Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popup Antivirus Alert Win32/Nugel.E


  • This topic is locked This topic is locked
38 replies to this topic

#1 darnson

darnson

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 10 November 2010 - 03:36 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic359288.html ~ OB

First let me start by say I appreciate this site and forum very much.

I have tried killing the process with task manager and get no where and rtkill. I have had to run everything in safe mode. I can't eve do a restore point.

Here is what I have been infected with. I get a pop-ups that say:

1st popup - Application cannot be executed. The file googleupdaterservice.exe is infected. Do you want to activate your antivirus software now?

2nd popup - XML load failed with error A string literal ws expected, but no opening quote character was found

3rd popup - Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?

4th popup - Antivirus Details
Attack from 158.216.233.105
port 19810
Attacked port 13442
Threat Win32/Nugel.E

And I have this crazy WeatherMan in my task bar?

I hope this helps.


DDS file:


DDS (Ver_10-11-09.01) - NTFS_AMD64 NETWORK
Run by DEBE at 22:43:04.39 on 11/09/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2736 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\DEBE\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mystart.incredimail.com/
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H
uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [vqnbsoph] C:\Users\DEBE\AppData\Local\Temp\wddplgbxu\jytljettsbl.exe
dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
dRun: [wben] "C:\Program Files (x86)\Starfield\wben.exe"
StartupFolder: C:\Users\DEBE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CARDCA~1.LNK - C:\Program Files (x86)\American Greetings Card Calendar\CardCalendar\CardCalendar.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
uPolicies-explorer: DisallowRun = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Atomic Email Hunter - C:\Program Files (x86)\AtomPark\Atomic Email Hunter\ie.htm
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: convergysworkathome.com\www
Trusted Zone: kern.ca.us\assessor.co
Trusted Zone: kw.com\admin
Trusted Zone: zipformonline.com\wfo
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} - hxxp://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://www.realquest.com/mapviewer/mapviewer.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: AWinNotifyVitaKey MC3000 - C:\Program Files (x86)\Acer\Acer Bio Protection\WinNotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli C:\Program Files (x86)\Acer\Acer Bio Protection\PwdFilter
mASetup: {0E3C4A88-7C19-414E-9634-66AC13CB11F6} - C:\Windows\SysWOW64\msiexec.exe /fu {0E3C4A88-7C19-414E-9634-66AC13CB11F6} /q
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
mRun-x64: [eDataSecurity Loader] "C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe"
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe
IE-X64: {491A6C2B-1046-486b-8A8F-7D26BCB79A9B}

================= FIREFOX ===================

FF - ProfilePath - C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np_IEGetPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: C:\Users\DEBE\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\DEBE\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trueC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;C:\Windows\System32\drivers\AlfaFF.sys [2008-11-17 54704]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-20 52856]
R1 sbtis;sbtis;C:\Windows\System32\drivers\sbtis.sys [2009-4-23 82480]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2009-6-12 59392]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-11-17 32240]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-5-8 135336]
S2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-5-8 267944]
S2 ASTSRV;Nalpeiron Licensing Service;C:\Windows\system32\ASTSRV.EXE --> C:\Windows\system32\ASTSRV.EXE [?]
S2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-5-8 81584]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-2-25 21752]
S2 CLHNService;CLHNService;C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-11-17 81504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-4-22 24576]
S2 File Backup;File Backup Service;C:\Program Files (x86)\Starfield\offSyncService.exe [2010-7-16 1310960]
S2 gupdate1c9a1c843b4bfe0;Google Update Service (gupdate1c9a1c843b4bfe0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-3-10 133104]
S2 IGBASVC;iGroupTec Service;C:\Program Files (x86)\Acer\Acer Bio Protection\BASVC.exe [2008-11-17 3474432]
S2 nlsInterface;Nalpeiron Licensing Service 64-bit;C:\Windows\System32\nlsInterface.exe [2009-12-13 72192]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-2-25 49152]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-2-25 131072]
S2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-1-11 82944]
S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2008-11-17 233472]
S2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-4-22 717104]
S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-6-8 124224]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2009-11-14 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-4-22 125328]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2008-4-21 3629568]
S3 nosGetPlusHelper;getPlus® Installer;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 27648]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-1-7 41280]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-6-8 43032]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 swivsp;AC8xx Virtual Serial Port;C:\Windows\System32\drivers\swivspnt.sys [2007-3-26 23552]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);C:\Windows\System32\drivers\swnc8u56.sys [2008-8-20 200192]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);C:\Windows\System32\drivers\swumx56.sys [2008-8-20 191872]
S3 vfs101a;vfs101a;C:\Windows\System32\drivers\vfs101a.sys [2008-4-22 49968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2008-1-20 22528]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.txt=

