Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Changes to Windows Explorer


  • This topic is locked This topic is locked
24 replies to this topic

#1 K()nT3nTs

K()nT3nTs

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:15 PM

Posted 07 September 2010 - 08:16 PM

Computer is sluggish now. Gmer wouldn't let me click off the other options... Missing Icons next to clock..


DDS (Ver_10-03-17.01) - NTFSX64
Run by Allen at 17:47:13.20 on Tue 09/07/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.4977 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\ehome\ehRecvr.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\BitTorrent\bittorrent.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Allen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uSearch Page = hxxp://search.zaazu.com/search-version.php?version=1.1.0.5
uDefault_Search_URL = hxxp://search.zaazu.com/search-version.php?version=1.1.0.5
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,c:\windows\system32\twext.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: TBSB01419 Class: {714758be-281e-4bda-9190-413bfbd3399b} - c:\program files (x86)\iesurfbar\surflite toolbar\dyn_surflite_aff_1000.dll
BHO: c:\windows\syswow64\vaqzxul.dll: {b1ba40a2-75f2-51bd-f413-04b13a2c8953} - c:\windows\syswow64\vaqzxul.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: IE Toolbar: {6226ba26-c017-4007-928c-de9715c6fa68} - c:\program files (x86)\iesurfbar\surflite toolbar\dyn_surflite_aff_1000.dll
uRun: [CubeDesktop]
uRun: [Lsass Service] c:\users\allen\appdata\local\temp\59041.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files (x86)\common files\pure networks shared\platform\puresp4.dll
SSODL: WebProxy - - No File
SSODL: ieModule - {C5F7B349-9DFB-456F-8FA3-0EECC6E18334} - c:\programdata\application data\microsoft\internet explorer\dlls\ieModule.dll
SSODL: InternetConnection - {CBD50F71-DF8D-4CBE-A820-FB78EB598E53} - c:\programdata\application data\microsoft\internet explorer\dlls\lohcjjjkva.dll
STS: c:\windows\syswow64\vaqzxul.dll: {b1ba40a2-75f2-51bd-f413-04b13a2c8953} - c:\windows\syswow64\vaqzxul.dll
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files (x86)\pixiepack codec pack\InstallerHelper.exe
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {6226BA26-C017-4007-928C-DE9715C6FA68} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\allen\appdata\roaming\mozilla\firefox\profiles\jpuzebqj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\allen\appdata\roaming\mozilla\firefox\profiles\jpuzebqj.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\allen\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\allen\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\allen\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\allen\appdata\roaming\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\allen\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\allen\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\allen\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R?2 aawservice;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-3-14 55024]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-9-7 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-9-7 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-9-7 317520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 203264]
R2 atashost;WebEx Service Host for Support Center;c:\windows\syswow64\atashost.exe [2010-2-10 20376]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-4 7451648]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-4 268288]
R3 MAFW;MAFW;c:\windows\system32\drivers\mafw.sys [2008-9-3 294920]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr7364.sys [2008-2-26 615424]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\drivers\VSTDPV6.SYS [2008-1-20 1523712]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\drivers\VSTBS26.SYS [2008-1-20 392704]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbdax64.sys [2008-2-22 204672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2007-1-23 6144]
S3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-5-24 13824]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2010-2-12 67584]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 19456]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 9216]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 52608]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2008-3-3 26624]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-18 89920]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-08 00:19:39 0 d--h--w- C:\$AVG
2010-09-08 00:19:13 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-09-08 00:19:09 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-09-08 00:19:03 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-09-08 00:19:02 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-09-08 00:18:52 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-08 00:15:56 0 d-----w- c:\programdata\avg9
2010-09-06 22:04:25 0 d-----w- c:\program files\iPod
2010-09-06 22:04:24 0 d-----w- c:\program files\iTunes
2010-09-06 07:22:24 411480 ----a-w- c:\windows\syswow64\tsccvid.dll
2010-09-06 07:22:23 0 d-----w- c:\windows\syswow64\QuickTime
2010-09-06 07:22:00 0 d-----w- c:\program files (x86)\common files\TechSmith Shared
2010-09-06 07:21:58 0 d-----w- c:\programdata\TechSmith
2010-09-06 07:11:27 0 d-----w- c:\program files (x86)\i Screen Recorder
2010-09-06 03:17:43 0 d-sh--w- c:\users\allen\.COMMgr
2010-09-06 03:17:42 60004 ---h--w- c:\windows\win32.exe
2010-09-06 03:17:42 21380 ---h--w- c:\windows\user.exe
2010-09-06 03:17:42 21380 ---h--w- c:\windows\hexdump.exe
2010-09-06 03:17:41 60004 ---h--w- c:\windows\install.exe
2010-09-06 03:17:35 30000 ----a-w- c:\windows\syswow64\vaqzxul.dll
2010-09-06 03:17:28 0 d-----w- c:\users\allen\appdata\roaming\3A9325FDFFA52EAE784592F9E188CF5C
2010-08-31 02:27:18 0 d-----w- c:\programdata\WEBREG
2010-08-31 02:26:17 0 d-----w- c:\program files (x86)\twhirl
2010-08-31 02:25:32 0 d-----w- c:\program files (x86)\common files\HP
2010-08-31 02:12:46 129856 ----a-w- c:\windows\hppins21.dat
2010-08-31 02:12:05 3729 ----a-w- c:\windows\hppmdl21.dat
2010-08-24 02:14:49 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-08-12 00:14:04 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 00:14:02 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 00:14:02 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 00:14:00 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 00:13:58 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 00:13:58 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 00:13:53 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 00:13:52 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 00:13:43 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 00:13:43 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-12 00:13:42 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 00:13:42 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-10 12:15:58 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- c:\windows\syswow64\QuickTime.qts

==================== Find3M ====================

2010-09-07 00:03:14 86016 ----a-w- c:\windows\inf\infpub.dat
2010-09-07 00:03:14 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-06 22:00:58 143360 ----a-w- c:\windows\inf\infstor.dat
2010-08-04 09:22:38 7451648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-04 09:07:14 20817408 ----a-w- c:\windows\system32\atio6axx.dll
2010-08-04 08:55:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 08:54:52 519680 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-08-04 08:54:02 598528 ----a-w- c:\windows\system32\aticfx64.dll
2010-08-04 08:52:06 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 08:51:56 461824 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-04 08:51:22 203264 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-04 08:50:16 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-08-04 08:49:58 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-08-04 08:49:52 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-08-04 08:49:50 15845888 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-08-04 08:49:42 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-08-04 08:49:38 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-04 08:49:34 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-08-04 08:49:28 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-08-04 08:46:34 3899392 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-08-04 08:37:48 4554240 ----a-w- c:\windows\system32\atidxx64.dll
2010-08-04 08:28:32 3077120 ----a-w- c:\windows\system32\atiumd6a.dll
2010-08-04 08:28:28 4021760 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-08-04 08:26:04 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-08-04 08:26:02 46080 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-08-04 08:25:56 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-08-04 08:25:52 44032 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-08-04 08:25:44 5394432 ----a-w- c:\windows\system32\aticaldd64.dll
2010-08-04 08:24:36 4341248 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-08-04 08:23:46 56832 ----a-w- c:\windows\system32\coinst.dll
2010-08-04 08:22:36 5167104 ----a-w- c:\windows\system32\atiumd64.dll
2010-08-04 08:21:40 3324416 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-08-04 08:16:16 337920 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 08:16:08 241664 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-08-04 08:16:00 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-08-04 08:15:56 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-08-04 08:15:56 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-04 08:15:54 18432 ----a-w- c:\windows\system32\atig6txx.dll
2010-08-04 08:15:50 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-08-04 08:15:46 268288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-04 08:15:10 39424 ----a-w- c:\windows\system32\atiuxp64.dll
2010-08-04 08:15:04 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-08-04 08:14:58 36864 ----a-w- c:\windows\system32\atiu9p64.dll
2010-08-04 08:14:50 27648 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-08-04 08:14:32 26112 ----a-w- c:\windows\system32\atitmp64.dll
2010-08-04 08:14:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-04 08:09:30 54784 ----a-w- c:\windows\system32\atimpc64.dll
2010-08-04 08:09:30 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2010-08-04 08:09:24 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-08-04 08:09:24 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-07-26 15:51:48 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-16 20:22:58 219348 ----a-w- c:\windows\system32\atiicdxx.dat
2010-06-16 05:28:54 2857 ----a-w- c:\windows\syswow64\atipblag.dat
2010-06-16 05:28:54 2857 ----a-w- c:\windows\system32\atipblag.dat
2009-10-31 06:45:52 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-09-24 06:34:44 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-24 06:34:44 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-24 06:34:44 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-06-18 04:58:10 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 17:48:51.13 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/10/2008 8:05:09 PM
System Uptime: 9/7/2010 4:53:06 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | Benicia
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2400/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 591 GiB total, 311.661 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 698.575 GiB free.
E: is FIXED (NTFS) - 98 GiB total, 70.798 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Virtual Audio Cable
Device ID: ROOT\MEDIA\0000
Manufacturer: EuMus Design
Name: Virtual Audio Cable
PNP Device ID: ROOT\MEDIA\0000
Service: EuMusDesignVirtualAudioCableWdm

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 6940 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet 6940 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description: Deskjet 6940 series
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Deskjet 6940 series
PNP Device ID: ROOT\PRINTER\0000
Service:

==== System Restore Points ===================


==== Installed Programs ======================


112dB Redline Monitor VST v1.0.0.881
Ableton Live v7.0.2
Ad-Aware
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Media Player
Adobe PDF Library Files CS4
Adobe Reader 8.2.4
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
AIM 7
Antares Avox 1.06
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 4
Audacity 1.2.6
AutoHotkey 1.0.47.06
AutoUpdate
AVG Free 9.0
AviSynth 2.5
Battlefield 2 Complete Collection
Battlefield 2 Server
BeatPack (0.9)
BitTorrent
Blender (remove only)
BufferChm
CamStudio
Camtasia Studio 7
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Cisco Network Magic
Command & Conquer 3
Command & Conquer™ 3: Kane's Wrath
Convert VOB to AVI 1.7
ConvertXtoDVD 2.2.3.258
Counter-Strike: Source
CuteFTP 8 Professional
Day of Defeat: Source
Destinations
DeviceManagementQFolder
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
dj6940
DNA
Download Updater (AOL LLC)
Dropbox
DVD Decrypter (Remove Only)
EA Download Manager
Enigma
erLT
Facebook Plug-In
FairUse Wizard 2
FireWire Family
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Talk Plugin
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Product Detection
HP Update
i Screen Recorder 8.0.0.2167
ImgBurn
iPhone Configuration Utility
iZotope Ozone 3
iZotope RX
Java™ 6 Update 17
Java™ SE Runtime Environment 6 Update 1
JDownloader
Junk Mail filter update
K-Lite Mega Codec Pack 2.2.5
Logitech Desktop Messenger
Logitech SetPoint
Logitech Touch Mouse Server 1.0
LP6940_Help
LP6940Trb
M-Audio Series II MIDI
Magic ISO Maker v5.0 (build 0166)
MagicDisc 2.7.105
MediaPortal TV Server / Client
Melodyne 3.1
Microsoft Choice Guard
Microsoft Corporation
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Setup Support Files (English)
Microsoft VC9 runtime libraries
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
NCH Toolbox
Nero 7 Ultra Edition
Network Magic
ObjectDock Plus
Octoshape add-in for Adobe Flash Player
PDF Settings
Pinnacle Winter Pack
Pixie registration fix
PixiePack Codec Pack
Power2Go
PowerDirector
Prism Video Converter
PunkBuster Services
Pure Networks Platform
Python 2.5
QuickTime
RDPSoftware Core Components 1.0
Realtek High Definition Audio Driver
Reason 4.0
ReCycle 2.1
ReFill Packer 4.0.1
Replay Media Catcher 3.02
Rosetta Stone V3
SF_CDB_ProductContext
SF_CDB_Software
Skype™ 4.2
Source SDK
Spybot - Search & Destroy
SQL Server System CLR Types
Status
Steam
Switch Sound File Converter
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
Toolbox
TrayApp
twhirl
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URS Classic Console Strip Pro VST RTAS v1.0
Videora iPod touch Converter 5.04
Viewpoint Media Player
Vista Services Optimizer
VistaBootPRO 3.3
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.0.5
VobSub v2.23 (Remove Only)
Wave Arts Power Suite
Waves Mercury Bundle
WebEx Support Manager for Internet Explorer
WebReg
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Xfire (remove only)
Xilisoft DVD Ripper Ultimate
Xvid 1.1.3 final uninstall
XviD MPEG4 Video Codec (remove only)

==== End Of File ===========================
[attachment=71987:Attach.txt]


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-07 18:13:35
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x51 0x1A 0x44 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xCB 0x7D 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0x9E 0xD2 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0xC4 0x57 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7E 0x09 0x15 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x76 0x18 0x60 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x51 0x1A 0x44 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xCB 0x7D 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0xD6 0x55 0x21 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x23 0xC4 0x57 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7E 0x09 0x15 0x97 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x76 0x18 0x60 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9915B899-6ABE-6886-A6ED-C43393521435}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9915B899-6ABE-6886-A6ED-C43393521435}@jafaddemgcfafcenjnem 0x63 0x61 0x65 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9915B899-6ABE-6886-A6ED-C43393521435}@pancobeafkbgpfgnkkklcfdejifmokdn 0x63 0x61 0x61 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9915B899-6ABE-6886-A6ED-C43393521435}@hafaddemgcfafcen 0x61 0x61 0x00 0x00

