Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issue with "SEUPD.EXE"


  • This topic is locked This topic is locked
22 replies to this topic

#1 JDOG36

JDOG36

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 19 August 2010 - 02:33 PM

I have an alienware laptop running Windows 7 64-bit

I've ran a scan from MBAM several times and at first received threats that I removed. Since then, I've had clean scans but I still get warnings (all from MBAM) about "C:\programs\update\seupd.exe" trying to run as well as other warnings that it had detected that a malicious site is trying to be accessed (it gives me the IP address and they are different everytime). Here is my DDS log:


DDS (Ver_10-03-17.01) - NTFSX64
Run by j36 at 12:07:51.04 on Thu 08/19/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8180.6222 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\OSD\OSD_Service.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\OSD\OSD.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Users\j36\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.alienware.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files (x86)\lastpass\LPBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
mRun: [FATrayAlert] c:\program files\alienware\command center\aliensense\FATrayMon.exe
mRun: [OSD_LAUNCH] c:\program files (x86)\osd\Launch_OSD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RemoteControl8] "c:\program files (x86)\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files (x86)\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files (x86)\cyberlink\shared files\brs.exe
mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Monitor] "c:\program files (x86)\leapfrog\leapfrog connect\Monitor.exe"
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [IObit Security 360] "c:\program files (x86)\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FAStartup]
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files (x86)\lastpass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: FastAccess - c:\program files\alienware\command center\aliensense\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [AlienFX Controller] "c:\program files\alienware\command center\AlienwareAlienFXController.exe"
mRun-x64: [(Default)]
mRun-x64: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [FreeFallProtection] c:\program files (x86)\stmicroelectronics\accelerometer\FF_Protection.exe
mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - c:\users\j36\appdata\roaming\mozilla\firefox\profiles\07hqtfzo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\j36\appdata\roaming\mozilla\firefox\profiles\07hqtfzo.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\progra~2\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: XULRunner: {E8B2BE1B-BF15-4E3F-BB25-E38D6C0EDC9B} - c:\users\j36\appdata\local\{e8b2be1b-bf15-4e3f-bb25-e38d6c0edc9b}\
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ioatdma;Intel® QuickData Technology device;c:\windows\system32\drivers\ioatdma.sys [2010-5-24 46792]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-5-24 19504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/24 08:55:56];c:\program files (x86)\cyberlink\powerdvd8\000.fcl [2009-4-15 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe [2010-3-28 89600]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\alienware\command center\AlienFusionService.exe [2009-11-10 13624]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-28 202752]
R2 FAService;FAService;c:\program files\alienware\command center\aliensense\FAService.exe [2009-6-24 2368776]
R2 HappyOSD;HappyOSD;c:\program files (x86)\osd\OSD_Service.exe [2010-5-24 12800]
R2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-5-24 59904]
R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-7-26 304464]
R2 McciCMService64;McciCMService64;c:\program files\common files\motive\McciCMService.exe [2010-6-5 517632]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys [2010-3-28 60416]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys [2010-3-28 80896]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys [2010-3-28 55808]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2010-5-24 660800]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-3-28 25136]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-3-28 6233600]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-3-28 160256]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-24 35104]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k62x64.sys [2010-5-24 294064]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-28 60416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-26 24664]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-22 136176]
S2 IS360service;IS360service;c:\program files (x86)\iobit\iobit security 360\is360srv.exe [2010-7-26 312152]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 238848]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-5-3 24576]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys [2010-5-24 43416]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys [2010-5-24 51096]
S3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd162x64.sys [2010-5-24 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\system32\drivers\qd262x64.sys [2010-5-24 42192]
S3 iSSetup;iSSetup;c:\windows\system32\drivers\iSSetup.sys [2010-5-24 178400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-3 1255736]