=============== Created Last 30 ================

2010-11-05 19:18:57 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-05 15:55:16 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A93A1AD9-EDC7-4264-8672-0D4575285FA9}\mpengine.dll
2010-11-05 00:39:56 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2010-11-04 20:48:38 -------- d-----w- C:\PROGRA~3\PC Tools
2010-11-03 09:02:45 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-03 09:02:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-11-05 02:29:17 6580 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
2010-11-02 14:03:52 81584 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 17:42:01 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-08-26 17:40:17 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-26 16:34:50 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2010-08-26 16:33:12 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-26 15:30:20 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-08-26 14:23:58 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-08-24 18:00:25 72080 ----a-w- C:\Users\DEBE\g2mdlhlpx.exe
2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe
2008-01-17 20:34:02 182 ----a-w- C:\Program Files (x86)\deleteindex.vbs
2005-07-15 21:26:00 334 ----a-w- C:\Program Files\layout.bin
1997-06-07 01:27:50 59904 ----a-w- C:\Program Files\SETUP.EXE
1997-06-02 20:17:58 8192 ----a-w- C:\Program Files\_ISDEL.EXE
1997-06-02 20:17:40 11264 ----a-w- C:\Program Files\_SETUP.DLL

============= FINISH: 22:44:58.15 ===============

Attached Files


Edited by Orange Blossom, 11 November 2010 - 11:09 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 PM

Posted 18 November 2010 - 08:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 darnson

darnson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 18 November 2010 - 11:53 PM

:thumbsup: Hi Mole! Thank you so much for your help. Ready when you are.

Debbie

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 PM

Posted 19 November 2010 - 05:06 PM

These pop-ups should be ignored, of course.

Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have AVG you will need to completely uninstall it (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 darnson

darnson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 19 November 2010 - 11:15 PM

Hi Mole,

Can i do this in safe mode?

Debbie

#6 darnson

darnson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 20 November 2010 - 12:42 AM

When I try to launch this it tells me it's not compatible.

Incompatible OS. Combo Fix only works for workstations with Windows 2000 and XP. I have Vista

Not sure what else to do.

Debbie

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 PM

Posted 21 November 2010 - 09:01 AM

It's preventing you running it. Vista and Combofix are compatible.

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#8 darnson

darnson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 21 November 2010 - 12:29 PM