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0022.000 240 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0022.001 65536 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0022.002 65536 bytes

---- EOF - GMER 1.0.15 ----
[attachment=71988:gmer_scan.log]

Edited by K()nT3nTs, 07 September 2010 - 08:19 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:15 PM

Posted 13 September 2010 - 01:15 PM

Hello K()nT3nTs

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 K()nT3nTs

K()nT3nTs
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:15 PM

Posted 13 September 2010 - 08:27 PM

OTL:

OTL logfile created on: 9/13/2010 5:07:33 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Allen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 50.00% Memory free
16.00 Gb Paging File | 12.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 591.24 Gb Total Space | 309.25 Gb Free Space | 52.30% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 697.85 Gb Free Space | 74.92% Space Free | Partition Type: NTFS
Drive E: | 97.66 Gb Total Space | 70.80 Gb Free Space | 72.50% Space Free | Partition Type: NTFS
Drive F: | 4.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDIO
Current User Name: Allen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Allen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)


========== Modules (SafeList) ==========

MOD - C:\Users\Allen\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WAS) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (W3SVC) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (AppHostSvc) -- C:\Windows\SysNative\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (aawservice) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (TVService) -- C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe (Team MediaPortal)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files (x86)\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys File not found
DRV:64bit: - (SymIMMP) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\SysNative\DRIVERS\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (MAFW) -- C:\Windows\SysNative\DRIVERS\mafw.sys (Avid Technology, Inc.)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\DRIVERS\motccgp.sys (Motorola)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys (Motorola)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (ATIAVAIW) -- C:\Windows\SysNative\DRIVERS\atinavt2.sys (ATI Technologies Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys (Motorola)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (VST64_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (VST64HWBS2) -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS (Conexant Systems, Inc.)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\DRIVERS\motswch.sys (Motorola)
DRV:64bit: - (MotDev) -- C:\Windows\SysNative\DRIVERS\motodrv.sys (Motorola Inc)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (xcbdaNtsc) ViXS Tuner Card (NTSC) -- C:\Windows\SysNative\DRIVERS\xcbdax64.sys (ViXS Systems Inc.)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\DRIVERS\motfilt.sys (Motorola Inc)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (copperhd) -- C:\Windows\SysNative\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (Null) -- C:\Windows\SysWow64\drivers\null.sys ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.zaazu.com/search-version.php?version=1.1.0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.zaazu.com/search-version.php?version=1.1.0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5491
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 00:48:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/07 17:17:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/09 20:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/09 20:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/09 20:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/09 20:33:27 | 000,000,000 | ---D | M]

[2008/09/24 00:30:54 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions
[2008/09/24 00:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/08 04:42:13 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jpuzebqj.default\extensions
[2010/04/27 17:27:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jpuzebqj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 06:58:16 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jpuzebqj.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/12/12 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jpuzebqj.default\extensions\netvideohunter@netvideohunter.com
[2010/09/13 05:03:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/09 20:33:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/04 21:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010/01/09 23:00:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/09/09 20:33:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/09 20:33:24 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2009/10/11 05:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 09:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/07 14:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 14:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
[2008/06/27 17:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/09/09 20:33:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/08/13 06:58:22 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2006/10/07 06:18:48 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2010/09/06 15:02:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/10/07 06:01:00 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
[2010/03/13 02:59:13 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/13 02:59:13 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/03/13 02:59:13 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/13 02:59:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/13 02:59:13 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/03/13 02:59:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/13 02:59:13 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/10 05:53:05 | 000,393,419 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 13588 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TBSB01419 Class) - {714758BE-281E-4BDA-9190-413BFBD3399B} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll ()
O2 - BHO: (C:\Windows\SysWow64\vaqzxul.dll) - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\SysWow64\vaqzxul.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (IE Toolbar) - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IE Toolbar) - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysNative\ieframe.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKCU..\Run: [CubeDesktop] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Lsass Service] C:\Users\Allen\AppData\Local\Temp\59041.exe File not found
O4 - HKCU..\Run: [lvokmrbo] C:\Users\Allen\AppData\Local\lbmyoomte\wshdfxiuqiw.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {00000130-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/ACELPACM.CAB (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\twext.exe) - C:\Windows\SysWow64\twext.exe File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: ieModule - {C5F7B349-9DFB-456F-8FA3-0EECC6E18334} - C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll File not found
O21 - SSODL: InternetConnection - {CBD50F71-DF8D-4CBE-A820-FB78EB598E53} - C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\lohcjjjkva.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebProxy - - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - hasf87hdfuidhfiudfhdiu - C:\Windows\SysWow64\vaqzxul.dll File not found
O24 - Desktop WallPaper: C:\Users\Allen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Allen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/18 00:18:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1922c068-47f4-11df-9da3-001e8cdf1e61}\Shell\AutoRun\command - "" = G:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{47ec38c5-b932-11de-bbac-001e8cdf1e61}\Shell - "" = AutoRun
O33 - MountPoints2\{47ec38c5-b932-11de-bbac-001e8cdf1e61}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2010/09/13 17:06:01 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2010/09/08 21:17:21 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\lbmyoomte
[2010/09/08 21:00:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/09/08 09:36:19 | 000,000,000 | ---D | C] -- C:\Users\Allen\Program Files (x86)
[2010/09/07 22:33:41 | 000,000,000 | ---D | C] -- C:\Users\Allen\Desktop\The Mind of 9 Men
[2010/09/07 17:19:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/07 17:19:13 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/07 17:19:09 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 17:19:03 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 17:19:02 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 17:18:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/09/07 17:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/09/06 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\AIM
[2010/09/06 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\AOL
[2010/09/06 16:41:25 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Adobe
[2010/09/06 15:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/06 15:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/06 14:54:06 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Apple
[2010/09/06 14:53:50 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Apple Computer
[2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\TechSmith
[2010/09/06 00:22:28 | 000,000,000 | ---D | C] -- C:\Users\Allen\Documents\Camtasia Studio
[2010/09/06 00:22:24 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010/09/06 00:22:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010/09/06 00:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010/09/06 00:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/09/06 00:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010/09/06 00:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\i Screen Recorder
[2010/09/05 20:18:06 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\flqaktjre
[2010/09/05 20:17:43 | 000,000,000 | -HSD | C] -- C:\Users\Allen\.COMMgr
[2010/09/05 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\3A9325FDFFA52EAE784592F9E188CF5C
[2010/08/30 19:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/08/30 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\twhirl
[2010/08/30 19:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2008/10/14 13:58:04 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Allen\AppData\Roaming\pcouffin.sys
[5 C:\Users\Allen\AppData\Local\*.tmp files -> C:\Users\Allen\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/13 17:07:48 | 014,155,776 | -HS- | M] () -- C:\Users\Allen\ntuser.dat
[2010/09/13 17:05:41 | 000,000,930 | ---- | M] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/13 17:05:41 | 000,000,906 | ---- | M] () -- C:\Users\Allen\Desktop\Windows Media Player.lnk
[2010/09/13 17:05:40 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/13 17:02:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2010/09/13 16:32:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 16:32:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 16:29:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4169808711-1242010007-3904342873-1000UA.job
[2010/09/13 12:38:34 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4169808711-1242010007-3904342873-1000Core.job
[2010/09/13 08:07:31 | 064,580,852 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/13 06:47:50 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/13 00:18:01 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{393DFD18-3185-401D-8AB5-3566280D111E}.job
[2010/09/09 20:39:35 | 000,896,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/09 20:39:35 | 000,742,142 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/09 20:39:35 | 000,154,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/09 20:33:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/09 20:32:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/08 21:28:28 | 000,524,288 | -HS- | M] () -- C:\Users\Allen\ntuser.dat{a82e6781-362b-11de-958b-9501dacfaa41}.TMContainer00000000000000000001.regtrans-ms
[2010/09/08 21:28:28 | 000,065,536 | -HS- | M] () -- C:\Users\Allen\ntuser.dat{a82e6781-362b-11de-958b-9501dacfaa41}.TM.blf
[2010/09/08 21:28:21 | 003,881,907 | -H-- | M] () -- C:\Users\Allen\AppData\Local\IconCache.db
[2010/09/08 21:19:53 | 000,129,024 | ---- | M] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/08 19:38:26 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/07 17:19:14 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/07 17:19:10 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 17:19:03 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 17:19:03 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 17:19:02 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/07 17:06:22 | 000,525,824 | ---- | M] () -- C:\Users\Allen\Desktop\dds.scr
[2010/09/07 16:54:34 | 003,309,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/06 22:20:34 | 000,144,464 | ---- | M] () -- C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/06 15:23:47 | 000,212,752 | ---- | M] () -- C:\Users\Allen\Desktop\NEw track.rns
[2010/09/06 15:02:56 | 010,594,626 | ---- | M] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.rx2
[2010/09/06 14:55:56 | 027,655,597 | ---- | M] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.wav
[2010/08/30 19:27:27 | 000,129,856 | ---- | M] () -- C:\Windows\hppins21.dat
[5 C:\Users\Allen\AppData\Local\*.tmp files -> C:\Users\Allen\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/13 17:05:41 | 000,000,930 | ---- | C] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/13 17:05:41 | 000,000,906 | ---- | C] () -- C:\Users\Allen\Desktop\Windows Media Player.lnk
[2010/09/13 06:47:50 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/07 17:19:02 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/07 17:18:52 | 064,580,852 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/07 17:06:23 | 000,525,824 | ---- | C] () -- C:\Users\Allen\Desktop\dds.scr
[2010/09/06 15:11:08 | 000,212,752 | ---- | C] () -- C:\Users\Allen\Desktop\NEw track.rns
[2010/09/06 15:02:54 | 010,594,626 | ---- | C] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.rx2
[2010/09/06 14:55:53 | 027,655,597 | ---- | C] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.wav
[2010/09/06 14:55:32 | 003,139,356 | ---- | C] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.mp3
[2010/09/05 20:18:01 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/30 19:12:46 | 000,129,856 | ---- | C] () -- C:\Windows\hppins21.dat
[2010/08/30 19:12:05 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat
[2010/07/01 19:54:41 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2010/05/09 12:48:58 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/03/26 12:00:50 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/02/13 18:20:35 | 000,000,005 | ---- | C] () -- C:\Windows\pfjhockn.ini
[2010/02/10 00:42:43 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/09/15 11:18:56 | 000,230,042 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL90SP1_KB973924MSI65D2.txt
[2009/09/15 11:18:55 | 000,018,840 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL90SP1_KB973924UI65D2.txt
[2009/09/15 11:18:43 | 000,560,216 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL80SP1_KB973923MSI65AA.txt
[2009/09/15 11:18:43 | 000,018,840 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL80SP1_KB973923UI65AA.txt
[2009/09/15 11:18:34 | 000,544,074 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL80SP1_KB973923MSI658A.txt
[2009/09/15 11:18:33 | 000,018,952 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL80SP1_KB973923UI658A.txt
[2009/09/03 17:27:02 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/08/31 12:21:14 | 000,000,600 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\winscp.rnd
[2009/08/24 23:21:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2009/08/18 12:32:52 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/18 12:32:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/12 19:06:48 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2009/08/12 19:06:48 | 000,001,587 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009/05/08 19:07:22 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonmp.ini
[2009/05/07 22:56:09 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonbd.ini
[2009/05/07 22:51:46 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonii.ini
[2009/05/07 22:51:00 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonpj.ini
[2009/05/07 22:51:00 | 000,000,005 | ---- | C] () -- C:\Windows\ifdooncj.ini
[2009/05/02 18:24:51 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonkd.ini
[2009/05/02 18:24:51 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonjo.ini
[2009/05/02 18:24:51 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonhc.ini
[2009/05/02 18:24:51 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoondp.ini
[2009/03/09 07:45:02 | 000,000,571 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\AutoGK.ini
[2009/01/25 14:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/10 02:41:01 | 000,157,983 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\ReplayMusicLog.log
[2009/01/09 21:55:24 | 000,346,685 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/01/09 21:55:20 | 000,281,354 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_dotnetfx3install.txt
[2009/01/09 21:55:20 | 000,002,972 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_dotnetfx3error.txt
[2009/01/08 16:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/08 02:31:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\DirectoryService
[2009/01/08 02:31:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\Devices
[2009/01/05 23:17:40 | 000,564,224 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/01/05 23:17:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008/12/24 12:33:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\null.sys
[2008/12/24 12:33:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\beep.sys
[2008/12/23 04:25:50 | 000,000,024 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\avetoasts.ini
[2008/12/23 04:25:13 | 000,000,068 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\avethumbnailapp.ini
[2008/12/15 22:28:29 | 000,019,702 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\UserTile.png
[2008/12/06 02:19:51 | 000,000,005 | ---- | C] () -- C:\Windows\bdlgbikn.ini
[2008/10/27 23:55:05 | 000,001,024 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\WavCodec.wff
[2008/10/14 13:59:13 | 000,000,034 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\pcouffin.log
[2008/10/14 13:58:04 | 000,099,384 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\inst.exe
[2008/10/14 13:58:04 | 000,007,859 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\pcouffin.cat
[2008/10/14 13:58:04 | 000,001,167 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\pcouffin.inf
[2008/10/12 06:00:06 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/10/12 06:00:06 | 000,000,000 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\Displays
[2008/09/16 22:51:36 | 000,338,400 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_SharedManagementObjects_MSI5F92.txt
[2008/09/16 22:51:34 | 000,173,156 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_SQLSysClrTypes_msi5F8B.txt
[2008/09/16 22:51:27 | 000,322,356 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_SQLCEToolsForVS2007_MSI5F75.txt
[2008/09/16 22:51:25 | 000,398,936 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_SSCERuntime_MSI5F6E.txt
[2008/09/16 22:48:10 | 011,395,826 | ---- | C] () -- C:\Users\Allen\AppData\Local\VSMsiLog5CF1.txt
[2008/09/16 22:48:04 | 000,201,226 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI5CDE.txt
[2008/09/16 22:48:01 | 000,214,398 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_WinSDK_ExpTools_x64_MSI5CD4.txt
[2008/09/16 22:47:53 | 001,228,796 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ExpRemoteDbg_x64_MSI5CBA.txt
[2008/09/16 22:46:35 | 002,484,104 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_NET_Framework35_x64_MSI5BBB.txt
[2008/09/16 22:33:18 | 000,200,214 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/09/16 22:33:17 | 000,210,766 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_dotnetfx35install.txt
[2008/09/16 22:33:17 | 000,000,002 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_dotnetfx35error.txt
[2008/09/16 22:33:05 | 000,422,324 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_VC_Red_MSI5166.txt
[2008/09/16 22:30:08 | 000,118,573 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_depcheck_VB_EXP_90.txt
[2008/09/16 22:30:03 | 000,546,080 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_install_vb_xcor_90.txt
[2008/09/16 22:30:03 | 000,028,644 | ---- | C] () -- C:\Users\Allen\AppData\Local\uxeventlog.txt
[2008/09/16 22:30:03 | 000,000,002 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_error_vb_xcor_90.txt
[2008/09/05 01:38:59 | 000,000,277 | ---- | C] () -- C:\Windows\TheMatrix.ini
[2008/09/02 22:46:57 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2008/08/04 21:06:01 | 001,121,446 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/06/25 00:45:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/06/24 11:08:03 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/20 20:53:15 | 000,002,032 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps.dat
[2008/06/12 16:22:06 | 000,910,606 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/06/12 01:44:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/07 23:40:58 | 000,129,024 | ---- | C] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/07 00:19:28 | 000,000,732 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps64.dat
[2008/02/22 09:02:46 | 000,004,285 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/22 08:55:03 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/02/22 08:55:03 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:48:58 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2007/08/23 20:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2007/04/10 14:46:36 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2010/09/08 12:46:34 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\3A9325FDFFA52EAE784592F9E188CF5C
[2008/06/08 00:07:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Ableton
[2008/07/07 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\acccore
[2008/12/16 17:37:53 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\App Launcher Gadget
[2008/10/19 19:06:30 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Astroburn
[2008/10/26 14:58:00 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Atari
[2010/09/08 21:20:47 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\BitTorrent
[2009/03/31 20:49:26 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Blender Foundation
[2008/11/14 02:34:55 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Camfrog
[2009/06/27 23:58:50 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2008/12/21 23:54:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008/10/19 09:17:10 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\DAEMON Tools
[2010/04/17 00:55:26 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\DAEMON Tools Pro
[2009/08/15 15:47:51 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2009/05/28 23:24:30 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\DigiDelivery
[2008/06/23 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\DNA
[2010/09/02 22:06:08 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Dropbox
[2010/02/26 13:53:07 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Facebook
[2009/08/15 19:55:55 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\FFSJ
[2009/01/08 02:30:07 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\FileZilla
[2009/11/12 01:26:00 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\GlobalSCAPE
[2009/11/25 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\HandBrake
[2010/01/20 01:05:15 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\ImgBurn
[2008/10/26 14:46:31 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Leadertech
[2008/08/29 03:17:54 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\MessengerGadget
[2010/02/01 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\muvee Technologies
[2010/08/22 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\NCH Swift Sound
[2008/10/12 06:01:58 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Nikon
[2009/01/06 00:01:32 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Orbit
[2008/12/15 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\PeerNetworking
[2010/04/19 00:30:45 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\PrimoPDF
[2010/03/14 22:24:12 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\proDAD
[2010/06/01 21:33:34 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Propellerhead Software
[2008/12/20 11:40:55 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Red Alert 3
[2010/06/01 22:48:23 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Red Kawa
[2010/03/15 08:42:16 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Steinberg
[2008/08/02 23:14:15 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\STOIK
[2008/12/17 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Thinking Minds Budiling Bytes
[2009/12/08 17:25:42 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Tunebite
[2009/02/25 23:45:04 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010/09/02 06:17:17 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Vso
[2010/03/15 08:42:16 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\VST3 Presets
[2009/01/16 03:20:03 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Waves Audio
[2008/06/07 23:14:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\WildTangent
[2008/12/25 14:50:30 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\WinBatch
[2010/09/09 06:42:22 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/13 00:18:01 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{393DFD18-3185-401D-8AB5-3566280D111E}.job
[2010/09/13 17:05:40 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/06/12 18:40:31 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/12/24 12:41:01 | 000,000,002 | ---- | M] () -- C:\1850873430
[2008/06/18 00:18:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/08 22:59:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/22 08:46:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2008/06/18 00:18:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/19 20:51:44 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2008/09/29 17:04:56 | 000,046,592 | ---- | M] (M-Audio, a division of Avid Corporation) -- C:\FireWire_clean.exe
[2010/07/21 20:54:04 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2008/06/18 00:18:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/01 19:55:27 | 000,001,733 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2008/06/18 00:18:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/09 20:32:00 | 312,885,246 | -HS- | M] () -- C:\pagefile.sys
[2008/12/25 14:51:59 | 000,000,621 | ---- | M] () -- C:\RHDSetup.log
[2008/12/06 02:19:11 | 000,009,475 | ---- | M] () -- C:\setuplog.txt
[2008/12/03 18:38:05 | 000,002,647 | ---- | M] () -- C:\SP120300.LOG
[2008/10/26 14:31:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/11/18 20:43:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/01/05 22:02:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/07 02:51:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/10/26 14:31:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/11/18 20:43:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/01/05 22:02:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/07 02:51:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/12/25 14:55:19 | 000,000,524 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C265C458
< End of report >