=============== Created Last 30 ================

2010-08-19 01:21:04 0 d-----w- c:\program files (x86)\TuneUpMedia
2010-08-19 01:21:02 0 d-----w- c:\users\j36\appdata\roaming\TuneUpMedia
2010-08-19 01:20:59 0 d-----w- c:\programdata\TuneUpMedia
2010-08-18 19:09:44 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-15 15:56:16 0 d-----w- c:\programdata\Hewlett-Packard
2010-08-12 03:05:57 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 03:05:57 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 03:05:56 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 03:05:53 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 03:05:51 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 03:05:51 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-11 16:25:39 0 d-----w- c:\program files (x86)\PCDrafter2010
2010-08-10 23:24:34 0 d-----w- c:\users\j36\appdata\roaming\DraftAnalyzer
2010-08-10 23:24:34 0 d-----w- c:\program files (x86)\Draft Analyzer 2010
2010-08-05 21:12:32 0 d-----w- c:\programdata\ATI
2010-08-05 21:11:06 123408 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2010-08-05 21:11:00 0 d-----w- C:\dell
2010-08-05 20:41:02 0 d-----w- c:\program files (x86)\ATI Technologies
2010-08-05 20:26:28 0 d-----w- c:\program files\22ATI Technologies
2010-08-05 20:25:59 0 d-----w- c:\temp\Support
2010-08-05 20:21:46 0 d-----w- c:\program files\ATI
2010-08-05 20:21:35 0 d-----w- c:\program files\ATI Technologies
2010-08-05 20:18:12 0 d-----w- c:\programdata\Motive
2010-08-03 15:08:48 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-02 20:07:51 0 d-----w- c:\program files (x86)\FanSoft
2010-07-29 22:50:13 0 d-----w- c:\program files (x86)\ATI
2010-07-28 01:01:18 0 d-----w- C:\ATI
2010-07-28 00:52:17 0 d-----w- C:\AMD
2010-07-27 19:20:19 0 d-----w- c:\users\j36\SC2-WingsOfLiberty-enUS-Installer
2010-07-27 19:20:08 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment.Trash
2010-07-27 19:13:43 0 d-----w- c:\programdata\Blizzard Entertainment
2010-07-27 19:13:43 0 d-----w- c:\program files (x86)\StarCraft II
2010-07-27 19:13:43 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment
2010-07-26 18:44:51 0 d-----w- c:\users\j36\appdata\roaming\Malwarebytes
2010-07-26 18:44:45 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 18:44:45 0 d-----w- c:\programdata\Malwarebytes
2010-07-26 18:44:45 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-26 18:04:03 5314 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-07-26 17:12:02 0 d-----w- c:\programdata\IObit
2010-07-26 17:11:04 0 d-----w- c:\users\j36\appdata\roaming\IObit
2010-07-26 17:11:04 0 d-----w- c:\program files (x86)\IObit
2010-07-26 16:53:40 150 ----a-w- C:\zrpt.xml
2010-07-26 16:52:03 0 d-----w- c:\users\j36\appdata\roaming\EE67AF79DECD9B8916F9A53D1AB02EA2
2010-07-23 18:02:18 0 d-----w- c:\program files\iTunes
2010-07-23 18:02:18 0 d-----w- c:\program files\iPod
2010-07-23 18:02:18 0 d-----w- c:\program files (x86)\iTunes

==================== Find3M ====================

2010-07-02 16:28:36 37728 ----a-w- c:\windows\fonts\FutuLtIt.ttf
2010-07-02 16:28:36 37688 ----a-w- c:\windows\fonts\TT0140M.TTF
2010-07-02 16:28:36 37008 ----a-w- c:\windows\fonts\FutuLt_.ttf
2010-07-02 16:28:35 38884 ----a-w- c:\windows\fonts\FutuEBl.ttf
2010-07-02 16:28:35 38788 ----a-w- c:\windows\fonts\FutuBdIt.ttf
2010-07-02 16:28:35 38324 ----a-w- c:\windows\fonts\FutuBd_.ttf
2010-07-02 16:28:35 32976 ----a-w- c:\windows\fonts\FutuBl_.ttf
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-25 23:43:04 215128 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-06-22 03:21:15 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 03:20:50 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 03:20:34 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-06-03 23:06:26 164942 ----a-w- c:\windows\hpwins22.dat
2010-06-03 00:13:17 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-06-03 00:13:17 2434856 ----a-w- c:\windows\syswow64\pbsvc_bc2.exe
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-24 13:55:14 29480 ----a-w- c:\windows\syswow64\msxml3a.dll
2010-05-24 13:37:22 455680 ----a-w- c:\windows\system32\deploytk.dll
2010-05-24 13:37:22 432128 ----a-w- c:\windows\system32\jucheck.exe
2010-05-24 13:37:22 41984 ----a-w- c:\windows\system32\jureg.exe
2010-05-24 13:37:22 172032 ----a-w- c:\windows\system32\jusched.exe
2010-05-24 13:36:39 55072 ----a-w- c:\windows\syswow64\jureg.exe
2010-05-24 13:36:39 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2010-05-24 13:36:39 386872 ----a-w- c:\windows\syswow64\jucheck.exe
2010-05-24 13:36:39 149280 ----a-w- c:\windows\syswow64\jusched.exe
2010-05-24 13:36:39 149280 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-24 13:36:39 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-24 13:36:39 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-21 21:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:13:28.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:43 PM

Posted 26 August 2010 - 07:10 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 JDOG36

JDOG36
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 27 August 2010 - 11:53 AM

OTL Report:

OTL logfile created on: 8/27/2010 9:44:39 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\j36\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 462.26 Gb Total Space | 221.08 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
Drive D: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 464.40 Gb Total Space | 399.36 Gb Free Space | 86.00% Space Free | Partition Type: NTFS