Duration: 00:00:23
Processed: 254 objects
Infection: not found

2010/11/21 09:23:38.0662 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/21 09:23:38.0662 ================================================================================
2010/11/21 09:23:38.0662 SystemInfo:
2010/11/21 09:23:38.0662
2010/11/21 09:23:38.0662 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/21 09:23:38.0662 Product type: Workstation
2010/11/21 09:23:38.0663 ComputerName: DEBE-PC
2010/11/21 09:23:38.0663 UserName: DEBE
2010/11/21 09:23:38.0663 Windows directory: C:\Windows
2010/11/21 09:23:38.0663 System windows directory: C:\Windows
2010/11/21 09:23:38.0663 Running under WOW64
2010/11/21 09:23:38.0663 Processor architecture: Intel x64
2010/11/21 09:23:38.0663 Number of processors: 2
2010/11/21 09:23:38.0663 Page size: 0x1000
2010/11/21 09:23:38.0663 Boot type: Normal boot
2010/11/21 09:23:38.0663 ================================================================================
2010/11/21 09:23:38.0664 Utility is running under WOW64
2010/11/21 09:23:39.0110 Initialize success
2010/11/21 09:23:43.0422 ================================================================================
2010/11/21 09:23:43.0422 Scan started
2010/11/21 09:23:43.0422 Mode: Manual;
2010/11/21 09:23:43.0422 ================================================================================
2010/11/21 09:23:44.0897 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/11/21 09:23:45.0001 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/11/21 09:23:45.0143 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/11/21 09:23:45.0204 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/11/21 09:23:45.0307 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/11/21 09:23:45.0461 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/11/21 09:23:45.0598 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
2010/11/21 09:23:45.0752 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/11/21 09:23:45.0820 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/11/21 09:23:45.0941 AlfaFF (f450780d28fedec0b6e2d24116b08799) C:\Windows\system32\Drivers\AlfaFF.sys
2010/11/21 09:23:46.0030 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/11/21 09:23:46.0148 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/11/21 09:23:46.0219 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/11/21 09:23:46.0340 Amfilter (71aff825b960731e2ae366467bc0d1f3) C:\Windows\system32\DRIVERS\Amfltx64.sys
2010/11/21 09:23:46.0395 Amusbprt (8f1db3d133197affa3a721953eb0988c) C:\Windows\system32\DRIVERS\Amusbx64.sys
2010/11/21 09:23:46.0556 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/11/21 09:23:46.0603 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/11/21 09:23:46.0810 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/21 09:23:46.0876 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/11/21 09:23:47.0025 avgntflt (1244abc7b1978a4c43b8276cb1d91859) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/11/21 09:23:47.0086 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2010/11/21 09:23:47.0239 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/11/21 09:23:47.0293 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/21 09:23:47.0330 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/21 09:23:47.0363 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/11/21 09:23:47.0492 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/11/21 09:23:47.0527 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/11/21 09:23:47.0564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/21 09:23:47.0620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/11/21 09:23:47.0665 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/11/21 09:23:47.0828 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/21 09:23:47.0904 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/21 09:23:48.0028 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/21 09:23:48.0113 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/11/21 09:23:48.0365 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/21 09:23:48.0423 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/11/21 09:23:48.0480 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/21 09:23:48.0519 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/21 09:23:48.0697 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/11/21 09:23:48.0775 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/11/21 09:23:48.0921 DritekPortIO (fb201e9dd00af94aec7fa02305cb075e) C:\PROGRA~2\LAUNCH~1\DPortIO.sys
2010/11/21 09:23:49.0037 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/21 09:23:49.0147 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/21 09:23:49.0278 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/21 09:23:49.0373 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/11/21 09:23:49.0535 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/11/21 09:23:49.0607 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/11/21 09:23:49.0778 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/11/21 09:23:49.0850 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/11/21 09:23:49.0938 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/21 09:23:50.0084 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/11/21 09:23:50.0129 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/11/21 09:23:50.0262 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/21 09:23:50.0337 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/11/21 09:23:50.0509 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/21 09:23:50.0583 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/21 09:23:50.0698 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/21 09:23:50.0875 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/11/21 09:23:50.0987 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/21 09:23:51.0112 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/11/21 09:23:51.0157 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/21 09:23:51.0234 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/21 09:23:51.0316 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/11/21 09:23:51.0432 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/11/21 09:23:51.0557 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/11/21 09:23:51.0620 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/21 09:23:51.0759 iaStor (16a4671255cfb842225f0fdb6dbdb414) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/21 09:23:51.0826 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/11/21 09:23:52.0186 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/11/21 09:23:52.0486 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/11/21 09:23:52.0594 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
2010/11/21 09:23:52.0747 IntcAzAudAddService (f41b1bd00a1bc054dbb6412a46823e52) C:\Windows\system32\drivers\RTKVHD64.sys
2010/11/21 09:23:52.0889 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/11/21 09:23:52.0925 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/21 09:23:53.0079 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/21 09:23:53.0180 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/21 09:23:53.0305 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/21 09:23:53.0344 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/11/21 09:23:53.0407 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/11/21 09:23:53.0545 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/21 09:23:53.0596 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/11/21 09:23:53.0719 itecir (6a217fa9f92400cfec8b0f6471b8ae28) C:\Windows\system32\DRIVERS\itecir.sys
2010/11/21 09:23:53.0787 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/11/21 09:23:53.0933 JMCR (f12fdd192cc5729304ac7ce9e89c81a0) C:\Windows\system32\DRIVERS\jmcr.sys
2010/11/21 09:23:53.0997 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/21 09:23:54.0071 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/21 09:23:54.0213 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/21 09:23:54.0268 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/11/21 09:23:54.0415 L1E (073508533e422ce8bcee234eb35ceebf) C:\Windows\system32\DRIVERS\L1E60x64.sys