Extras:

OTL Extras logfile created on: 9/13/2010 5:07:33 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Allen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 50.00% Memory free
16.00 Gb Paging File | 12.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 591.24 Gb Total Space | 309.25 Gb Free Space | 52.30% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 697.85 Gb Free Space | 74.92% Space Free | Partition Type: NTFS
Drive E: | 97.66 Gb Total Space | 70.80 Gb Free Space | 72.50% Space Free | Partition Type: NTFS
Drive F: | 4.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDIO
Current User Name: Allen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = C2 8D 69 C2 3E 20 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4169808711-1242010007-3904342873-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"Disable Config" = 1
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"Disable Config" = 1
"DisableSR" = 0

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FB88BA9-4B61-4955-A975-B7494FB2FB3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10D4ACB1-468D-42F4-B6A0-8031D531E690}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1E6683BE-2C1E-48CB-8716-DA1060E3132A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{210946BB-0B62-4827-850B-874EBE6D539A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{256E9DAE-6F48-4BCE-BBFB-1BD6E91D7F6D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26EDDFBE-E294-4264-AD81-1FE1E9360A7D}" = lport=139 | protocol=6 | dir=in | app=system |
"{27C3A7DF-465B-4C46-A758-DFA80A2EED31}" = lport=5357 | protocol=6 | dir=in | app=system |
"{291897C5-BC4B-4C0F-8EF8-7D92587FDF58}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E12367A-DC22-4462-88DD-2761E68E519B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3599F72D-ADAB-4CD5-A62C-2C1958CD8990}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{35E5B021-E390-4F60-990E-37A8F2FE0250}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{39F2F418-6FCC-460F-87E7-7639A04BB6F9}" = lport=137 | protocol=17 | dir=in | app=system |
"{454DAA9A-A650-4656-99E2-44E4A92FC4BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4891513B-3D63-40EA-B566-58DBAD154E3A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49198B57-7E5C-4A76-B8EB-B652986FEB83}" = rport=5357 | protocol=6 | dir=out | app=system |
"{4A86E03B-36D3-4458-9495-6531370B002C}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{4ADBD906-27F4-4C36-99CD-F3727DF8D9EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{5718C57A-EDAA-4144-8250-C783D1A498B5}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{5AAD45DD-B652-4BF9-8B99-A7C651DB6744}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5C0DD1C2-409A-427C-9E9C-24F150CCA1B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5D8D4714-CA59-4234-A6B1-1A452F256D36}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D924111-3EC6-4F84-9C0B-E0FC8DDDE85B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{640DAAD7-3B3C-4B23-A4B0-F82A93BD6048}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{652A9F98-B2C1-4D80-BA86-92602833B46B}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{676F6EDF-AE11-498A-A589-F91C9A6542EE}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{6DF07F04-3FF6-4587-A86B-0C1A48BC2B15}" = rport=139 | protocol=6 | dir=out | app=system |
"{7033ABB2-A47A-4FEA-970C-A9BB4A92B94F}" = rport=445 | protocol=6 | dir=out | app=system |
"{739694A1-D2C2-4818-A8C6-DB42C1FC8BC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7B2C94F7-D3BE-4759-A0D6-6404DC6A820B}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{84870F95-ECD8-4907-B8F2-78D8A7BA63FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8742AD6A-4526-45EC-8738-F38E30F7A42C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{89FE06D2-A4EA-497E-AE15-4080BF383F70}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A0D97E2-0FEE-4978-BC9A-FB4AF26649DE}" = lport=5358 | protocol=6 | dir=in | app=system |
"{94F21604-FAB6-47BE-87C6-A657519D9D6A}" = rport=138 | protocol=17 | dir=out | app=system |
"{952A48BC-9B65-4DB4-A00C-157E30B6878B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{97FCA33D-2147-42F2-85EA-52D04063C300}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{9E1A2FED-97E3-4D80-9DD6-F1E5231E68EB}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{A29D4A2C-AB5C-4F01-9ADF-50C0DF8D0A62}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A501B0AD-50CA-4E6E-84D7-AF9CE47261EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A52FCDFB-52A1-4F33-A8A4-77C67F456D97}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{AAA48A09-7DAE-46B8-B5DA-0F1FEA260E99}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{AE22C887-FCE3-4367-B54E-4C454E9BE7D8}" = lport=445 | protocol=6 | dir=in | app=system |
"{B32D4284-822C-47CF-9743-E5E928C810D0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{BB00D9F9-5135-4D9F-8932-F38C7D68DC25}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C1665CCF-CDA5-4DF4-BD3E-B6A4F0852DDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CC9B7D9C-68E5-4113-923C-534A540058C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0EA44E6-C2DA-4E73-A6CC-27D7385886A3}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{D6EDE68E-778C-4039-9D08-BBF51CA73E1B}" = rport=5358 | protocol=6 | dir=out | app=system |
"{DD85D76D-C84D-41C6-B852-00F18F788E8B}" = lport=1433 | protocol=6 | dir=in | name=microsoft sql (tcp) |
"{E0EB9F9D-8819-4681-80B1-AD0136825AB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3EB1BA9-D842-4356-A2FD-EA1AD63A9890}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EED7919E-A74D-4202-8EC9-B1779FE9A3B3}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{EFAC286A-6439-423B-8ECC-0CB8ACE5BED1}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{EFD5CA55-12DA-45F5-9A58-FC4383CB30CC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{F4DE0F41-95B4-4F14-AFF8-F190F9ABF12F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FBEB7006-95E7-4998-A072-65B09B336BA6}" = lport=1434 | protocol=17 | dir=in | name=microsoft sql (udp) |
"{FDC18655-4C35-4DCA-BCFE-3F2BBAFA4BE6}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019E53F6-4B73-4CC8-83D2-35036CEA18E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{03327BC6-8ED6-4CC8-9057-AE81193992B9}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{066D1176-FC31-4D04-8A35-ACBB0E4D84F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0671D90B-CB0C-43CA-AAC6-2A341E6B789F}" = protocol=6 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal tv server\tvservice.exe |
"{074FCE5F-86EA-4CE6-AD8D-B25A773293F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{080578F5-C91E-4538-A479-C55BC3FE94E9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{08414F49-0D4E-4094-9C29-976E68FD4466}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.0\cnc3ep1.dat |
"{0DF3C2FC-556C-4BE0-9CA6-1F62D0DAFDA9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0F0B7378-A344-417B-8E98-9840ED5B20BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F82C4C0-9B76-4A03-8E7E-482DB9E1B4C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F83B284-ADD7-4119-A178-8052F65BE3C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1031D802-BCA2-419C-96C6-7BEF8A2FD905}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{10C9DDBB-C4F2-4649-B1E0-CA1CE2D7CD34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{11FF4DDD-AE1F-4C87-BEBD-BF68250E1874}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14EB7BAC-3359-4373-945A-3D24729BEBBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{15113B63-47E0-4356-8B6A-F3DDB5DCDADC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{16E6741E-3936-4A5F-9739-941B94A5040B}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{170E0AF1-AA6C-4DBA-9E77-22B36905E792}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{185379FD-805A-441D-8E03-20F67A475D30}" = protocol=17 | dir=in | app=c:\users\allen\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{196F7125-79F4-41E7-B913-C187B72E0D03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{198EF21B-F790-4397-893E-41D81059B8CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{19A8BFA7-252C-47B0-A5A1-5D2AF30E5BF8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1A009D41-46DD-4A24-9996-96286445FB1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{1CB24B0E-A8C9-4715-9FB1-ABDBF6FF1468}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1DB25938-AAF4-4325-8389-B1B6015727A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F662BD5-EEDC-43FE-B61E-E8FCB0075BBA}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{20242B07-379F-4559-A4AF-6931A799BAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{2105845E-BD98-4016-AE53-2E4BC4CA00BE}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{211D10AE-9120-43D1-8C62-1515A0EB0902}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{21C8BF71-83E8-43C2-BD5C-B55C474523ED}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{22441E9A-3289-4C76-9D5F-589FFA5A88AC}" = protocol=17 | dir=in | app=c:\program files (x86)\rapidsolution\tunebite\tunebitehelper.exe |
"{245731BF-E2F3-42AA-ACF1-1EB0698E6EAC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{24F1562F-6033-49B9-B6C5-E81DE4CE19CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2542C860-C861-4F77-BC66-F41A0F9E4856}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{27042EF0-9A2E-4C77-8856-1F25B453CAE4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2895EC6C-547A-4D99-AD61-D52DBF0E4F9D}" = protocol=6 | dir=in | app=c:\users\allen\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{28D0B085-22DF-4235-A307-EE7A86F9E5C6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{291F07B3-1EAD-4833-8795-32F7A004C715}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CA00962-B5EA-4107-AAB1-40F9A4B9F0A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2EF68024-2F9F-4BE1-A301-3A8CE55849D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{308CDE1D-06D2-476D-A063-1B3CEEC792D0}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2006\32bit\ttax.exe |
"{30B3B1F4-5A1C-4726-AB20-E56710BF381C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31D85D5A-3F30-4503-AD0E-FF9B566B04FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{324B7E91-E7BA-4488-A04D-D4ED3E751804}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33DB41C4-710C-4699-BD93-B9AF2173EC59}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{343AA1C7-BC99-4B5F-A83F-478A029E61BC}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{3452C5EE-9111-4555-9A1F-C90935BB94CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3541F2B6-53B1-4EFB-AF49-D4DC20AC39A6}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{361B3D37-AE25-460E-96A0-A1026EDDA9B3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{3845906E-A4B2-4D2D-9EA2-90522328E9F1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3BDC8107-DFF2-4397-B852-9AF64A192BC7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3D0D2006-A442-4271-8653-C2A9FFDAD07C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{41CC509C-ED0E-4710-A1CB-E9D797927F32}" = protocol=6 | dir=in | app=c:\program files (x86)\rapidsolution\tunebite\tunebitehelper.exe |
"{41D1B6BE-6590-4FC5-98EF-5B485F2B222F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{42830535-F0CB-432B-B6A3-A813E1D80D18}" = protocol=6 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal\mediaportal.exe |
"{43ABB649-666D-424E-A761-830A5CD3CBFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44179CB9-191C-4F24-A466-39CBA421D37F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{453E1414-62DF-4986-B546-897007FBC501}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2006\32bit\updatemgr.exe |
"{45C9475A-73FB-4F3F-A858-4FB7A8CA79E7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{468E45EF-DEEF-45B9-BAA0-8DA8BFF94DF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47925837-7551-46D4-8B7F-D9E01A625915}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47F8B682-552D-4B16-9AF5-0EDF41F2FCC3}" = protocol=17 | dir=in | app=c:\users\allen\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{48F4D6D0-D56F-4D29-85A7-A91F8E1E2891}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4F87E8BF-0A5C-473F-90FA-D3E3D73B34BE}" = protocol=17 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal tv server\tvservice.exe |
"{4FDE3526-DCEA-4FB0-ADD9-3B8734270F0B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{52617146-26BE-41AD-8928-884782F75A28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{562833BF-BE57-496B-AE4C-7FF8A2437D8A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{57314795-626E-4DA8-94D4-F217A3863800}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57383F32-E0E2-4608-BC4D-512761770207}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2006\32bit\ttax.exe |
"{57B8BA1B-DE57-42EA-8805-A0151E8F78FE}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{57F62AFE-8514-4D92-A76B-93C9EBB8E687}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{5A55B29A-3513-4627-A779-AA9C85D5771D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{5C8CBA01-501D-4FAE-9539-B2C14B994D01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CC52E51-4DD5-4945-9977-D1279E583BD9}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5E0204FA-AA8B-48CA-9C1F-9EF9BBBA2083}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{5FA4A8C6-33C5-4CB4-BCFD-BD098BC2ACAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{612DC51B-1FFA-4DC2-B062-2C411D9C1D0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{613C4E9C-FA6A-43D9-94BB-4D2C6AEB6596}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{6253E63D-32F1-4981-A823-360EFB961A21}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{62E70141-78D6-4A40-9FE9-817E39EBF395}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6335759E-6EAE-483E-9573-8CD7623CB0AE}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{66826D47-18FD-4E01-BDAD-4AE2A70A28CE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{67F9F8DB-1EC3-4F4F-AF99-24A7CC82E492}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6BF1FD72-C8F2-46EC-8DDD-837DFD2EFBCA}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{6CC563D6-2D95-42C3-8F10-0C25E6D86824}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{6D5C1FFD-EF21-410B-AEDD-12C1D28BB9EF}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{6F526DA1-FD84-475D-A8A5-E4476E088770}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6FA5EAB6-1035-4529-92A7-8BC0CB1985D6}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{6FDC8E80-3058-4139-9AE2-DAA51284AF0A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{72478CE8-F568-4509-9049-EF602BFD3AA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{739AFFAF-1445-44E2-809E-34ECFE47CAAA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{740555D9-99C5-4551-809D-E83D84228E35}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{747A145E-CC08-470E-8D9A-CC5D69709294}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7531E813-DC01-404F-A26D-03116B51C61C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7A242D74-9941-4D00-BE94-E0511B4773AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7B3F35EE-2848-4CAD-B3D6-0C85E663D5FD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CFBE845-0B17-4738-A605-B3D408F9E729}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{7E07688E-1275-4425-974D-D4FE31C15E23}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7E24CF49-3100-4650-B867-7902AA3FACD9}" = dir=in | app=rosettastoneversion3.exe |
