:05 | 000,000,099 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\fusioncache.dat
[2009/12/17 01:09:08 | 000,721,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/11 22:12:29 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/11 22:11:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/10 23:34:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/25 00:26:32 | 000,000,707 | ---- | C] () -- C:\Program Files\updater.ini
[2009/07/25 00:26:32 | 000,000,232 | ---- | C] () -- C:\Program Files\browserconfig.properties
[2009/07/25 00:26:32 | 000,000,112 | ---- | C] () -- C:\Program Files\old-homepage-default.properties
[2009/07/25 00:26:32 | 000,000,006 | ---- | C] () -- C:\Program Files\update.locale
[2009/07/25 00:26:30 | 000,038,538 | ---- | C] () -- C:\Program Files\install.log
[2009/07/25 00:26:30 | 000,031,393 | ---- | C] () -- C:\Program Files\LICENSE
[2009/07/25 00:26:30 | 000,003,801 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2009/07/25 00:26:30 | 000,002,126 | ---- | C] () -- C:\Program Files\application.ini
[2009/07/25 00:26:30 | 000,002,067 | ---- | C] () -- C:\Program Files\blocklist.xml
[2009/07/25 00:26:30 | 000,000,583 | ---- | C] () -- C:\Program Files\crashreporter-override.ini
[2009/07/25 00:26:30 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk
[2009/07/25 00:26:30 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk
[2009/07/25 00:26:30 | 000,000,181 | ---- | C] () -- C:\Program Files\README.txt
[2009/07/25 00:26:30 | 000,000,141 | ---- | C] () -- C:\Program Files\platform.ini
[2009/07/03 14:08:16 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/07/03 14:08:16 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/07/03 14:08:16 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/06/02 17:36:13 | 000,008,520 | ---- | C] () -- C:\Users\Nightsystem\AppData\Roaming\wklnhst.dat
[2009/04/04 10:42:22 | 000,000,320 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/17 19:58:09 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2009/03/07 16:39:37 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2009/02/26 21:41:36 | 000,046,592 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/23 00:18:09 | 000,007,052 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\d3d9caps.dat
[2009/02/22 21:11:07 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\QSwitch.txt
[2009/02/22 21:11:07 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\DSwitch.txt
[2009/02/22 21:11:07 | 000,000,000 | ---- | C] () -- C:\Users\Nightsystem\AppData\Local\AtStart.txt
[2008/12/15 03:38:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2008/12/15 03:38:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2008/12/15 03:37:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2008/12/15 03:36:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2008/12/15 03:34:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/10/22 11:59:18 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/22 11:51:15 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/22 11:48:25 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/22 11:46:32 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
< End of report >


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:36 PM

Posted 30 August 2010 - 06:59 AM

Hi you are not infected spybot prevented us from removing the registry entries.
These are only leftovers.
Please uninstall it because the tea timer will still be present on reboot.
After uninstalling Spybot do the following:
===========================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O33 - MountPoints2\{b57f401f-7630-11de-8761-00238b6d996d}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
    O33 - MountPoints2\{b57f401f-7630-11de-8761-00238b6d996d}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe -- File not found
    [2010/08/29 22:42:29 | 000,000,000 | ---D | C] -- C:\Users\Nightsystem\AppData\Local\dsjubtshf
    O4 - HKCU..\Run: [Bcovexijokiqova] C:\Users\Nightsystem\AppData\Local\okukupugeb.DLL File not found
    O4 - HKCU..\Run: [Osibegede] C:\Users\Nightsystem\AppData\Local\sDIVCecl.DLL File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 nightsystem2005

nightsystem2005
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 30 August 2010 - 05:46 PM

Here is the OTL log

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b57f401f-7630-11de-8761-00238b6d996d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b57f401f-7630-11de-8761-00238b6d996d}\ not found.
File F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b57f401f-7630-11de-8761-00238b6d996d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b57f401f-7630-11de-8761-00238b6d996d}\ not found.
File F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\application.exe not found.
C:\Users\Nightsystem\AppData\Local\dsjubtshf folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Bcovexijokiqova deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Osibegede deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nightsystem
->Temp folder emptied: 1589131 bytes
->Temporary Internet Files folder emptied: 47440095 bytes
->Java cache emptied: 9749 bytes
->FireFox cache emptied: 39778667 bytes
->Flash cache emptied: 1920 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2425189 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1696654 bytes

Total Files Cleaned = 89.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08302010_144112

Files\Folders moved on Reboot...
C:\Users\Nightsystem\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...


#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:36 PM

Posted 31 August 2010 - 05:07 AM

Ok can I see the follow up scan log please?
Instructions are below my previous post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:36 PM

Posted 22 November 2010 - 07:52 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users