2010/11/21 09:23:54.0509 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/21 09:23:54.0585 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/21 09:23:54.0709 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/21 09:23:54.0746 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/21 09:23:54.0805 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/11/21 09:23:54.0885 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/11/21 09:23:54.0981 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/11/21 09:23:55.0119 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/11/21 09:23:55.0194 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/21 09:23:55.0273 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/21 09:23:55.0344 moufiltr (80db1a0d262c71dda698f4c20a7c19de) C:\Windows\system32\DRIVERS\moufiltr.sys
2010/11/21 09:23:55.0415 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/21 09:23:55.0484 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/11/21 09:23:55.0529 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/11/21 09:23:55.0581 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/21 09:23:55.0664 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/21 09:23:55.0762 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/21 09:23:55.0837 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/21 09:23:55.0899 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/21 09:23:55.0961 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/21 09:23:56.0018 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/11/21 09:23:56.0080 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/11/21 09:23:56.0174 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/11/21 09:23:56.0215 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/11/21 09:23:56.0288 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/21 09:23:56.0380 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/21 09:23:56.0454 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/11/21 09:23:56.0530 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/11/21 09:23:56.0599 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/21 09:23:56.0691 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/11/21 09:23:56.0764 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/11/21 09:23:56.0858 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/21 09:23:56.0995 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/11/21 09:23:57.0086 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/21 09:23:57.0140 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/21 09:23:57.0220 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/21 09:23:57.0295 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/11/21 09:23:57.0372 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/21 09:23:57.0461 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/21 09:23:57.0752 NETw4v64 (03c65886a736837d3a2dbde7e13183c7) C:\Windows\system32\DRIVERS\NETw4v64.sys
2010/11/21 09:23:58.0173 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
2010/11/21 09:23:58.0433 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/11/21 09:23:58.0553 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/11/21 09:23:58.0599 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/21 09:23:58.0776 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/11/21 09:23:58.0932 NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys
2010/11/21 09:23:58.0980 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/11/21 09:23:59.0030 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/11/21 09:23:59.0089 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/11/21 09:23:59.0214 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/11/21 09:23:59.0302 NWADI (f79633a8b7db75cb5fad53b02985a414) C:\Windows\system32\DRIVERS\NWADIenum.sys
2010/11/21 09:23:59.0464 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2010/11/21 09:23:59.0600 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/11/21 09:23:59.0707 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/11/21 09:23:59.0808 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
2010/11/21 09:23:59.0920 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/11/21 09:23:59.0970 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/11/21 09:24:00.0045 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/11/21 09:24:00.0164 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
2010/11/21 09:24:00.0261 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/11/21 09:24:00.0534 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/21 09:24:00.0606 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/11/21 09:24:00.0725 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/21 09:24:00.0791 PSDFilter (e4f35efd9962a3c80365e029e5acbc92) C:\Windows\system32\DRIVERS\psdfilter.sys
2010/11/21 09:24:00.0867 PSDNServ (41031289856ab4c99a49218e6c4e9f46) C:\Windows\system32\DRIVERS\PSDNServ.sys
2010/11/21 09:24:00.0914 psdvdisk (c33fb61864c5096b0bf4b9dbc01bb5a9) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2010/11/21 09:24:01.0028 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/11/21 09:24:01.0140 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/11/21 09:24:01.0276 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/11/21 09:24:01.0342 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/21 09:24:01.0385 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/21 09:24:01.0529 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/21 09:24:01.0622 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/21 09:24:01.0695 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/21 09:24:01.0837 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/21 09:24:01.0891 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/21 09:24:01.0959 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/11/21 09:24:02.0092 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/21 09:24:02.0172 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/11/21 09:24:02.0355 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2010/11/21 09:24:02.0419 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2010/11/21 09:24:02.0529 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
2010/11/21 09:24:02.0646 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/21 09:24:02.0751 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/11/21 09:24:02.0794 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/11/21 09:24:02.0897 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/11/21 09:24:02.0963 sbtis (f9c85b83954b976702aa8e61b77d9c68) C:\Windows\system32\drivers\sbtis.sys
2010/11/21 09:24:03.0135 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/21 09:24:03.0201 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2010/11/21 09:24:03.0236 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/11/21 09:24:03.0291 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/11/21 09:24:03.0362 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/11/21 09:24:03.0396 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/21 09:24:03.0431 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/21 09:24:03.0467 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/11/21 09:24:03.0524 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/11/21 09:24:03.0563 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/11/21 09:24:03.0651 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/11/21 09:24:03.0802 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/11/21 09:24:03.0923 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2010/11/21 09:24:04.0045 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/21 09:24:04.0086 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/21 09:24:04.0244 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/21 09:24:04.0311 swivsp (67498f55fec86590882435562fc72a63) C:\Windows\system32\DRIVERS\swivspnt.sys
2010/11/21 09:24:04.0399 swmsflt (7e6fa3ad57467b3af471c3e1041e350c) C:\Windows\system32\DRIVERS\swmsflt.sys