"{7F910CD8-5525-4344-A1C8-9C8615358475}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{802B883C-A071-4CFB-9D73-C3ED973BDD94}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{807DB7E0-4566-4ECE-8569-A76B9A48DF42}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{813C1BAE-6ACB-4040-AD5C-D487633AD725}" = protocol=17 | dir=in | app=c:\users\allen\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{82D2B448-4CF0-431A-A41B-2BE28D9A1BA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{859EDCEC-104B-4553-A063-2B386C0E5E6B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{8618FC53-B2F8-4E5E-B2D5-4AE9911044AC}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{869000A5-D60F-4B29-86CB-ECD82BC22C3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{87E64243-9293-4BBE-BB01-5C6765CF1082}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{89990589-4639-4006-839D-99B9E9A2B5A7}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{8BC8B0B1-10B3-47F8-9928-5A3F0132C35C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8C53AA18-B623-4C42-8493-280B21D4BB68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D02957E-91A8-49B0-81F6-FE1A4990B03C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D1B42CC-B637-48E6-ABA3-75A6E4DED3D0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8FDA4691-5BFF-49F7-9A4B-BC5C2CA861BA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{90249A72-1361-45DA-87DE-C149FEF85402}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{91C433AE-6CD0-47F6-8775-D99B5CE3BEC0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{923D4989-CBBD-4262-B663-2C2A2741FF61}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{92CB2BF3-F4DC-4962-96A8-CD0D930307E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{944550B6-55A4-491E-803D-98C5EF1D9B47}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{971EFDAD-48D8-4616-B1FA-2074A35CF054}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{98C2ADAF-9D5C-40BD-91E6-4FD5DBEB8E2C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{9A4CFBA2-143B-49A8-A2DB-4D89562CE365}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9AB6BB9B-EAFE-48F6-B4FC-05665471AD94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{9CCFE704-921F-4152-B288-6A3C8C15A411}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9D86395D-11A0-4370-AC1A-BE18FAF3AC7E}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{9E695925-5CB6-43C5-B325-722AA0873891}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F84F55E-5C91-4844-BC72-92E117A3F305}" = protocol=6 | dir=in | app=c:\users\allen\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A0DB259C-D07E-4E71-AD73-7180AB825165}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A12123C5-D3CC-4A14-8FEE-94985ED054D9}" = dir=in | app=support inrosettastoneltdservices.exe |
"{A3D86283-0C72-44C1-BB4E-59E520BB5B71}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A4A4C46E-028D-4AF2-B252-4A2D6CCCDBBF}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{A5E14FF1-438F-4749-951C-A465D5FD34AF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A85DFC84-06A9-4751-B35D-8BB199BBC48F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A92DE94A-C0CC-4E1A-93E6-0F2B49EA4B22}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AA37D38F-8E15-4D2D-921D-C1F47ACA02D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE502A75-DA1E-4C2C-BC1E-4F6139B3B502}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B27978AD-2E65-4B3E-9C0F-22A19D0D0C49}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B35486E1-068E-4C74-9903-A7CBAF650555}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B3C00EC7-6FFC-475C-9193-B2A54E39B247}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{B46F994F-6231-4637-8FF1-1F10067B9546}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4959C5B-8D90-47A3-8148-5BFFBF2B790B}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{B6136611-D923-4478-87A4-2DC76B16D16C}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{B8CE8051-B6B4-4986-B41C-2DBF8E97DD19}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BC0CF7B5-782B-4C71-9D70-E70BF58DE2E9}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{BC94AC93-AC71-4931-BE3A-915A40F420B1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BD2C87B3-C283-45B5-BD8F-8139C0A49148}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C23461B9-8EF0-4CCD-924D-44FF7CF17CA7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{C25527DF-8F8B-47DF-8840-D5102C83884F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2D784C7-C284-447C-A044-19E1B77ACBA7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{C48899FC-74E1-4E64-9024-68FED86090F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{C4E160E3-ED9C-4835-8F73-D97FE0A08100}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6B1987A-7139-4484-94EF-A2324D213301}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9A85F6D-C8F4-471E-A759-F1339EB0B1C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CBB0C975-3FCB-4DB3-B15A-926756733336}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{CFDA7B6A-45E1-41A4-B5C3-F2F41B27DD3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D017B004-9BA2-4375-A29E-2AC654CE1C87}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{D23EA8DB-F5AF-425D-A259-60F34B221B72}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D2ACCC39-2ED9-493C-9A0B-A08D6764B9D6}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{D302633D-7CD8-4F8D-91ED-0F84D17D9784}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D34D2A50-B559-433C-A8F7-534259389197}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D4975A41-6D45-4FF7-B50F-1965862C502E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5626C73-6490-495A-9CEF-A6ADC062453D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D61318A6-2D92-4411-8C82-F1959D28C795}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D6875CC5-36F5-466E-9A7A-CF047C6FD392}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{D713028D-0912-47AC-B766-88FC87D8494C}" = protocol=17 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal\mediaportal.exe |
"{D89083CD-2B98-4D12-8E3E-C57CE0E1A05B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D8984597-3D14-461A-9D42-D0264060C10A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB279088-D9A5-4D60-800D-897AC446D50F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB6ED013-7BA3-4217-9AB7-CB17A4F8059E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC9FAE12-510B-46AB-AA10-7CA72A3551F8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E3695555-3849-4243-A6E9-11B77E506471}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E3DC0CEC-0A01-4379-AB36-F3F970136F66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E49D5816-BDE1-4A44-A776-A05796DBA045}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\build70.exe |
"{E50779AC-1AC9-417E-BEE0-D7F194321CB5}" = protocol=17 | dir=in | app=c:\users\allen\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{E733ED8F-86E4-459A-86B2-DDB912C902BA}" = dir=in | app=c:\program files (x86)\windows live\messenger\livecall.exe |
"{E79E6F1C-4B03-4C6D-BFE8-63700AB51370}" = protocol=6 | dir=in | app=c:\users\allen\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{EA204FCF-78E0-4C7F-9552-925DD290BEFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EA3E27DE-84E1-4B66-83D6-BD794457F9EC}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{EAADA538-3F98-4A3B-85CC-1024C36C68AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAB29C17-4329-476E-8575-BB38BF19D724}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{EAE332C9-16B7-4757-AABD-5290082B8B3A}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{EB491BAD-B25A-4839-9FA0-AD219E49335B}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2006\32bit\updatemgr.exe |
"{ED80D958-FA6D-46C4-86E9-53B7DC317B2D}" = protocol=6 | dir=in | app=c:\users\allen\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{EE34B46A-02D2-4A5C-BCA6-7363CC782E46}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{EF37CA5D-F25F-4651-807F-4336A1981A32}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F14A6296-4A3D-43EC-B64B-59C6E4A26608}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{F18E3718-BF63-4CC0-90E8-C04F2C84EC1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F43576FD-EE4F-4FB4-8C2E-06522387B3EE}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F4C8054A-1714-477D-BFD2-ECEB6B820739}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F679BBE1-3548-440B-B4A1-0386ECE85579}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8052796-510D-4C3D-8785-B08861288914}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8C27FB0-9528-4E72-8E1E-B85A758505F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FBBF714A-C67E-4E75-9524-F1A729248939}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{FC72F129-1B83-424A-B841-037136F594D7}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{FCBFE623-8BF0-4016-8A99-09AF2DB17707}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FCDAA7B6-3D41-4EEE-9AF1-47EF9022A038}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD4FF9D9-1BD4-4D2B-93AB-56D16DC9AF03}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{FD8DC715-B743-4147-898A-74CCDCFD9520}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE152AA9-6F5E-4005-9C40-564E97E86D70}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE201612-01B7-4F8D-B8FD-44F0DA3A204C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FED94E1B-05C6-47D6-993E-F279FDB408F7}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\build70.exe |
"{FF920EBF-C23A-42DC-9A8F-E00B5FCB602A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{03ECD6CF-06B2-4B9C-A34C-1AB52A3E2924}C:\program files (x86)\steam\steamapps\magicbullets\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\magicbullets\day of defeat source\hl2.exe |
"TCP Query User{0E038C3C-1A50-4227-8B5F-3D5EF629DD26}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{1101E500-566A-48DA-877C-45193B332D14}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe |
"TCP Query User{16CB8633-14D8-40AB-80C0-D11DC8C8FC9E}C:\program files (x86)\steam\steamapps\magicbullets\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\magicbullets\counter-strike source\hl2.exe |
"TCP Query User{176AD928-F128-4C64-9D2D-98A96A3A6113}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"TCP Query User{1DD6712B-99FA-4D0C-AE4A-F525CF3B03D2}C:\program files (x86)\pinnacle\studio 12\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"TCP Query User{2791D8F4-F875-488C-A8AC-ACF6FEB51A95}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{285C6E9F-89A9-454C-A2C6-469BBF7A678A}C:\users\allen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\allen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{44BA44B1-8ACE-4275-9797-107FC14E3A65}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{451CF467-D799-47FE-94A7-FF722507D60F}C:\users\allen\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\allen\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{51C7648C-1B47-44AD-8083-25FF2312466B}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{53DF8422-6A78-4D89-8026-871A87A86361}C:\program files (x86)\camfrog\camfrog server\camfrogserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog server\camfrogserver.exe |
"TCP Query User{56B882E4-8527-4F75-9F17-35422FC7456F}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"TCP Query User{6BAAB431-4BCC-4AAB-AE7B-E21EF0FDB8B5}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{6F778209-F20A-4ADF-9185-D48BF9675DAE}C:\program files (x86)\ea games\battlefield 2\bf2voipserver_w32ded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2voipserver_w32ded.exe |
"TCP Query User{7706E64A-4A21-4F90-96E8-48F4E1B27299}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{7979F888-BA50-4299-B6FF-743ABC4A6F54}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{920D70CD-7947-4640-920D-6788700F1A97}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{94AD257E-1A93-4884-9F8A-52E81067B12F}C:\program files (x86)\camfrog\camfrog server\camfrogserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog server\camfrogserver.exe |
"TCP Query User{A7E04424-A929-455B-A65B-D2D671667695}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{A844A77F-F8DB-4D30-B63B-3370834F5334}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{AC57506C-F5DC-47C6-8627-C7BB29C0BB7A}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"TCP Query User{AE6D5DBF-6304-41D5-B080-AAAE25D4E6C2}C:\program files\beatpack\beatpack.exe" = protocol=6 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"TCP Query User{AF44E16E-CBE3-4018-A950-566488A6CAD3}C:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat |
"TCP Query User{B2A83F47-F979-4CD9-9246-465282BB87B2}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{BD23FA75-14E7-43AE-9BF1-B911CC83EFCC}C:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat |
"TCP Query User{C69050F8-61C4-4CBF-8D45-B212F04D84A0}C:\program files\beatpack\beatpack.exe" = protocol=6 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"TCP Query User{D14BF6B9-57CC-4045-96C9-982B732C692C}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"TCP Query User{EE3D8D9C-39B0-45DE-9DAC-3639FCB2C175}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{EEB70EC5-C154-4EF0-9E34-307655412F8D}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{F7CBD145-483D-4561-A7AC-B58FC1F9866F}C:\program files (x86)\ea games\battlefield 2\bf2voipserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2voipserver.exe |
"TCP Query User{FF5CA62E-439C-43C9-AEC8-F2E1B4B3DD8F}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{0D53281B-296A-47F2-B9A8-C0B3BA4C1D7B}C:\program files (x86)\camfrog\camfrog server\camfrogserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog server\camfrogserver.exe |
"UDP Query User{15C80F11-E86B-4D34-9617-33FC649EF465}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"UDP Query User{1D5E5EB8-1BA3-4FE8-B2D1-A64BD248B713}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{2137C1A9-21DC-4EAE-B59E-B7154016D68B}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{2D903665-BE4E-41C3-8AF6-FE1D123F832B}C:\program files (x86)\camfrog\camfrog server\camfrogserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog server\camfrogserver.exe |
"UDP Query User{30689B60-6E76-4974-8072-BCC18ACD866E}C:\users\allen\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\allen\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{381DAB41-993B-43FC-8106-CF23679872A4}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{44726812-AA2F-44A2-8133-E34F460F2AC9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4839BFB4-10EF-4429-9BE1-03C117D822C3}C:\program files (x86)\ea games\battlefield 2\bf2voipserver_w32ded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2voipserver_w32ded.exe |
"UDP Query User{514794DC-72D2-4641-A126-E6EFACABEC2D}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{6B802F02-6384-4A1D-859E-E638367C7968}C:\program files (x86)\steam\steamapps\magicbullets\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\magicbullets\day of defeat source\hl2.exe |
"UDP Query User{6D2023C1-7384-4D6F-A8A0-DBFD360AA565}C:\users\allen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\allen\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{6E449572-AA53-4AC8-B691-C80F5022480D}C:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat |
"UDP Query User{7096EBDF-46D2-40E1-B271-BD747E65E2EE}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{720C64CD-2F5D-4D26-8785-5A9571E9DA84}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{750987E3-3C5C-4B36-B123-D56684ED6AC2}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{83F08DFF-2ECC-4C6A-9575-6A46DA64B758}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe |
"UDP Query User{881D62E5-CF87-4A43-B9C3-FF1FB98DC3AD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8ADA7BF9-CAF7-4ACF-891B-59378257C0A4}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"UDP Query User{91905380-58E4-4871-9BB2-B541BD8689AB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{984FB3C8-91E7-476B-BE28-FAC20C9BD517}C:\program files\beatpack\beatpack.exe" = protocol=17 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"UDP Query User{9A96CAAA-DA30-426D-9652-56490ECE02F8}C:\program files\beatpack\beatpack.exe" = protocol=17 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"UDP Query User{9E016618-CB16-4B02-9176-EBF9DF81ED9C}C:\program files (x86)\pinnacle\studio 12\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"UDP Query User{9EC11586-B84A-4F55-829D-C8A500944600}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{A2065785-89D5-43B5-B922-B9F559A4B1A8}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"UDP Query User{A35A1812-7970-45AC-B960-FF018811A31E}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{A4E93A03-62E1-47EA-B3B6-65ACC1052E50}C:\program files (x86)\ea games\battlefield 2\bf2voipserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2voipserver.exe |
"UDP Query User{AA8FC2F8-C770-432F-86CE-31E4390E5052}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"UDP Query User{C8C066F9-9447-4A92-A684-B251B44C18EA}C:\program files (x86)\steam\steamapps\magicbullets\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\magicbullets\counter-strike source\hl2.exe |
"UDP Query User{CA59516C-AF83-4076-8E64-2982DCC2740C}C:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat |
"UDP Query User{D5D00E3D-B0B0-4D56-ABEA-28CA52A4A899}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{ED0C6268-BA91-49B2-9C3C-54128CC8B25B}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}" = HP Deskjet Printer Driver Software. 8.0.B
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{812F5B09-D0BA-4036-A63E-69238EF22ECA}" = Microsoft Corporation
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A7CA92E-C518-9C36-3105-B087DCE86887}" = ccc-utility64
"{9B1EF559-C401-4DC2-A456-F0C464F1C7E7}" = NetDeviceManager64
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFA90C29-43CE-DA57-ADB1-66896590754B}" = ATI Catalyst Install Manager
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{FA74243F-4291-4d0a-AF6C-56C69F1CF1D2}" = SF_CDB_ToolboxIni64
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Virtual Audio Cable 4.9" = Virtual Audio Cable 4.9