Computer Name: J36-PC
Current User Name: j36
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/27 09:43:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\j36\Desktop\OTL.exe
PRC - [2010/07/26 08:06:21 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/26 08:06:21 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/13 14:36:44 | 000,066,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 17:13:17 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/24 06:49:58 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\OSD\OSD.exe
PRC - [2010/05/24 06:49:58 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\OSD\OSD_Service.exe
PRC - [2010/05/03 19:38:22 | 000,550,232 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/05/03 19:00:18 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/02/11 09:56:00 | 000,415,040 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/02/11 09:53:00 | 000,660,800 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/11 09:53:00 | 000,348,480 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/11/10 13:53:50 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2009/11/10 13:53:20 | 000,058,696 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2009/11/10 10:37:26 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2009/10/13 09:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 09:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/13 06:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/08/17 19:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/22 05:52:34 | 002,463,232 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/06/24 16:31:43 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
PRC - [2009/06/24 16:31:42 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
PRC - [2009/06/24 16:31:21 | 002,368,776 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
PRC - [2009/04/28 21:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2009/04/15 21:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/08/27 09:43:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\j36\Desktop\OTL.exe
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/02/03 20:14:04 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/16 19:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/11/27 09:39:46 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/10 10:37:44 | 000,013,624 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/08/17 19:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 18:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 18:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/24 16:31:21 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe -- (AESTFilters)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/03 14:05:05 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/02 17:13:17 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/05/24 06:49:58 | 000,012,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OSD\OSD_Service.exe -- (HappyOSD)
SRV - [2010/05/03 19:00:18 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/11 09:53:00 | 000,660,800 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/11/29 20:41:52 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/10/13 09:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/10/13 06:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/16 15:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/03 18:54:20 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/03 21:03:02 | 006,233,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 19:20:44 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/16 19:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 19:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/10 10:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/12/02 13:45:32 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/11/27 11:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/11/27 09:39:46 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/18 18:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/23 11:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/13 14:22:02 | 000,178,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:64bit: - [2009/10/13 09:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/14 04:53:46 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel®
DRV:64bit: - [2009/07/14 04:53:42 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/07/14 04:42:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma) Intel®
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 18:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 18:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 16:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 16:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 16:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/07/04 17:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 06:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 16:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/01 09:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 09:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 09:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/25 15:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 14:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 14:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 12:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/09 14:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2007/04/11 23:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel®
DRV:64bit: - [2007/04/11 23:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel®
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/04/15 21:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/24 08:55:56] [Kernel | Auto | Running] -- c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========







IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 99 C8 61 3C 3F CB 01 [binary data]
IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.foxnews.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{E8B2BE1B-BF15-4E3F-BB25-E38D6C0EDC9B}: C:\Users\j36\AppData\Local\{E8B2BE1B-BF15-4E3F-BB25-E38D6C0EDC9B}\ [2010/07/26 09:54:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/10 16:07:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/26 08:06:22 | 000,000,000 | ---D | M]