2010/11/21 09:24:04.0524 swmx00 (a8e9e76cc2f342f205273702969c84c9) C:\Windows\system32\DRIVERS\swmx00.sys
2010/11/21 09:24:04.0627 SWNC5E00 (30f6c799836c9b8a6e3a7f7343f0b8cf) C:\Windows\system32\DRIVERS\SWNC5E00.sys
2010/11/21 09:24:04.0749 SWNC8U56 (93426e420efe938774d0c2d17f7ad4d2) C:\Windows\system32\DRIVERS\swnc8u56.sys
2010/11/21 09:24:04.0878 SWUMX56 (8eb20f97ccbd8363f5564f01ba7b34cc) C:\Windows\system32\DRIVERS\swumx56.sys
2010/11/21 09:24:04.0940 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/11/21 09:24:05.0052 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/11/21 09:24:05.0087 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/11/21 09:24:05.0147 SynTP (05745019abf1abb5ec8e305dd836b14f) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/21 09:24:05.0351 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/11/21 09:24:05.0529 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/21 09:24:05.0649 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/21 09:24:05.0710 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/11/21 09:24:05.0758 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/11/21 09:24:05.0876 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/21 09:24:05.0944 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/21 09:24:06.0070 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/21 09:24:06.0185 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/21 09:24:06.0233 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/21 09:24:06.0282 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/11/21 09:24:06.0405 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
2010/11/21 09:24:06.0481 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/21 09:24:06.0645 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/21 09:24:06.0706 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/11/21 09:24:06.0763 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/11/21 09:24:06.0889 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/11/21 09:24:06.0940 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/21 09:24:07.0088 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/21 09:24:07.0150 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/11/21 09:24:07.0289 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/21 09:24:07.0338 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/21 09:24:07.0411 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/11/21 09:24:07.0517 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2010/11/21 09:24:07.0589 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/21 09:24:07.0645 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/21 09:24:07.0754 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/21 09:24:07.0834 vfs101a (24899eff90e725d9c3ac10be870b4d1d) C:\Windows\system32\drivers\vfs101a.sys
2010/11/21 09:24:07.0952 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/21 09:24:08.0010 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/11/21 09:24:08.0054 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/11/21 09:24:08.0126 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/11/21 09:24:08.0246 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/11/21 09:24:08.0336 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/11/21 09:24:08.0462 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/11/21 09:24:08.0592 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/11/21 09:24:08.0752 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/21 09:24:08.0800 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/21 09:24:08.0898 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/11/21 09:24:09.0030 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/21 09:24:09.0348 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/21 09:24:09.0467 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/21 09:24:09.0598 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/21 09:24:09.0674 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/11/21 09:24:09.0747 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/21 09:24:09.0875 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl
2010/11/21 09:24:09.0979 ================================================================================
2010/11/21 09:24:09.0979 Scan finished
2010/11/21 09:24:09.0979 ================================================================================
2010/11/21 09:25:14.0702 ================================================================================
2010/11/21 09:25:14.0702 Scan started
2010/11/21 09:25:14.0702 Mode: Manual;
2010/11/21 09:25:14.0702 ================================================================================
2010/11/21 09:25:15.0152 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2010/11/21 09:25:15.0255 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2010/11/21 09:25:15.0320 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2010/11/21 09:25:15.0847 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2010/11/21 09:25:15.0962 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2010/11/21 09:25:16.0082 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2010/11/21 09:25:16.0197 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
2010/11/21 09:25:16.0318 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2010/11/21 09:25:16.0396 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2010/11/21 09:25:16.0461 AlfaFF (f450780d28fedec0b6e2d24116b08799) C:\Windows\system32\Drivers\AlfaFF.sys
2010/11/21 09:25:16.0551 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2010/11/21 09:25:16.0635 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2010/11/21 09:25:16.0685 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2010/11/21 09:25:16.0739 Amfilter (71aff825b960731e2ae366467bc0d1f3) C:\Windows\system32\DRIVERS\Amfltx64.sys
2010/11/21 09:25:16.0815 Amusbprt (8f1db3d133197affa3a721953eb0988c) C:\Windows\system32\DRIVERS\Amusbx64.sys
2010/11/21 09:25:16.0910 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2010/11/21 09:25:16.0939 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2010/11/21 09:25:17.0062 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/21 09:25:17.0152 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2010/11/21 09:25:17.0268 avgntflt (1244abc7b1978a4c43b8276cb1d91859) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/11/21 09:25:17.0307 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2010/11/21 09:25:17.0405 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2010/11/21 09:25:17.0492 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/21 09:25:17.0523 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/21 09:25:17.0556 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2010/11/21 09:25:17.0603 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2010/11/21 09:25:17.0638 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2010/11/21 09:25:17.0671 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/21 09:25:17.0719 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2010/11/21 09:25:17.0746 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2010/11/21 09:25:17.0809 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/21 09:25:17.0880 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/21 09:25:17.0982 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/21 09:25:18.0101 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2010/11/21 09:25:18.0219 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/21 09:25:18.0310 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2010/11/21 09:25:18.0367 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/21 09:25:18.0409 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/21 09:25:18.0502 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2010/11/21 09:25:18.0563 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2010/11/21 09:25:18.0686 DritekPortIO (fb201e9dd00af94aec7fa02305cb075e) C:\PROGRA~2\LAUNCH~1\DPortIO.sys