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3822F6D9-F309-41f4-BB98-DA061F0BA8B3}" = SF_CDB_Software
"{397D932C-93C8-72BD-12C3-E81AF1BE7D11}" = Catalyst Control Center InstallProxy
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CDC9034-9505-BABE-215A-3250EC111E5E}" = Catalyst Control Center HydraVision Full
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{433297A1-0844-C181-7C19-75BA40FF9CAA}" = twhirl
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{652B1C83-0962-41CD-994B-09A3F0FEAFCF}" = FireWire Family
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67330878-0617-41A9-A3B0-B5298E89E7BC}" = Pinnacle Winter Pack
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A25BF3A-5AA3-62F8-7AE1-412107673F42}" = Catalyst Control Center Graphics Light
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C5B8181-1B6A-457F-A8D9-8AA11B2C52C9}" = Vista Services Optimizer
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82442D8F-A2B7-4038-A62E-3DDC75215AAA}" = Catalyst Control Center Core Implementation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87D00EFA-985C-DFEF-0FE1-92AB2EC328C9}" = Catalyst Control Center Graphics Previews Vista
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACE0437-ABC8-42EE-A165-D5ADD81A1BD3}" = Pixie registration fix
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8DBF55D-73C0-4E37-A10E-365BFBB14119}" = Battlefield 2 Complete Collection
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{B0C539DC-FFA1-75FD-5FDF-4D1B766A527D}" = Catalyst Control Center Graphics Full New
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}" = Nero 7 Ultra Edition
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA94DBCB-FA7B-7746-DDDE-1173F06D633A}" = Catalyst Control Center Graphics Full Existing
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE51FC86-7F89-D281-FCB1-A78BFE0C9044}" = ccc-core-static
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB1F288D-4835-6D99-B9F4-09983AA60B17}" = Catalyst Control Center Graphics Previews Common
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0AB2BE7-1C66-B4FE-DA8C-127CE781E893}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3CA370F-0B4B-4239-BF5A-2CC751EB5D3C}" = Battlefield 2 Server
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F789C27E-B3EF-4730-9EB5-928B4D8A17C1}" = SF_CDB_ProductContext
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"112dB Redline Monitor VST_is1" = 112dB Redline Monitor VST v1.0.0.881
"Ableton Live_is1" = Ableton Live v7.0.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"AIM_7" = AIM 7
"Antares Avox 1.06" = Antares Avox 1.06
"Audacity_is1" = Audacity 1.2.6
"AutoHotkey" = AutoHotkey 1.0.47.06
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BeatPack" = BeatPack (0.9)
"Blender" = Blender (remove only)
"CamStudio" = CamStudio
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EADM" = EA Download Manager
"FairUse Wizard 2" = FairUse Wizard 2
"HijackThis" = HijackThis 2.0.2
"i Screen Recorder_is1" = i Screen Recorder 8.0.0.2167
"ImgBurn" = ImgBurn
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"iZotope Ozone 3_is1" = iZotope Ozone 3
"iZotope RX_is1" = iZotope RX
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 2.2.5
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Magic ISO Maker v5.0 (build 0166)" = Magic ISO Maker v5.0 (build 0166)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"MediaPortal TV Server" = MediaPortal TV Server / Client
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS" = Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
"Network MagicUninstall" = Network Magic
"ObjectDock Plus" = ObjectDock Plus
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"RDPSoftware Core Components" = RDPSoftware Core Components 1.0
"Reason4_is1" = Reason 4.0
"ReCycle_is1" = ReCycle 2.1
"ReFillPacker4_is1" = ReFill Packer 4.0.1
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 211" = Source SDK
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Switch" = Switch Sound File Converter
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"ToolBox" = NCH Toolbox
"URS Classic Console Strip Pro VST RTAS_is1" = URS Classic Console Strip Pro VST RTAS v1.0
"Videora iPod touch Converter" = Videora iPod touch Converter 5.04
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"Wave Arts Power Suite" = Wave Arts Power Suite
"Waves Mercury Bundle" = Waves Mercury Bundle
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2010 2:44:58 PM | Computer Name = Studio | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/11/2010 2:48:03 PM | Computer Name = Studio | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x10f0, application
start time 0x01cb5180143480c0.

Error - 9/11/2010 4:53:09 PM | Computer Name = Studio | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x17bc, application
start time 0x01cb51e1e1463020.

Error - 9/11/2010 6:53:17 PM | Computer Name = Studio | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1078, application
start time 0x01cb51f35be51e20.

Error - 9/11/2010 9:08:22 PM | Computer Name = Studio | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1088, application
start time 0x01cb5204224e49f0.

Error - 9/12/2010 10:33:34 AM | Computer Name = Studio | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x17d4, application
start time 0x01cb5217021c8cb0.

Error - 9/12/2010 3:53:40 PM | Computer Name = Studio | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x4f4, application
start time 0x01cb52877e6a2ff0.