[2010/06/02 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\j36\AppData\Roaming\Mozilla\Extensions
[2010/08/27 09:44:15 | 000,000,000 | ---D | M] -- C:\Users\j36\AppData\Roaming\Mozilla\Firefox\Profiles\07hqtfzo.default\extensions
[2010/06/02 13:41:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\j36\AppData\Roaming\Mozilla\Firefox\Profiles\07hqtfzo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/02 13:41:52 | 000,000,000 | ---D | M] -- C:\Users\j36\AppData\Roaming\Mozilla\Firefox\Profiles\07hqtfzo.default\extensions\MW_Auto_Helper@SecureWorldHosting.com
[2010/07/16 08:38:57 | 000,000,000 | ---D | M] -- C:\Users\j36\AppData\Roaming\Mozilla\Firefox\Profiles\07hqtfzo.default\extensions\support@lastpass.com
[2010/06/29 10:44:48 | 000,000,000 | ---D | M] -- C:\Users\j36\AppData\Roaming\Mozilla\Firefox\Profiles\80s8uoyn.default\extensions
[2010/06/29 10:43:56 | 000,000,000 | ---D | M] -- C:\Users\j36\AppData\Roaming\Mozilla\Firefox\Profiles\80s8uoyn.default\extensions\support@lastpass.com
[2010/08/27 09:44:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/26 09:52:27 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
[2010/07/26 05:38:42 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/07/29 11:52:05 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe (HH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.105 216.136.95.2 64.132.94.250
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/24 21:56:52 | 000,000,046 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/03/30 16:51:39 | 000,000,706 | ---- | M] () - Y:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e4399f52-6748-11df-8447-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4399f52-6748-11df-8447-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2010/05/24 21:56:52 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E7758EA2-CF60-2674-BFE6-67FF8C95CDF1} - Internet Explorer
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/27 09:43:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\j36\Desktop\OTL.exe
[2010/08/25 00:45:01 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/21 12:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2010/08/21 12:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2010/08/19 12:19:07 | 000,000,000 | ---D | C] -- C:\Users\j36\Desktop\gmer
[2010/08/18 12:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/15 08:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/08/11 20:06:10 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/11 20:06:09 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/11 20:06:09 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/11 20:06:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/08/11 20:06:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/08/11 20:06:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/08/11 20:06:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/08/11 20:06:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/08/11 20:06:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/11 20:05:57 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/11 20:05:57 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/11 20:05:56 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/11 09:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCDrafter2010
[2010/08/11 09:25:27 | 000,000,000 | ---D | C] -- C:\Users\j36\AppData\Local\Downloaded Installations
[2010/08/10 16:24:34 | 000,000,000 | ---D | C] -- C:\Users\j36\AppData\Roaming\DraftAnalyzer
[2010/08/10 16:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Draft Analyzer 2010
[2010/08/05 14:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/08/05 14:11:06 | 000,123,408 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2010/08/05 14:11:00 | 000,000,000 | ---D | C] -- C:\dell
[2010/08/05 13:51:04 | 000,000,000 | ---D | C] -- C:\Users\j36\AppData\Local\Deployment
[2010/08/05 13:51:04 | 000,000,000 | ---D | C] -- C:\Users\j36\AppData\Local\Apps
[2010/08/05 13:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/08/05 13:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\22ATI Technologies
[2010/08/05 13:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/08/05 13:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/08/05 13:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/08/05 13:06:14 | 074,978,968 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\j36\Desktop\10-7_mobility_vista_win7_64_dd_ccc.exe
[2010/08/02 13:07:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\FanDraft Football 2010
[2010/08/02 13:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FanSoft
[2010/07/29 15:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/27 09:44:27 | 003,670,016 | -HS- | M] () -- C:\Users\j36\ntuser.dat
[2010/08/27 09:43:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\j36\Desktop\OTL.exe
[2010/08/27 09:37:46 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 09:37:46 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/27 09:30:56 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/08/27 09:30:50 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 09:30:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/27 09:30:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/27 09:30:31 | 2138,402,815 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 09:29:44 | 002,327,974 | -H-- | M] () -- C:\Users\j36\AppData\Local\IconCache.db