2010/11/21 09:25:18.0758 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/21 09:25:18.0879 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/21 09:25:18.0988 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2010/11/21 09:25:19.0094 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2010/11/21 09:25:19.0179 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2010/11/21 09:25:19.0277 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2010/11/21 09:25:19.0455 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2010/11/21 09:25:19.0571 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2010/11/21 09:25:19.0637 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/21 09:25:19.0761 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2010/11/21 09:25:19.0828 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2010/11/21 09:25:19.0864 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/21 09:25:19.0947 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2010/11/21 09:25:20.0063 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/21 09:25:20.0160 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/21 09:25:20.0241 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/21 09:25:20.0351 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2010/11/21 09:25:20.0441 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/21 09:25:20.0555 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2010/11/21 09:25:20.0655 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/21 09:25:20.0722 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/21 09:25:20.0803 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2010/11/21 09:25:20.0930 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2010/11/21 09:25:21.0045 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2010/11/21 09:25:21.0119 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/21 09:25:21.0191 iaStor (16a4671255cfb842225f0fdb6dbdb414) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/21 09:25:21.0280 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2010/11/21 09:25:21.0608 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/11/21 09:25:21.0807 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2010/11/21 09:25:21.0948 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
2010/11/21 09:25:22.0101 IntcAzAudAddService (f41b1bd00a1bc054dbb6412a46823e52) C:\Windows\system32\drivers\RTKVHD64.sys
2010/11/21 09:25:22.0222 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2010/11/21 09:25:22.0290 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/21 09:25:22.0366 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/21 09:25:22.0557 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/21 09:25:22.0649 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/21 09:25:22.0688 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2010/11/21 09:25:22.0716 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2010/11/21 09:25:22.0788 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/21 09:25:22.0862 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2010/11/21 09:25:22.0951 itecir (6a217fa9f92400cfec8b0f6471b8ae28) C:\Windows\system32\DRIVERS\itecir.sys
2010/11/21 09:25:22.0979 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2010/11/21 09:25:23.0043 JMCR (f12fdd192cc5729304ac7ce9e89c81a0) C:\Windows\system32\DRIVERS\jmcr.sys
2010/11/21 09:25:23.0129 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/21 09:25:23.0225 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/21 09:25:23.0313 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/21 09:25:23.0389 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2010/11/21 09:25:23.0492 L1E (073508533e422ce8bcee234eb35ceebf) C:\Windows\system32\DRIVERS\L1E60x64.sys
2010/11/21 09:25:23.0571 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/21 09:25:23.0695 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/21 09:25:23.0752 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/21 09:25:23.0787 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/21 09:25:23.0837 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2010/11/21 09:25:23.0875 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2010/11/21 09:25:23.0935 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2010/11/21 09:25:24.0040 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2010/11/21 09:25:24.0104 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/21 09:25:24.0138 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/21 09:25:24.0198 moufiltr (80db1a0d262c71dda698f4c20a7c19de) C:\Windows\system32\DRIVERS\moufiltr.sys
2010/11/21 09:25:24.0281 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/21 09:25:24.0349 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2010/11/21 09:25:24.0395 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2010/11/21 09:25:24.0480 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/21 09:25:24.0562 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/21 09:25:24.0628 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/21 09:25:24.0736 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/21 09:25:24.0808 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/21 09:25:24.0860 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/21 09:25:24.0940 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2010/11/21 09:25:25.0012 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2010/11/21 09:25:25.0073 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2010/11/21 09:25:25.0108 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2010/11/21 09:25:25.0176 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/21 09:25:25.0256 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/21 09:25:25.0330 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2010/11/21 09:25:25.0406 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2010/11/21 09:25:25.0498 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/21 09:25:25.0568 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2010/11/21 09:25:25.0630 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2010/11/21 09:25:25.0745 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/21 09:25:25.0872 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2010/11/21 09:25:25.0985 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/21 09:25:26.0050 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/21 09:25:26.0130 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/21 09:25:26.0205 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2010/11/21 09:25:26.0271 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/21 09:25:26.0349 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/21 09:25:26.0598 NETw4v64 (03c65886a736837d3a2dbde7e13183c7) C:\Windows\system32\DRIVERS\NETw4v64.sys
2010/11/21 09:25:26.0895 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
2010/11/21 09:25:27.0054 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2010/11/21 09:25:27.0196 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2010/11/21 09:25:27.0242 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/21 09:25:27.0354 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2010/11/21 09:25:27.0487 NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys
2010/11/21 09:25:27.0567 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2010/11/21 09:25:27.0618 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2010/11/21 09:25:27.0665 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2010/11/21 09:25:27.0757 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2010/11/21 09:25:27.0868 NWADI (f79633a8b7db75cb5fad53b02985a414) C:\Windows\system32\DRIVERS\NWADIenum.sys
2010/11/21 09:25:27.0971 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2010/11/21 09:25:28.0047 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2010/11/21 09:25:28.0117 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2010/11/21 09:25:28.0217 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
2010/11/21 09:25:28.0330 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2010/11/21 09:25:28.0380 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2010/11/21 09:25:28.0465 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2010/11/21 09:25:28.0563 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