Error - 9/12/2010 4:58:44 PM | Computer Name = Studio | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x1118, application
start time 0x01cb52b4345c6360.

Error - 9/13/2010 1:13:55 AM | Computer Name = Studio | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e02a1e, faulting module explorer.exe, version 6.0.6002.18005, time stamp 0x49e02a1e,
exception code 0xc0000005, fault offset 0x0000000000026478, process id 0x14a8, application
start time 0x01cb52bd4d79bec0.

Error - 9/13/2010 8:05:38 PM | Computer Name = Studio | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 8/28/2010 10:06:33 AM | Computer Name = Studio | Source = Print | ID = 6161
Description = The document Full page photo, owned by Allen, failed to print on printer
HP Deskjet 6940 series. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 10878976. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\STUDIO. Win32 error code returned by the print processor:
2. The system cannot find the file specified.

Error - 8/28/2010 10:08:07 AM | Computer Name = Studio | Source = Print | ID = 6161
Description = The document Test Page, owned by Allen, failed to print on printer
HP Deskjet 6940 series. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 138228. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\STUDIO. Win32 error code returned by the print processor:
2. The system cannot find the file specified.

Error - 8/28/2010 10:09:00 AM | Computer Name = Studio | Source = Print | ID = 6161
Description = The document Full page photo, owned by Allen, failed to print on printer
HP Deskjet 6940 series. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 10878976. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\STUDIO. Win32 error code returned by the print processor:
2. The system cannot find the file specified.

Error - 8/30/2010 9:52:05 PM | Computer Name = Studio | Source = Print | ID = 6161
Description = The document CashNetUsa - Fast Payday Loans, owned by Allen, failed
to print on printer HP Deskjet 6940 series. Try to print the document again, or
restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes:
681220. Number of bytes printed: 0. Total number of pages in the document: 2. Number
of pages printed: 0. Client computer: \\STUDIO. Win32 error code returned by the
print processor: 2. The system cannot find the file specified.

Error - 9/6/2010 6:00:36 PM | Computer Name = Studio | Source = Service Control Manager | ID = 7031
Description =

Error - 9/6/2010 6:01:03 PM | Computer Name = Studio | Source = Service Control Manager | ID = 7031
Description =

Error - 9/6/2010 6:02:03 PM | Computer Name = Studio | Source = Service Control Manager | ID = 7032
Description =

Error - 9/9/2010 12:23:58 AM | Computer Name = Studio | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:21:24 PM on 9/8/2010 was unexpected.

Error - 9/11/2010 8:01:36 AM | Computer Name = Studio | Source = Service Control Manager | ID = 7034
Description =

Error - 9/12/2010 2:44:58 AM | Computer Name = Studio | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 001E8CDF1E61 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:15 PM

Posted 14 September 2010 - 06:57 AM

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

=================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
    O4 - HKCU..\Run: [Lsass Service] C:\Users\Allen\AppData\Local\Temp\59041.exe File not found
    O4 - HKCU..\Run: [lvokmrbo] C:\Users\Allen\AppData\Local\lbmyoomte\wshdfxiuqiw.exe File not found
    [2010/09/08 21:17:21 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\lbmyoomte
    [2010/09/05 20:18:06 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\flqaktjre
    [2010/09/05 20:17:43 | 000,000,000 | -HSD | C] -- C:\Users\Allen\.COMMgr
    [2010/09/05 20:17:28 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\3A9325FDFFA52EAE784592F9E188CF5C
    [2010/09/13 17:05:40 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 K()nT3nTs

K()nT3nTs
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:15 PM

Posted 15 September 2010 - 12:45 PM

2010/09/14 18:17:45.0086 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/14 18:17:45.0086 ================================================================================
2010/09/14 18:17:45.0086 SystemInfo:
2010/09/14 18:17:45.0086
2010/09/14 18:17:45.0086 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/14 18:17:45.0086 Product type: Workstation
2010/09/14 18:17:45.0086 ComputerName: STUDIO
2010/09/14 18:17:45.0086 UserName: Allen
2010/09/14 18:17:45.0086 Windows directory: C:\Windows
2010/09/14 18:17:45.0086 System windows directory: C:\Windows
2010/09/14 18:17:45.0086 Running under WOW64
2010/09/14 18:17:45.0086 Processor architecture: Intel x64
2010/09/14 18:17:45.0086 Number of processors: 4
2010/09/14 18:17:45.0086 Page size: 0x1000
2010/09/14 18:17:45.0087 Boot type: Normal boot
2010/09/14 18:17:45.0087 ================================================================================
2010/09/14 18:17:45.0087 Utility is running under WOW64
2010/09/14 18:17:45.0393 Initialize success
2010/09/14 18:17:48.0364 ================================================================================
2010/09/14 18:17:48.0364 Scan started
2010/09/14 18:17:48.0364 Mode: Manual;
2010/09/14 18:17:48.0364 ================================================================================
2010/09/14 18:17:49.0835 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/09/14 18:17:49.0894 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/09/14 18:17:49.0922 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/09/14 18:17:49.0941 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/09/14 18:17:49.0965 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/09/14 18:17:50.0031 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/09/14 18:17:50.0101 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/09/14 18:17:50.0120 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/09/14 18:17:50.0138 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/09/14 18:17:50.0164 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/09/14 18:17:50.0179 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/09/14 18:17:50.0383 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/14 18:17:50.0578 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/09/14 18:17:50.0658 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/09/14 18:17:50.0676 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/09/14 18:17:50.0729 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/14 18:17:50.0754 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2010/09/14 18:17:50.0795 ATIAVAIW (eaccf83fc98cb7f1951fdc912edcfc4d) C:\Windows\system32\DRIVERS\atinavt2.sys
2010/09/14 18:17:50.0858 AtiHdmiService (3ac10a57313af6793ff1bac6146fcff7) C:\Windows\system32\drivers\AtiHdmi.sys
2010/09/14 18:17:50.0972 atikmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/14 18:17:51.0211 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
2010/09/14 18:17:51.0288 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys
2010/09/14 18:17:51.0426 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\system32\Drivers\avgtdia.sys
2010/09/14 18:17:51.0529 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/09/14 18:17:51.0569 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/14 18:17:51.0611 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/14 18:17:51.0634 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/09/14 18:17:51.0680 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/09/14 18:17:51.0698 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/09/14 18:17:51.0716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/14 18:17:51.0733 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/09/14 18:17:52.0207 BTCFilterService (4821ace9147550dd535f43d92fb2bff1) C:\Windows\system32\DRIVERS\motfilt.sys
2010/09/14 18:17:52.0302 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/09/14 18:17:52.0404 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/14 18:17:52.0491 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/14 18:17:52.0596 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/14 18:17:52.0735 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/09/14 18:17:52.0853 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/09/14 18:17:52.0871 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2010/09/14 18:17:52.0955 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:\Windows\system32\drivers\copperhd.sys
2010/09/14 18:17:52.0998 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/09/14 18:17:53.0075 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/09/14 18:17:53.0141 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/09/14 18:17:53.0235 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/09/14 18:17:53.0283 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/14 18:17:53.0489 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/09/14 18:17:53.0551 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/09/14 18:17:53.0681 eeCtrl (98e1072cb6d6672e332b3edfcb978713) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/09/14 18:17:53.0730 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/09/14 18:17:53.0780 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/09/14 18:17:53.0871 EuMusDesignVirtualAudioCableWdm (be646f166163211cd9790f93d89c3981) C:\Windows\system32\DRIVERS\vrtaucbl.sys
2010/09/14 18:17:53.0902 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/09/14 18:17:53.0989 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/09/14 18:17:54.0070 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/14 18:17:54.0104 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/09/14 18:17:54.0128 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/09/14 18:17:54.0157 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/14 18:17:54.0270 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/09/14 18:17:54.0328 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/14 18:17:54.0380 FTDIBUS (0f210048c6bfbfbc0f50816bce40b575) C:\Windows\system32\drivers\ftdibus.sys
2010/09/14 18:17:54.0424 FTSER2K (814f098b02095814a8bebbf86d13fc90) C:\Windows\system32\drivers\ftser2k.sys
2010/09/14 18:17:54.0452 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/14 18:17:54.0510 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/14 18:17:54.0588 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2010/09/14 18:17:54.0858 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/14 18:17:54.0927 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/09/14 18:17:54.0960 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/14 18:17:55.0038 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/14 18:17:55.0095 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/09/14 18:17:55.0266 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/09/14 18:17:55.0315 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/09/14 18:17:55.0342 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/14 18:17:55.0394 iaStor (3c4cd264b04d79a43a0f124c067ba08e) C:\Windows\system32\drivers\iastor.sys
2010/09/14 18:17:55.0421 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/09/14 18:17:55.0457 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/09/14 18:17:55.0567 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
2010/09/14 18:17:55.0620 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/09/14 18:17:55.0651 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/14 18:17:55.0716 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/14 18:17:55.0769 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/14 18:17:55.0823 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/14 18:17:55.0854 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/09/14 18:17:55.0894 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/09/14 18:17:55.0941 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/14 18:17:55.0957 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/09/14 18:17:55.0971 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/09/14 18:17:55.0987 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/14 18:17:56.0023 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/14 18:17:56.0089 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/14 18:17:56.0130 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/09/14 18:17:56.0196 L8042Kbd (b8594774931e0c441410997a6be5d4dd) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2010/09/14 18:17:56.0234 L8042mou (caf5c936cc6a3f75843d279303916443) C:\Windows\system32\DRIVERS\L8042mou.Sys
2010/09/14 18:17:56.0813 LHidFilt (a7a1f07a63eecea1de943592374e26ce) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/09/14 18:17:56.0872 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/14 18:17:56.0910 LMouFilt (3ffc578a2388ed48600ea7b3a37e4394) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/09/14 18:17:56.0954 LMouKE (fbfcda54811f531868c209834ac37def) C:\Windows\system32\DRIVERS\LMouKE.Sys
2010/09/14 18:17:56.0998 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/14 18:17:57.0014 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/14 18:17:57.0030 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/14 18:17:57.0055 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/09/14 18:17:57.0119 LUsbFilt (2e46243c1100f1d17803803c4d4191f1) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/09/14 18:17:57.0211 MAFW (6dfb619a85eba572d791d2ddf350ef28) C:\Windows\system32\DRIVERS\mafw.sys
2010/09/14 18:17:57.0313 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
2010/09/14 18:17:57.0393 mcdbus (2757f2e17c452e24682eb0ccea74997d) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/09/14 18:17:57.0455 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/09/14 18:17:57.0494 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/09/14 18:17:57.0521 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/09/14 18:17:57.0562 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/14 18:17:57.0758 motccgp (7bd101253058db30c52c6ea8d3911754) C:\Windows\system32\DRIVERS\motccgp.sys
2010/09/14 18:17:57.0783 motccgpfl (1a700e7063ca7f2b29a4e761da604dfb) C:\Windows\system32\DRIVERS\motccgpfl.sys
2010/09/14 18:17:57.0823 MotDev (07a02f0fe55ae183843ef627feb85fe6) C:\Windows\system32\DRIVERS\motodrv.sys
2010/09/14 18:17:57.0872 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
2010/09/14 18:17:57.0901 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
2010/09/14 18:17:57.0935 Motousbnet (99a78f5d9994a85ede0bd5eab15946d9) C:\Windows\system32\DRIVERS\Motousbnet.sys
2010/09/14 18:17:57.0971 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/14 18:17:57.0988 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/14 18:17:58.0005 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/09/14 18:17:58.0028 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/09/14 18:17:58.0052 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/14 18:17:58.0071 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/14 18:17:58.0112 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/14 18:17:58.0167 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/14 18:17:58.0204 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/14 18:17:58.0242 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/14 18:17:58.0273 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/09/14 18:17:58.0302 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/09/14 18:17:58.0337 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/09/14 18:17:58.0436 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/09/14 18:17:58.0464 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/14 18:17:58.0497 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/14 18:17:58.0519 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/09/14 18:17:58.0571 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/09/14 18:17:58.0609 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/14 18:17:58.0639 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/09/14 18:17:58.0685 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/09/14 18:17:58.0751 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/14 18:17:58.0834 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/09/14 18:17:58.0877 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/14 18:17:58.0894 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/14 18:17:58.0940 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/14 18:17:58.0976 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/09/14 18:17:59.0025 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/14 18:17:59.0074 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/14 18:17:59.0239 netr7364 (0e27af88b9c2291d2fde9faaebd2e9a3) C:\Windows\system32\DRIVERS\netr7364.sys
2010/09/14 18:17:59.0279 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/09/14 18:17:59.0342 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/09/14 18:17:59.0359 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/14 18:17:59.0443 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/09/14 18:17:59.0491 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/09/14 18:17:59.0512 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/09/14 18:17:59.0528 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/09/14 18:17:59.0543 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/09/14 18:17:59.0634 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/14 18:17:59.0701 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/09/14 18:17:59.0747 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/09/14 18:17:59.0800 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/09/14 18:17:59.0835 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/09/14 18:17:59.0851 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/09/14 18:17:59.0896 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2010/09/14 18:17:59.0931 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/09/14 18:18:00.0072 pnarp (f1965ae69fdb4c6d9ffeceb2c12f7898) C:\Windows\system32\DRIVERS\pnarp.sys
2010/09/14 18:18:00.0142 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/14 18:18:00.0177 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/09/14 18:18:00.0215 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
2010/09/14 18:18:00.0276 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/14 18:18:00.0318 purendis (ec7333fc339fc6a1f9bb3e50ad9b13c6) C:\Windows\system32\DRIVERS\purendis.sys
2010/09/14 18:18:00.0363 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/09/14 18:18:00.0416 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/09/14 18:18:00.0454 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/09/14 18:18:00.0489 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/14 18:18:00.0673 R300 (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/09/14 18:18:00.0803 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/14 18:18:00.0872 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/14 18:18:00.0933 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/14 18:18:00.0984 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/14 18:18:01.0031 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/14 18:18:01.0058 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/14 18:18:01.0092 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/09/14 18:18:01.0110 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/14 18:18:01.0147 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/09/14 18:18:01.0212 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/14 18:18:01.0268 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
2010/09/14 18:18:01.0308 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/09/14 18:18:01.0364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/09/14 18:18:01.0391 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/14 18:18:01.0417 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/09/14 18:18:01.0431 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/09/14 18:18:01.0459 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/09/14 18:18:01.0475 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/14 18:18:01.0491 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/14 18:18:01.0507 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/09/14 18:18:01.0529 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/09/14 18:18:01.0545 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/09/14 18:18:01.0598 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/09/14 18:18:01.0738 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/09/14 18:18:01.0795 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
2010/09/14 18:18:01.0812 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
2010/09/14 18:18:01.0817 sptd - detected Locked file (1)
2010/09/14 18:18:01.0885 srv (cb5bd298e62aed1b4af3cc44811a30a5) C:\Windows\system32\DRIVERS\srv.sys
2010/09/14 18:18:01.0912 srv2 (26cd9130775c59439b77ece2f6df9c4c) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/14 18:18:01.0972 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/14 18:18:02.0041 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/14 18:18:02.0071 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/09/14 18:18:02.0112 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/09/14 18:18:02.0137 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/09/14 18:18:02.0207 tbhsd (5dcea09ceabd027a61ca634de3035dab) C:\Windows\system32\drivers\tbhsd.sys
2010/09/14 18:18:02.0280 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/09/14 18:18:02.0324 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/14 18:18:02.0359 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/14 18:18:02.0383 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/09/14 18:18:02.0398 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/09/14 18:18:02.0440 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/14 18:18:02.0559 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/14 18:18:02.0594 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/14 18:18:02.0642 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/14 18:18:02.0690 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/14 18:18:02.0732 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/09/14 18:18:02.0770 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/14 18:18:02.0817 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/14 18:18:02.0836 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/09/14 18:18:02.0854 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/09/14 18:18:02.0890 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/09/14 18:18:02.0914 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/14 18:18:02.0963 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/09/14 18:18:03.0011 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2010/09/14 18:18:03.0076 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/14 18:18:03.0114 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/14 18:18:03.0153 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/14 18:18:03.0196 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/14 18:18:03.0238 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/09/14 18:18:03.0265 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2010/09/14 18:18:03.0306 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/14 18:18:03.0341 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/14 18:18:03.0362 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/14 18:18:03.0389 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/09/14 18:18:03.0453 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/09/14 18:18:03.0527 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/09/14 18:18:03.0587 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/09/14 18:18:03.0622 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/09/14 18:18:03.0665 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/09/14 18:18:03.0704 VST64HWBS2 (23de6f86133361c8dd5410e08a32bb3e) C:\Windows\system32\DRIVERS\VSTBS26.SYS
2010/09/14 18:18:03.0756 VST64_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2010/09/14 18:18:03.0849 VX3000 (abe39e9ad4dcb46c6cedc8f11c4bce8f) C:\Windows\system32\DRIVERS\VX3000.sys
2010/09/14 18:18:03.0915 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/09/14 18:18:03.0967 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/14 18:18:03.0978 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/14 18:18:04.0020 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/09/14 18:18:04.0065 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/14 18:18:04.0132 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2010/09/14 18:18:04.0220 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\winusb.sys
2010/09/14 18:18:04.0263 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2010/09/14 18:18:04.0364 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/14 18:18:04.0393 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/14 18:18:04.0445 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/14 18:18:04.0502 xcbdaNtsc (52e7b49578938f7b5fc94582123672c6) C:\Windows\system32\DRIVERS\xcbdax64.sys
2010/09/14 18:18:04.0547 ================================================================================
2010/09/14 18:18:04.0547 Scan finished
2010/09/14 18:18:04.0547 ================================================================================
2010/09/14 18:18:04.0556 Detected object count: 1
2010/09/14 18:18:11.0381 Locked file(sptd) - User select action: Skip