[2010/08/27 09:07:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/26 19:34:50 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2010/08/25 13:34:32 | 000,098,043 | ---- | M] () -- C:\Users\j36\Documents\Cihualpilli Sandoval Car Agreement.pdf
[2010/08/25 13:34:23 | 000,013,857 | ---- | M] () -- C:\Users\j36\Documents\Cihualpilli Sandoval Car Agreement.docx
[2010/08/21 15:51:50 | 000,000,284 | ---- | M] () -- C:\ProgramData\fandraft_template.xml
[2010/08/21 12:42:31 | 005,869,965 | ---- | M] () -- C:\Users\j36\Documents\E3000.user.guide.pdf
[2010/08/19 12:06:37 | 000,284,915 | ---- | M] () -- C:\Users\j36\Desktop\gmer.zip
[2010/08/18 18:17:05 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010/08/18 18:17:05 | 000,001,814 | ---- | M] () -- C:\Users\j36\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/18 12:09:44 | 000,002,059 | ---- | M] () -- C:\Users\j36\Desktop\HijackThis.lnk
[2010/08/16 16:36:25 | 000,033,124 | ---- | M] () -- C:\Users\j36\Documents\Pville NFL Keeper List.docx
[2010/08/16 15:50:36 | 000,233,714 | ---- | M] () -- C:\Users\j36\Documents\City of Visalia.pdf
[2010/08/13 12:37:01 | 000,022,528 | ---- | M] () -- C:\Users\j36\Documents\Michael and Michelle house estimate.doc
[2010/08/13 12:36:48 | 000,022,528 | ---- | M] () -- C:\Users\j36\Documents\Michael and Michelle hosue estimate.doc
[2010/08/12 03:18:12 | 000,422,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/11 15:45:43 | 000,666,830 | ---- | M] () -- C:\Users\j36\Documents\Moyes Medical Records.pdf
[2010/08/10 16:24:34 | 000,002,601 | ---- | M] () -- C:\Users\Public\Desktop\Draft Analyzer 2010.lnk
[2010/08/10 16:24:22 | 013,666,304 | ---- | M] () -- C:\Users\j36\Desktop\DraftAnalyzer.msi
[2010/08/09 10:26:52 | 001,053,335 | ---- | M] () -- C:\Users\j36\Documents\Rodriguez tax info #2.pdf
[2010/08/06 08:59:21 | 003,185,715 | ---- | M] () -- C:\Users\j36\Documents\1747L_08.06.10_Bakersfield.dwf
[2010/08/06 08:59:18 | 003,181,931 | ---- | M] () -- C:\Users\j36\Documents\1747R_08.06.10_Bakersfield.dwf
[2010/08/06 08:59:13 | 002,945,845 | ---- | M] () -- C:\Users\j36\Documents\1467L_08.06.10_Bakersfield.dwf
[2010/08/06 08:59:11 | 002,824,340 | ---- | M] () -- C:\Users\j36\Documents\1467R_08.06.10_Bakersfield.dwf
[2010/08/05 14:08:02 | 127,848,272 | ---- | M] () -- C:\Users\j36\Desktop\R259589.exe
[2010/08/05 13:15:39 | 074,978,968 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\j36\Desktop\10-7_mobility_vista_win7_64_dd_ccc.exe
[2010/08/05 12:36:36 | 074,978,968 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Users\j36\Documents\10-7_mobility_vista_win7_64_dd_ccc.exe
[2010/08/05 12:12:34 | 002,491,511 | ---- | M] () -- C:\Users\j36\Documents\Grigsby.pdf
[2010/08/04 16:25:22 | 000,467,702 | ---- | M] () -- C:\Users\j36\Documents\Gonzales Change Order.pdf
[2010/08/04 16:11:43 | 000,097,117 | ---- | M] () -- C:\Users\j36\Documents\Luis Jimenez Car Agreement.pdf
[2010/08/04 16:11:36 | 000,013,577 | ---- | M] () -- C:\Users\j36\Documents\Luis Jimenez Car Agreement.docx
[2010/08/04 16:10:53 | 000,107,911 | ---- | M] () -- C:\Users\j36\Documents\Luis Jimenez Car Agreement.xps
[2010/08/03 15:30:25 | 002,705,942 | ---- | M] () -- C:\Users\j36\Documents\Cochran Insurance Communication.pdf
[2010/08/03 14:57:59 | 000,155,919 | ---- | M] () -- C:\Users\j36\Documents\MIlstein response letter.pdf
[2010/08/02 15:50:13 | 000,011,163 | ---- | M] () -- C:\Users\j36\Documents\Recent Closing Matrix.xlsx
[2010/08/02 11:40:19 | 006,279,286 | ---- | M] () -- C:\Users\j36\Documents\Sotelo Claim.pdf
[2010/08/02 10:12:03 | 001,287,941 | ---- | M] () -- C:\Users\j36\Documents\1236L_08.02.10_Bakersfield.dwf
[2010/08/02 10:11:58 | 001,286,609 | ---- | M] () -- C:\Users\j36\Documents\1236R_08.02.10_Bakersfield.dwf
[2010/07/29 15:20:46 | 000,258,198 | ---- | M] () -- C:\Users\j36\Documents\TRANSFER-ROLLOVER REQUEST.pdf
[2010/07/29 14:43:01 | 000,012,937 | ---- | M] () -- C:\Users\j36\Documents\Xerox Maintenance Cancellation letter.docx
[2010/07/29 10:15:23 | 000,001,292 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/07/28 23:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/07/28 18:45:06 | 000,080,384 | ---- | M] () -- C:\Users\j36\Documents\Costa Contract.doc
[2010/07/28 18:43:00 | 000,234,028 | ---- | M] () -- C:\Users\j36\Documents\Costa Contract.pdf
[2010/07/28 15:31:36 | 000,000,162 | -H-- | M] () -- C:\Users\j36\Documents\~$sta Contract.doc
[2010/07/28 11:31:18 | 000,018,067 | ---- | M] () -- C:\Users\j36\Documents\SBI Overhead analysis.xlsx
[2010/07/28 11:12:51 | 000,323,765 | ---- | M] () -- C:\Users\j36\Documents\Church Bond Availability.pdf
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/25 13:34:03 | 000,098,043 | ---- | C] () -- C:\Users\j36\Documents\Cihualpilli Sandoval Car Agreement.pdf
[2010/08/25 13:26:58 | 000,013,857 | ---- | C] () -- C:\Users\j36\Documents\Cihualpilli Sandoval Car Agreement.docx
[2010/08/21 12:42:29 | 005,869,965 | ---- | C] () -- C:\Users\j36\Documents\E3000.user.guide.pdf