2010/11/21 09:25:28.0671 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2010/11/21 09:25:28.0910 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/21 09:25:29.0004 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2010/11/21 09:25:29.0090 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/21 09:25:29.0168 PSDFilter (e4f35efd9962a3c80365e029e5acbc92) C:\Windows\system32\DRIVERS\psdfilter.sys
2010/11/21 09:25:29.0244 PSDNServ (41031289856ab4c99a49218e6c4e9f46) C:\Windows\system32\DRIVERS\PSDNServ.sys
2010/11/21 09:25:29.0279 psdvdisk (c33fb61864c5096b0bf4b9dbc01bb5a9) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2010/11/21 09:25:29.0383 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/11/21 09:25:29.0519 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2010/11/21 09:25:29.0642 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2010/11/21 09:25:29.0730 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/21 09:25:29.0772 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/21 09:25:29.0884 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/21 09:25:29.0988 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/21 09:25:30.0061 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/21 09:25:30.0169 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/21 09:25:30.0246 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/21 09:25:30.0346 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2010/11/21 09:25:30.0413 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/21 09:25:30.0493 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2010/11/21 09:25:30.0710 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2010/11/21 09:25:30.0840 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2010/11/21 09:25:30.0939 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
2010/11/21 09:25:31.0089 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/21 09:25:31.0228 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/11/21 09:25:31.0259 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/11/21 09:25:31.0373 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2010/11/21 09:25:31.0462 sbtis (f9c85b83954b976702aa8e61b77d9c68) C:\Windows\system32\drivers\sbtis.sys
2010/11/21 09:25:31.0589 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/21 09:25:31.0689 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2010/11/21 09:25:31.0720 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2010/11/21 09:25:31.0767 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2010/11/21 09:25:31.0891 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2010/11/21 09:25:31.0950 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/21 09:25:31.0985 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/21 09:25:32.0022 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2010/11/21 09:25:32.0079 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2010/11/21 09:25:32.0113 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2010/11/21 09:25:32.0194 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2010/11/21 09:25:32.0290 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2010/11/21 09:25:32.0422 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys
2010/11/21 09:25:32.0499 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/21 09:25:32.0540 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/21 09:25:32.0665 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/21 09:25:32.0743 swivsp (67498f55fec86590882435562fc72a63) C:\Windows\system32\DRIVERS\swivspnt.sys
2010/11/21 09:25:32.0809 swmsflt (7e6fa3ad57467b3af471c3e1041e350c) C:\Windows\system32\DRIVERS\swmsflt.sys
2010/11/21 09:25:32.0923 swmx00 (a8e9e76cc2f342f205273702969c84c9) C:\Windows\system32\DRIVERS\swmx00.sys
2010/11/21 09:25:33.0026 SWNC5E00 (30f6c799836c9b8a6e3a7f7343f0b8cf) C:\Windows\system32\DRIVERS\SWNC5E00.sys
2010/11/21 09:25:33.0092 SWNC8U56 (93426e420efe938774d0c2d17f7ad4d2) C:\Windows\system32\DRIVERS\swnc8u56.sys
2010/11/21 09:25:33.0310 SWUMX56 (8eb20f97ccbd8363f5564f01ba7b34cc) C:\Windows\system32\DRIVERS\swumx56.sys
2010/11/21 09:25:33.0394 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2010/11/21 09:25:33.0425 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2010/11/21 09:25:33.0461 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2010/11/21 09:25:33.0524 SynTP (05745019abf1abb5ec8e305dd836b14f) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/21 09:25:33.0727 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2010/11/21 09:25:33.0905 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/21 09:25:34.0037 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/21 09:25:34.0142 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2010/11/21 09:25:34.0190 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2010/11/21 09:25:34.0286 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/21 09:25:34.0376 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/21 09:25:34.0491 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/21 09:25:34.0583 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/21 09:25:34.0661 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/21 09:25:34.0714 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2010/11/21 09:25:34.0748 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
2010/11/21 09:25:34.0858 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/21 09:25:34.0977 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/21 09:25:35.0071 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2010/11/21 09:25:35.0162 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2010/11/21 09:25:35.0210 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2010/11/21 09:25:35.0294 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/21 09:25:35.0398 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/21 09:25:35.0471 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2010/11/21 09:25:35.0577 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/21 09:25:35.0637 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/21 09:25:35.0721 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2010/11/21 09:25:35.0785 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2010/11/21 09:25:35.0854 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/21 09:25:35.0932 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/21 09:25:36.0008 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/21 09:25:36.0078 vfs101a (24899eff90e725d9c3ac10be870b4d1d) C:\Windows\system32\drivers\vfs101a.sys
2010/11/21 09:25:36.0172 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/21 09:25:36.0254 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2010/11/21 09:25:36.0298 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2010/11/21 09:25:36.0349 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2010/11/21 09:25:36.0478 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2010/11/21 09:25:36.0590 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2010/11/21 09:25:36.0694 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2010/11/21 09:25:36.0802 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2010/11/21 09:25:36.0873 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/21 09:25:36.0898 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/21 09:25:36.0995 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2010/11/21 09:25:37.0084 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/21 09:25:37.0391 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/21 09:25:37.0532 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/21 09:25:37.0586 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/21 09:25:37.0695 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/11/21 09:25:37.0813 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/21 09:25:37.0918 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl
2010/11/21 09:25:38.0025 ================================================================================
2010/11/21 09:25:38.0025 Scan finished
2010/11/21 09:25:38.0025 ================================================================================
2010/11/21 09:27:48.0272 Deinitialize success