All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lsass Service deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lvokmrbo deleted successfully.
C:\Users\Allen\AppData\Local\lbmyoomte folder moved successfully.
C:\Users\Allen\AppData\Local\flqaktjre folder moved successfully.
C:\Users\Allen\.COMMgr folder moved successfully.
C:\Users\Allen\AppData\Roaming\3A9325FDFFA52EAE784592F9E188CF5C folder moved successfully.
File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.12.0 log created on 09142010_212947

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4617

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

9/14/2010 9:15:53 PM
mbam-log-2010-09-14 (21-15-53).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 627409
Time elapsed: 2 hour(s), 43 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\iemodule (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\internetconnection (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\webproxy (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (userinit.exe,C:\Windows\system32\twext.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\Adobe\Adobe Photoshop CS5 x32 Pre-Release Portable\CS4 Mac\adobe-master-cs4-keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Adobe\Adobe Premiere Pro CS4\adobe.premiere.pro.cs4.4.0.0.0-nope.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Allen\Downloads\Stardock.Objectdock.Plus.v1.90 FULL\bring up to full.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Programs, Downloads\NCH\NCH Wave Pad Master's Edition 3.05 Incl Keygen\Wave Pad v3.05_keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Programs, Downloads\Random Computer Stuff\Cisco Network Magic.v5.0.8282\Patch.exe (Patch.NetworkMagic) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0338)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-15 09:40:45
# local_time=2010-09-15 02:40:45 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 51174763 51174763 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 56 0 121124431 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=929832
# found=22
# cleaned=20
# scan_time=17921
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSpywareGuard3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentieu.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentws.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinOmegaaik.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-3122dae1 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\53c8c5da-60837d10 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\34a3fab-4c9a2633 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-122fd565 a variant of Java/TrojanDownloader.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-259fc12a probably a variant of Win32/Agent.DYXWUMY trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Allen\AppData\Roaming\Sun\Java\Deployment\cache\6.0\6\19cdf546-7f869642 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Ableton\Live 7.0.2\Program\cpv.dll probably a variant of Win32/Agent.FGDSVNW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\hlp.dat Win32/Bamital.DZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\wininit.exe Win32/Bamital.DX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\wininit.exe Win32/Bamital.DX trojan (unable to clean) 00000000000000000000000000000000 I
D:\Programs, Downloads\Music\DAWS\Ableton.Live.v7.0.2.WORKING-AiR\setup.exe probably a variant of Win32/Agent.FGDSVNW trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\Programs, Downloads\Nero 7 Ultra\Nero 7 Ultra.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Program Files\Ableton\Live 7.0.2\Program\cpv.dll probably a variant of Win32/Agent.FGDSVNW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\WINDOWS\system32\pmservice.exe a variant of Win32/Adware.RK.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:15 PM

Posted 15 September 2010 - 01:38 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :filefind
    wininit.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 K()nT3nTs

K()nT3nTs
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:15 PM

Posted 15 September 2010 - 01:49 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 11:44 on 15/09/2010 by Allen
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "wininit.exe"
C:\Windows\System32\wininit.exe --a---- 96768 bytes [02:48 21/01/2008] [02:48 21/01/2008] 0A1569FF509A2D4355B6DA236F6BCDF1
C:\Windows\SysWOW64\wininit.exe --a---- 96768 bytes [02:48 21/01/2008] [02:48 21/01/2008] 0A1569FF509A2D4355B6DA236F6BCDF1
C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe --a---- 123904 bytes [02:50 21/01/2008] [02:50 21/01/2008] 117EA87DF785CA1B9D821F6F213DCE07
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe --a---- 96768 bytes [02:48 21/01/2008] [02:48 21/01/2008] 101BA3EA053480BB5D957EF37C06B5ED

-= EOF =-

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:15 PM

Posted 15 September 2010 - 05:44 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :Files
    C:\Windows\System32\wininit.exe|C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe /replace
    C:\Windows\SysWOW64\wininit.exe|C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe /replace

    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 K()nT3nTs

K()nT3nTs
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:15 PM

Posted 15 September 2010 - 08:09 PM

All processes killed
========== FILES ==========
Unable to replace file: C:\Windows\System32\wininit.exe with C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe without a reboot.
File C:\Windows\SysWOW64\wininit.exe successfully replaced with C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator2
->Temp folder emptied: 273972565 bytes
->Temporary Internet Files folder emptied: 207395 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42860558 bytes
->Flash cache emptied: 831 bytes

User: All Users

User: Allen
->Temp folder emptied: 308870 bytes
->Temporary Internet Files folder emptied: 5452301 bytes
->Java cache emptied: 3800181 bytes
->FireFox cache emptied: 93088384 bytes
->Google Chrome cache emptied: 7316429 bytes
->Flash cache emptied: 4938757 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 61136 bytes
%systemroot%\System32 (64bit) .tmp files removed: 81616 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1013704 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 432651926 bytes

Total Files Cleaned = 826.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09152010_165154

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET2957.tmp scheduled to be moved on reboot.
C:\Windows\temp\WebEx\Log\914\atashost.log moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 9/15/2010 5:02:42 PM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Allen\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 63.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 591.24 Gb Total Space | 308.64 Gb Free Space | 52.20% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 698.31 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive E: | 97.66 Gb Total Space | 70.80 Gb Free Space | 72.50% Space Free | Partition Type: NTFS
Drive F: | 4.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDIO
Current User Name: Allen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Allen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)


========== Modules (SafeList) ==========

MOD - C:\Users\Allen\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WAS) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (W3SVC) -- C:\Windows\SysNative\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (AppHostSvc) -- C:\Windows\SysNative\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (WebEx Communications, Inc.)
SRV - (aawservice) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (TVService) -- C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe (Team MediaPortal)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (MA_CMIDI_InstallerService) -- C:\Program Files (x86)\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys File not found
DRV:64bit: - (SymIMMP) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM) -- C:\Windows\SysNative\DRIVERS\vrtaucbl.sys (Eugene V. Muzychenko)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\DRIVERS\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\DRIVERS\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (MAFW) -- C:\Windows\SysNative\DRIVERS\mafw.sys (Avid Technology, Inc.)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\DRIVERS\motccgp.sys (Motorola)
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys (Motorola)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (ATIAVAIW) -- C:\Windows\SysNative\DRIVERS\atinavt2.sys (ATI Technologies Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys (Motorola)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (VST64_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (VST64HWBS2) -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS (Conexant Systems, Inc.)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\DRIVERS\motswch.sys (Motorola)
DRV:64bit: - (MotDev) -- C:\Windows\SysNative\DRIVERS\motodrv.sys (Motorola Inc)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (xcbdaNtsc) ViXS Tuner Card (NTSC) -- C:\Windows\SysNative\DRIVERS\xcbdax64.sys (ViXS Systems Inc.)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\DRIVERS\motfilt.sys (Motorola Inc)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (copperhd) -- C:\Windows\SysNative\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (Null) -- C:\Windows\SysWow64\drivers\null.sys ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.zaazu.com/search-version.php?version=1.1.0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.zaazu.com/search-version.php?version=1.1.0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5491
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 00:48:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/07 17:17:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/09 20:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/09 20:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/09 20:33:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/09 20:33:27 | 000,000,000 | ---D | M]