[2010/08/19 12:06:34 | 000,284,915 | ---- | C] () -- C:\Users\j36\Desktop\gmer.zip
[2010/08/18 12:09:44 | 000,002,059 | ---- | C] () -- C:\Users\j36\Desktop\HijackThis.lnk
[2010/08/16 16:36:24 | 000,033,124 | ---- | C] () -- C:\Users\j36\Documents\Pville NFL Keeper List.docx
[2010/08/16 15:50:36 | 000,233,714 | ---- | C] () -- C:\Users\j36\Documents\City of Visalia.pdf
[2010/08/13 12:37:00 | 000,022,528 | ---- | C] () -- C:\Users\j36\Documents\Michael and Michelle house estimate.doc
[2010/08/13 12:36:47 | 000,022,528 | ---- | C] () -- C:\Users\j36\Documents\Michael and Michelle hosue estimate.doc
[2010/08/11 15:45:43 | 000,666,830 | ---- | C] () -- C:\Users\j36\Documents\Moyes Medical Records.pdf
[2010/08/10 16:24:34 | 000,002,601 | ---- | C] () -- C:\Users\Public\Desktop\Draft Analyzer 2010.lnk
[2010/08/10 16:24:22 | 013,666,304 | ---- | C] () -- C:\Users\j36\Desktop\DraftAnalyzer.msi
[2010/08/09 10:26:52 | 001,053,335 | ---- | C] () -- C:\Users\j36\Documents\Rodriguez tax info #2.pdf
[2010/08/06 08:59:21 | 003,185,715 | ---- | C] () -- C:\Users\j36\Documents\1747L_08.06.10_Bakersfield.dwf
[2010/08/06 08:59:18 | 003,181,931 | ---- | C] () -- C:\Users\j36\Documents\1747R_08.06.10_Bakersfield.dwf
[2010/08/06 08:59:13 | 002,945,845 | ---- | C] () -- C:\Users\j36\Documents\1467L_08.06.10_Bakersfield.dwf
[2010/08/06 08:59:11 | 002,824,340 | ---- | C] () -- C:\Users\j36\Documents\1467R_08.06.10_Bakersfield.dwf
[2010/08/05 13:51:49 | 127,848,272 | ---- | C] () -- C:\Users\j36\Desktop\R259589.exe
[2010/08/05 12:12:34 | 002,491,511 | ---- | C] () -- C:\Users\j36\Documents\Grigsby.pdf
[2010/08/04 16:25:22 | 000,467,702 | ---- | C] () -- C:\Users\j36\Documents\Gonzales Change Order.pdf
[2010/08/04 16:11:42 | 000,097,117 | ---- | C] () -- C:\Users\j36\Documents\Luis Jimenez Car Agreement.pdf
[2010/08/04 16:10:52 | 000,107,911 | ---- | C] () -- C:\Users\j36\Documents\Luis Jimenez Car Agreement.xps
[2010/08/04 16:03:53 | 000,013,577 | ---- | C] () -- C:\Users\j36\Documents\Luis Jimenez Car Agreement.docx
[2010/08/03 15:30:25 | 002,705,942 | ---- | C] () -- C:\Users\j36\Documents\Cochran Insurance Communication.pdf
[2010/08/03 14:57:59 | 000,155,919 | ---- | C] () -- C:\Users\j36\Documents\MIlstein response letter.pdf
[2010/08/02 13:07:53 | 000,000,284 | ---- | C] () -- C:\ProgramData\fandraft_template.xml
[2010/08/02 11:40:19 | 006,279,286 | ---- | C] () -- C:\Users\j36\Documents\Sotelo Claim.pdf
[2010/08/02 11:01:50 | 000,011,163 | ---- | C] () -- C:\Users\j36\Documents\Recent Closing Matrix.xlsx
[2010/08/02 09:57:25 | 001,286,609 | ---- | C] () -- C:\Users\j36\Documents\1236R_08.02.10_Bakersfield.dwf
[2010/08/02 09:57:23 | 001,287,941 | ---- | C] () -- C:\Users\j36\Documents\1236L_08.02.10_Bakersfield.dwf
[2010/07/29 15:20:46 | 000,258,198 | ---- | C] () -- C:\Users\j36\Documents\TRANSFER-ROLLOVER REQUEST.pdf
[2010/07/29 14:43:00 | 000,012,937 | ---- | C] () -- C:\Users\j36\Documents\Xerox Maintenance Cancellation letter.docx
[2010/07/29 10:16:18 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\AWC Update.job
[2010/07/29 10:16:18 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/07/28 18:43:00 | 000,234,028 | ---- | C] () -- C:\Users\j36\Documents\Costa Contract.pdf
[2010/07/28 15:31:36 | 000,080,384 | ---- | C] () -- C:\Users\j36\Documents\Costa Contract.doc
[2010/07/28 15:31:36 | 000,000,162 | -H-- | C] () -- C:\Users\j36\Documents\~$sta Contract.doc
[2010/07/28 11:12:51 | 000,323,765 | ---- | C] () -- C:\Users\j36\Documents\Church Bond Availability.pdf
[2010/07/28 10:03:47 | 000,018,067 | ---- | C] () -- C:\Users\j36\Documents\SBI Overhead analysis.xlsx
[2010/07/26 11:13:49 | 000,004,186 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/26 09:54:16 | 000,000,120 | ---- | C] () -- C:\Users\j36\AppData\Local\Okuyagi.dat
[2010/07/26 09:54:16 | 000,000,000 | ---- | C] () -- C:\Users\j36\AppData\Local\Tgijakida.bin
[2010/07/06 17:25:07 | 000,000,193 | ---- | C] () -- C:\Users\j36\AppData\Roaming\default.rss
[2010/06/30 21:03:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/06/30 09:45:42 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/30 09:45:42 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/03 15:45:05 | 000,000,429 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/02 15:04:56 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/10 10:45:18 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/24 16:32:33 | 000,089,352 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/06/24 16:31:45 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/06/24 16:30:58 | 000,234,760 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/10/13 09:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 09:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Drivers\storage\R251162\IaStor.sys
[2009/10/13 09:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/13 09:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
[2009/10/13 09:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_b02a0635da01252b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/13 18:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 18:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
< End of report >