[2008/09/24 00:30:54 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions
[2008/09/24 00:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/15 16:59:00 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jpuzebqj.default\extensions
[2010/04/27 17:27:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jpuzebqj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 06:58:16 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jpuzebqj.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/12/12 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\jpuzebqj.default\extensions\netvideohunter@netvideohunter.com
[2010/09/15 12:17:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/09 20:33:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/04 21:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010/01/09 23:00:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/09/09 20:33:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/09 20:33:24 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2008/08/06 16:22:02 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2009/10/11 05:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 09:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/07 14:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 14:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
[2008/06/27 17:03:12 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/09/09 20:33:26 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/08/13 06:58:22 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2006/10/07 06:18:48 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2010/09/06 15:02:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/09/06 15:02:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/10/07 06:01:00 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
[2010/03/13 02:59:13 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/13 02:59:13 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/03/13 02:59:13 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/13 02:59:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/13 02:59:13 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/03/13 02:59:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/13 02:59:13 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/10 05:53:05 | 000,393,419 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 13588 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TBSB01419 Class) - {714758BE-281E-4BDA-9190-413BFBD3399B} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (IE Toolbar) - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IE Toolbar) - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysNative\ieframe.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKCU..\Run: [CubeDesktop] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {00000130-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/ACELPACM.CAB (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Allen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Allen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/18 00:18:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1922c068-47f4-11df-9da3-001e8cdf1e61}\Shell\AutoRun\command - "" = G:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{47ec38c5-b932-11de-bbac-001e8cdf1e61}\Shell - "" = AutoRun
O33 - MountPoints2\{47ec38c5-b932-11de-bbac-001e8cdf1e61}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 12:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2010/09/14 21:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/09/14 18:29:04 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Malwarebytes
[2010/09/14 18:28:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/14 18:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/14 18:28:45 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/14 18:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/14 18:19:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/14 18:17:29 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Allen\Desktop\TDSSKiller.exe
[2010/09/14 18:11:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Allen\Desktop\mbam-setup-1.46.exe
[2010/09/13 17:02:37 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2010/09/08 21:00:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/09/08 09:36:19 | 000,000,000 | ---D | C] -- C:\Users\Allen\Program Files (x86)
[2010/09/07 22:33:41 | 000,000,000 | ---D | C] -- C:\Users\Allen\Desktop\The Mind of 9 Men
[2010/09/07 17:19:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/07 17:19:13 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/07 17:19:09 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 17:19:03 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 17:19:02 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 17:18:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/09/07 17:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/09/06 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\AIM
[2010/09/06 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\AOL
[2010/09/06 16:41:25 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Adobe
[2010/09/06 15:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/06 15:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/06 14:54:06 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Apple
[2010/09/06 14:53:50 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\Apple Computer
[2010/09/06 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\TechSmith
[2010/09/06 00:22:28 | 000,000,000 | ---D | C] -- C:\Users\Allen\Documents\Camtasia Studio
[2010/09/06 00:22:24 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010/09/06 00:22:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010/09/06 00:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010/09/06 00:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/09/06 00:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010/09/06 00:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\i Screen Recorder
[2010/08/30 19:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/08/30 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\twhirl
[2010/08/30 19:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2008/10/14 13:58:04 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Allen\AppData\Roaming\pcouffin.sys
[5 C:\Users\Allen\AppData\Local\*.tmp files -> C:\Users\Allen\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/15 17:04:35 | 000,896,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/15 17:04:35 | 000,742,142 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/15 17:04:35 | 000,154,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/15 17:02:11 | 014,155,776 | -HS- | M] () -- C:\Users\Allen\ntuser.dat
[2010/09/15 16:56:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/15 16:55:26 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 16:55:26 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 16:55:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/15 16:53:09 | 000,524,288 | -HS- | M] () -- C:\Users\Allen\ntuser.dat{a82e6781-362b-11de-958b-9501dacfaa41}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 16:53:09 | 000,065,536 | -HS- | M] () -- C:\Users\Allen\ntuser.dat{a82e6781-362b-11de-958b-9501dacfaa41}.TM.blf
[2010/09/15 16:53:08 | 002,532,798 | -H-- | M] () -- C:\Users\Allen\AppData\Local\IconCache.db
[2010/09/15 16:29:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4169808711-1242010007-3904342873-1000UA.job
[2010/09/15 12:29:07 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4169808711-1242010007-3904342873-1000Core.job
[2010/09/15 12:26:41 | 000,131,609 | ---- | M] () -- C:\Windows\hppins21.dat
[2010/09/15 12:17:48 | 000,133,270 | ---- | M] () -- C:\Windows\hppins21.dat.temp
[2010/09/15 12:16:33 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/09/15 12:16:29 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2010/09/15 12:15:26 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/09/15 12:08:43 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{393DFD18-3185-401D-8AB5-3566280D111E}.job
[2010/09/15 09:17:36 | 064,637,111 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/14 18:28:51 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/14 18:11:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Allen\Desktop\mbam-setup-1.46.exe
[2010/09/14 18:02:41 | 001,193,882 | ---- | M] () -- C:\Users\Allen\Desktop\tdsskiller.zip
[2010/09/13 17:05:41 | 000,000,930 | ---- | M] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/13 17:05:41 | 000,000,906 | ---- | M] () -- C:\Users\Allen\Desktop\Windows Media Player.lnk
[2010/09/13 17:02:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.exe
[2010/09/13 06:47:50 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/08 21:19:53 | 000,129,024 | ---- | M] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/08 19:38:26 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/07 17:19:14 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/07 17:19:10 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/07 17:19:03 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/07 17:19:03 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/07 17:19:02 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/07 17:06:22 | 000,525,824 | ---- | M] () -- C:\Users\Allen\Desktop\dds.scr
[2010/09/07 16:54:34 | 003,309,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Allen\Desktop\TDSSKiller.exe
[2010/09/06 22:20:34 | 000,144,464 | ---- | M] () -- C:\Users\Allen\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/06 15:23:47 | 000,212,752 | ---- | M] () -- C:\Users\Allen\Desktop\NEw track.rns
[2010/09/06 15:02:56 | 010,594,626 | ---- | M] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.rx2
[2010/09/06 14:55:56 | 027,655,597 | ---- | M] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.wav
[5 C:\Users\Allen\AppData\Local\*.tmp files -> C:\Users\Allen\AppData\Local\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 12:16:33 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/09/15 12:16:29 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2010/09/15 12:15:26 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/09/15 12:13:23 | 000,133,270 | ---- | C] () -- C:\Windows\hppins21.dat.temp
[2010/09/15 12:13:23 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat.temp
[2010/09/14 18:28:51 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/14 18:02:39 | 001,193,882 | ---- | C] () -- C:\Users\Allen\Desktop\tdsskiller.zip
[2010/09/13 17:05:41 | 000,000,930 | ---- | C] () -- C:\Users\Allen\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/13 17:05:41 | 000,000,906 | ---- | C] () -- C:\Users\Allen\Desktop\Windows Media Player.lnk
[2010/09/13 06:47:50 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/07 17:19:02 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/07 17:18:52 | 064,637,111 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/07 17:06:23 | 000,525,824 | ---- | C] () -- C:\Users\Allen\Desktop\dds.scr
[2010/09/06 15:11:08 | 000,212,752 | ---- | C] () -- C:\Users\Allen\Desktop\NEw track.rns
[2010/09/06 15:02:54 | 010,594,626 | ---- | C] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.rx2
[2010/09/06 14:55:53 | 027,655,597 | ---- | C] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.wav
[2010/09/06 14:55:32 | 003,139,356 | ---- | C] () -- C:\Users\Allen\Desktop\12 - France Gall - C'est pas facile d'être une fille.mp3
[2010/08/30 19:12:46 | 000,131,609 | ---- | C] () -- C:\Windows\hppins21.dat
[2010/08/30 19:12:05 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat
[2010/07/01 19:54:41 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2010/05/09 12:48:58 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/03/26 12:00:50 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/02/13 18:20:35 | 000,000,005 | ---- | C] () -- C:\Windows\pfjhockn.ini
[2010/02/10 00:42:43 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/09/15 11:18:56 | 000,230,042 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL90SP1_KB973924MSI65D2.txt
[2009/09/15 11:18:55 | 000,018,840 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL90SP1_KB973924UI65D2.txt
[2009/09/15 11:18:43 | 000,560,216 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL80SP1_KB973923MSI65AA.txt
[2009/09/15 11:18:43 | 000,018,840 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL80SP1_KB973923UI65AA.txt
[2009/09/15 11:18:34 | 000,544,074 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL80SP1_KB973923MSI658A.txt
[2009/09/15 11:18:33 | 000,018,952 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ATL80SP1_KB973923UI658A.txt
[2009/09/03 17:27:02 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/08/31 12:21:14 | 000,000,600 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\winscp.rnd
[2009/08/24 23:21:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2009/08/18 12:32:52 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/18 12:32:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/12 19:06:48 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2009/08/12 19:06:48 | 000,001,587 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009/05/08 19:07:22 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonmp.ini
[2009/05/07 22:56:09 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonbd.ini
[2009/05/07 22:51:46 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonii.ini
[2009/05/07 22:51:00 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonpj.ini
[2009/05/07 22:51:00 | 000,000,005 | ---- | C] () -- C:\Windows\ifdooncj.ini
[2009/05/02 18:24:51 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonkd.ini
[2009/05/02 18:24:51 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonjo.ini
[2009/05/02 18:24:51 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoonhc.ini
[2009/05/02 18:24:51 | 000,000,005 | ---- | C] () -- C:\Windows\ifdoondp.ini
[2009/03/09 07:45:02 | 000,000,571 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\AutoGK.ini
[2009/01/25 14:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/10 02:41:01 | 000,157,983 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\ReplayMusicLog.log
[2009/01/09 21:55:24 | 000,346,685 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/01/09 21:55:20 | 000,281,354 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_dotnetfx3install.txt
[2009/01/09 21:55:20 | 000,002,972 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_dotnetfx3error.txt
[2009/01/08 16:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/08 02:31:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\DirectoryService
[2009/01/08 02:31:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\Devices
[2009/01/05 23:17:40 | 000,564,224 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/01/05 23:17:35 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008/12/24 12:33:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\null.sys
[2008/12/23 04:25:50 | 000,000,024 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\avetoasts.ini
[2008/12/23 04:25:13 | 000,000,068 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\avethumbnailapp.ini
[2008/12/15 22:28:29 | 000,019,702 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\UserTile.png
[2008/12/06 02:19:51 | 000,000,005 | ---- | C] () -- C:\Windows\bdlgbikn.ini
[2008/10/27 23:55:05 | 000,001,024 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\WavCodec.wff
[2008/10/14 13:59:13 | 000,000,034 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\pcouffin.log
[2008/10/14 13:58:04 | 000,099,384 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\inst.exe
[2008/10/14 13:58:04 | 000,007,859 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\pcouffin.cat
[2008/10/14 13:58:04 | 000,001,167 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\pcouffin.inf
[2008/10/12 06:00:06 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008/10/12 06:00:06 | 000,000,000 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\Displays
[2008/09/16 22:51:36 | 000,338,400 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_SharedManagementObjects_MSI5F92.txt
[2008/09/16 22:51:34 | 000,173,156 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_SQLSysClrTypes_msi5F8B.txt
[2008/09/16 22:51:27 | 000,322,356 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_SQLCEToolsForVS2007_MSI5F75.txt
[2008/09/16 22:51:25 | 000,398,936 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_SSCERuntime_MSI5F6E.txt
[2008/09/16 22:48:10 | 011,395,826 | ---- | C] () -- C:\Users\Allen\AppData\Local\VSMsiLog5CF1.txt
[2008/09/16 22:48:04 | 000,201,226 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI5CDE.txt
[2008/09/16 22:48:01 | 000,214,398 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_WinSDK_ExpTools_x64_MSI5CD4.txt
[2008/09/16 22:47:53 | 001,228,796 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_ExpRemoteDbg_x64_MSI5CBA.txt
[2008/09/16 22:46:35 | 002,484,104 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_NET_Framework35_x64_MSI5BBB.txt
[2008/09/16 22:33:18 | 000,200,214 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2008/09/16 22:33:17 | 000,210,766 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_dotnetfx35install.txt
[2008/09/16 22:33:17 | 000,000,002 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_dotnetfx35error.txt
[2008/09/16 22:33:05 | 000,422,324 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_VC_Red_MSI5166.txt
[2008/09/16 22:30:08 | 000,118,573 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_depcheck_VB_EXP_90.txt
[2008/09/16 22:30:03 | 000,546,080 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_install_vb_xcor_90.txt
[2008/09/16 22:30:03 | 000,028,644 | ---- | C] () -- C:\Users\Allen\AppData\Local\uxeventlog.txt
[2008/09/16 22:30:03 | 000,000,002 | ---- | C] () -- C:\Users\Allen\AppData\Local\dd_error_vb_xcor_90.txt
[2008/09/05 01:38:59 | 000,000,277 | ---- | C] () -- C:\Windows\TheMatrix.ini
[2008/09/02 22:46:57 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2008/08/04 21:06:01 | 001,121,446 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/06/25 00:45:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/06/24 11:08:03 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/20 20:53:15 | 000,002,032 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps.dat
[2008/06/12 16:22:06 | 000,910,606 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/06/12 01:44:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/07 23:40:58 | 000,129,024 | ---- | C] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/07 00:19:28 | 000,000,732 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps64.dat
[2008/02/22 09:02:46 | 000,005,548 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/22 08:55:03 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/02/22 08:55:03 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:48:58 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
[2007/08/23 20:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2007/04/10 14:46:36 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C265C458
< End of report >

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:15 PM

Posted 16 September 2010 - 06:21 AM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\System32\wininit.exe
C:\Windows\SysWOW64\wininit.exe


This will produce a report after the scan is complete, please copy and paste those results in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 K()nT3nTs

K()nT3nTs
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:15 PM

Posted 16 September 2010 - 06:57 AM

Both reports came back clean.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:15 PM

Posted 16 September 2010 - 07:06 AM

Hi hit the scan again button for the first one it doesn't look right.
It's md5 is different than the from the first one they should be identical.
Post that result when complete or copy and paste it please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 K()nT3nTs

K()nT3nTs
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:15 PM

Posted 16 September 2010 - 08:48 AM

Here you go.

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:06:15 PM

Posted 16 September 2010 - 01:25 PM

All right looks good smile.gif
How are things running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 K()nT3nTs

K()nT3nTs
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:15 PM

Posted 16 September 2010 - 03:06 PM

QUOTE(kahdah @ Sep 16 2010, 01:25 PM) View Post
All right looks good smile.gif
How are things running?


When I left today I was still getting Windows Explorer not responding and it saying explorer needs to restart.After clicking ok it just did a refresh on Windows. I need to restart when I get home to see whats up. Other then that its running now. I think the icons are still missing next to the clock for running apps. I will restart and let you know if its still acting up.

Thanks for the prompt responses.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users