EXTRA REPORT:

OTL Extras logfile created on: 8/27/2010 9:44:39 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\j36\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 76.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 462.26 Gb Total Space | 221.08 Gb Free Space | 47.83% Space Free | Partition Type: NTFS
Drive D: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 464.40 Gb Total Space | 399.36 Gb Free Space | 86.00% Space Free | Partition Type: NTFS

Computer Name: J36-PC
Current User Name: j36
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel® Network Connections 14.8.43.0
"{150804BA-7DF7-4ECF-8F83-561EC9A0FBD5}" = HP Officejet Pro 8500 A909 Series
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{3159717A-8387-426C-96C4-D7B92EDA819A}" = Command Center
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FDF1F5B-386E-A7F8-EB79-D5B5821A3097}" = ccc-utility64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AF81FB63-8419-35A3-D9B1-BAFB441C81DE}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7AB6DD0-75E7-C81D-3ED5-8C8F25E754D1}" = ATI Catalyst Install Manager
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel® Network Connections 14.8.43.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0A924DA4-9E87-1CAB-598B-180C0115BC8F}" = Catalyst Control Center Graphics Previews Common
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2042A5F2-EB14-83BB-0DB4-9504120D0088}" = CCC Help German
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24212CEA-9AE9-AA08-F86E-D7DF7A64E9E8}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2BFC50F0-3435-156E-7231-66D42B76F4CD}" = CCC Help Russian
"{2C03706C-DC49-9CF3-FDA1-200F079C404F}" = CCC Help Finnish
"{3061A5C9-B09D-1CA5-3C7E-231D4D669097}" = CCC Help Italian
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{36C50214-30A8-739B-8A96-FD18ADCC7C46}" = CCC Help Danish
"{385B9EE4-D4AC-40f7-AE10-94973A58A57E}" = 8500A909_BasicWeb
"{3A5AB5D2-E36F-4A98-9C04-75DFC1F11908}" = PCDrafter 2010
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{40A24C8A-9C6D-4E8A-A41E-ADF995EFD848}" = 8500A909_Help_BasicWeb
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{46EA9227-CC2E-1CF6-2725-713038125D31}" = CCC Help Dutch
"{4B222C8E-8DEB-4DBC-B57A-78BEB72ABD3A}" = LeapFrog Connect
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52AE0B88-0BD6-22E4-D262-88EE8D183259}" = Catalyst Control Center Graphics Light
"{54EE63E3-9960-41B6-9644-BB0167C6DD42}" = Catalyst Control Center - Branding
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{58FD24CE-09DC-D825-3E83-98FB465EB3F3}" = CCC Help English
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5C99C305-2201-E505-B6C0-DA4736AD49C9}" = Catalyst Control Center InstallProxy
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A88C8E5-3AB8-6149-2DFA-E0427AC34F33}" = CCC Help Japanese
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D8B5BD9-CB7E-58CE-8521-C7DAA5E2547A}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9147E94D-25B3-0D15-17A2-255509121207}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DA2C04E-4D3B-2D33-856D-94A06FACC503}" = Catalyst Control Center Graphics Full Existing
"{9E2AE9DB-99FC-664F-577B-DDE97183A08F}" = CCC Help Korean
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A6784041-7964-EE00-B21D-633AB57A3CDC}" = CCC Help Swedish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B0ADD103-D5CF-3FD7-64E4-B369E4E5027A}" = CCC Help Chinese Traditional
"{B169DFB1-D816-DFFB-ECD4-C35468B70463}" = CCC Help Norwegian
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B8889795-64FC-43CD-8333-ACE45B235233}" = TypeC3000 TWAIN Driver Ver.4
"{B8D4B3A4-4B06-0F98-19A0-7FD40285A305}" = Catalyst Control Center Localization All
"{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}" = Banctec Service Agreement
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{c7fcc871-ee2f-470d-91fd-5ee71b9b3e1a}" = Nero 9
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{c920f017-7574-473b-a0ca-7ca27fb60ee0}" = Nero 9 Essentials
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DC5CC4F4-3B46-8416-941B-6D640911EFB9}" = CCC Help French
"{E3825E6A-0087-BF4F-B545-7E03406003DE}" = Catalyst Control Center Graphics Full New
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8FF598B-86CE-411A-8CE7-8FF9738995FE}" = Catalyst Control Center Graphics Previews Vista
"{E9726E99-1BEB-5B3E-4B9D-15C57543F4CD}" = ccc-core-static
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDAE2C7E-B5AB-2959-3AC7-6A95AD62F841}" = CCC Help Spanish
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F330293A-DB6A-4495-BE34-8DC9453CBFE1}" = LeapFrog Tag Plugin
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40DB500-B51A-4751-9EE0-DA0FA7A4AD00}" = Draft Analyzer 2010
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Cisco Connect" = Cisco Connect
"FanDraft Football 2010_is1" = FanDraft Football v10.16
"HijackThis" = HijackThis 2.0.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{3159717A-8387-426C-96C4-D7B92EDA819A}" = Command Center
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3313757269-4031315254-3410092049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"LastPass" = LastPass (uninstall only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2010 10:10:32 PM | Computer Name = j36-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/11/2010 11:13:28 PM | Computer Name = j36-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/12/2010 12:11:30 AM | Computer Name = j36-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/12/2010 1:06:36 AM | Computer Name = j36-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/12/2010 2:03:59 AM | Computer Name = j36-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/12/2010 3:00:58 AM | Computer Name = j36-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/12/2010 3:31:36 AM | Computer Name = j36-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 8/12/2010 4:01:12 AM | Computer Name = j36-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/12/2010 5:11:28 AM | Computer Name = j36-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/12/2010 6:14:37 AM | Computer Name = j36-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Broadcom Wireless LAN Events ]
Error - 6/2/2010 3:50:33 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 12:50:33, Wed, Jun 02, 10 Error - Unable to get current user admin
status

Error - 6/2/2010 3:51:43 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 12:51:43, Wed, Jun 02, 10 Error - Unable to get current user admin
status

Error - 6/2/2010 3:53:16 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 14:53:16, Wed, Jun 02, 10 Error - Unable to switch user context, authentication
information not set correctly

Error - 6/8/2010 12:29:31 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 09:29:31, Tue, Jun 08, 10 Error - Unable to gain access to user store


Error - 6/23/2010 9:40:43 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 18:40:43, Wed, Jun 23, 10 Error - Unable to gain access to user store


Error - 7/20/2010 8:15:01 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 17:15:01, Tue, Jul 20, 10 Error - Unable to gain access to user store


Error - 7/21/2010 7:15:49 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 16:15:49, Wed, Jul 21, 10 Error - Unable to gain access to user store


Error - 7/23/2010 2:28:06 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 11:28:06, Fri, Jul 23, 10 Error - Unable to gain access to user store


Error - 7/26/2010 1:42:20 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 10:42:20, Mon, Jul 26, 10 Error - Unable to gain access to user store


Error - 8/5/2010 2:26:53 PM | Computer Name = j36-PC | Source = WLAN-Tray | ID = 0
Description = 11:26:53, Thu, Aug 05, 10 Error - Unable to gain access to user store


[ System Events ]
Error - 8/21/2010 4:23:07 PM | Computer Name = j36-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/21/2010 4:23:13 PM | Computer Name = j36-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:19:04 PM on ?8/?21/?2010 was unexpected.

Error - 8/21/2010 4:23:14 PM | Computer Name = j36-PC | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 8/21/2010 10:52:46 PM | Computer Name = j36-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/21/2010 10:52:57 PM | Computer Name = j36-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:51:13 PM on ?8/?21/?2010 was unexpected.

Error - 8/21/2010 10:52:51 PM | Computer Name = j36-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/21/2010 10:52:58 PM | Computer Name = j36-PC | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 8/23/2010 11:10:39 AM | Computer Name = j36-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/23/2010 11:10:49 AM | Computer Name = j36-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 8/23/2010 11:10:57 AM | Computer Name = j36-PC | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:43 PM

Posted 29 August 2010 - 05:26 AM

Hi,

is the file recreated every time you delete it? If you have it, please upload it to virustotal:
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Then please run the following fix (only after uploading the file):

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    IE - HKU\S-1-5-21-3313757269-4031315254-3410092049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Finally please also run a scan with MBRCheck:
Please download MBRCheck.exe to your desktop.
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 JDOG36

JDOG36
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 30 August 2010 - 06:49 PM

When I check the path that it says is trying to be created, there's nothing there. Even if I instruct MBAM to ignore it and let is create itself, it's still not there. When I search for SEUPD.exe, nothing comes up.

Here is the text you asked for:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Alienware
BIOS Manufacturer: Alienware
System Manufacturer: Alienware
System Product Name: M17x
Logical Drives Mask: 0x0300000c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
476 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
Press ENTER to exit...


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:43 PM

Posted 31 August 2010 - 02:30 AM

Hi,

but Malwarebytes still finds it everytime? Could you check in Malwarebytes quarantine if they have a sample?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 JDOG36

JDOG36
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 31 August 2010 - 10:31 AM

I am attaching the quarantine files from MBAM. Does that help?

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:43 PM

Posted 01 September 2010 - 03:48 AM

Hi,

you did not attach anything. I would prefer it if you could upload the file somewhere else and PM me the link to avoid people downloading the file and getting infected by it themselves.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 JDOG36

JDOG36
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 01 September 2010 - 11:59 AM

HI,

I can't attach the actual virus file because I can't find it. I am attaching a PDF that has a screenshot of the the warning from MBAM. Let me know if that helps.

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:43 PM

Posted 03 September 2010 - 02:40 AM

Hi,

could you please update Malwarebytes and see if the problem persists? It seems this may have been a bug in Malwarebytes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 JDOG36

JDOG36
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 09 September 2010 - 11:41 AM

I updated MBAM and it still happens. I also uninstalled and reinstalled Firefox and it still happens. I am getting redirects from Google search results.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:43 PM

Posted 10 September 2010 - 04:58 AM

Hi,

please post a log from the updated Malwarebytes scan. Please also check the addons installed in Firefox and let me know if one of them seems unfamiliar.

regards myrti

Edited by myrti, 10 September 2010 - 05:00 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 JDOG36

JDOG36
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 13 September 2010 - 12:11 PM

I ran a MBAM scan and it returned with no issues. However, that same warning screen appeared before and after the scan...

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:43 PM

Posted 13 September 2010 - 12:29 PM

Hi,

can you please post the malwarebytes log in your next reply, so that i can see the current version of MBAM.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 JDOG36

JDOG36
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 13 September 2010 - 01:00 PM

Here's the log

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users