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 PM

Posted 21 November 2010 - 12:37 PM

Please run OTL, a scanner, so I can take a better look at the system

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#10 darnson

darnson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 21 November 2010 - 01:00 PM

OTL logfile created on: 11/21/2010 9:48:44 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\DEBE\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.44 Gb Total Space | 12.35 Gb Free Space | 11.09% Space Free | Partition Type: NTFS
Drive D: | 105.90 Gb Total Space | 52.26 Gb Free Space | 49.35% Space Free | Partition Type: NTFS
Drive E: | 566.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DEBE-PC | User Name: DEBE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DEBE\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files (x86)\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCMProxy.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Acer VCM\acp2HID.exe (Acer Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\DEBE\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ASTSRV) -- C:\Windows\SysNative\ASTSRV.EXE File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (nlsInterface) -- C:\Windows\SysNative\nlsInterface.exe (Nalpeiron Ltd.)
SRV:64bit: - (vfsFPService) -- C:\Windows\SysNative\vfsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (File Backup) -- C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3001.dll (NOS Microsystems Ltd.)
SRV - (SprintRcAppSvc) -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CASprint) -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IGBASVC) -- C:\Program Files (x86)\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (ASTSRV) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (vfsFPService) -- C:\Windows\SysWOW64\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (CLHNService) -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) -- C:\Windows\SysNative\DRIVERS\swumx20.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys (Sierra Wireless Inc.)
DRV:64bit: - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\SysNative\DRIVERS\swmx00.sys (Sierra Wireless Inc.)
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\DRIVERS\swmsflt.sys ()
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.SYS (Smith Micro Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (AlfaFF) -- C:\Windows\SysNative\Drivers\AlfaFF.sys (Alfa Corporation)
DRV:64bit: - (sbtis) -- C:\Windows\SysNative\drivers\sbtis.sys (Sunbelt Software)
DRV:64bit: - (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56) -- C:\Windows\SysNative\DRIVERS\swumx56.sys (Sierra Wireless Inc.)
DRV:64bit: - (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56) -- C:\Windows\SysNative\DRIVERS\swnc8u56.sys (Sierra Wireless Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (vfs101a) -- C:\Windows\SysNative\drivers\vfs101a.sys (Validity Sensors, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (Amusbprt) -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys (A4Tech Co.,Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (NETw4v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys (Intel Corporation)
DRV:64bit: - (Amfilter) -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys ((Standard mouse types))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (swivsp) -- C:\Windows\SysNative\DRIVERS\swivspnt.sys (Sierra Wireless Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (moufiltr) -- C:\Windows\SysNative\DRIVERS\moufiltr.sys (Chic)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\WBEM\ntfs.mof ()
DRV - (PCASp50a64) -- C:\Windows\SysWOW64\drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (swmsflt) -- C:\Windows\SysWOW64\drivers\swmsflt.sys ()
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (DritekPortIO) -- C:\Program Files (x86)\Launch Manager\DPortIO.sys (Dritek System Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=101&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/18 05:05:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/16 17:55:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/05 09:00:38 | 000,000,000 | ---D | M]

[2008/11/19 00:48:36 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Extensions
[2010/11/17 10:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/11/20 11:14:54 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions
[2009/08/26 07:38:47 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/08/26 07:38:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/01 15:40:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/26 20:36:57 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/02/10 10:53:35 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/11/17 09:49:15 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
[2009/09/26 20:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{f1ac39e3-5cd4-4b04-902f-e1add0245a11}
[2009/09/26 20:36:55 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\firebug@software.joehewitt.com
[2009/10/25 12:26:53 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\plugin@yontoo.com
[2010/03/05 23:06:10 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\support@ancestry.com
[2009/09/26 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\wisestamp@wisestamp.com
[2010/05/08 09:32:38 | 000,002,149 | ---- | M] () -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\searchplugins\MyStart Search.xml
[2010/08/12 03:12:24 | 000,005,529 | ---- | M] () -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\searchplugins\SearchquWebSearch.xml
[2010/11/17 10:28:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/16 17:55:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/31 18:08:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/12/31 15:38:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/10/25 12:26:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\plugin@yontoo.com
[2010/03/16 17:55:33 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/16 17:55:33 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2008/10/17 10:29:52 | 001,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2008/09/19 13:55:20 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/03/16 17:55:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/11/29 09:15:12 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/06/11 21:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/24 18:22:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/24 18:22:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/24 18:22:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/24 18:22:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/24 18:22:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/24 18:22:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/24 18:22:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/06/09 23:43:57 | 000,031,920 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_IEGetPlugin.dll
[2010/03/16 17:55:44 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/16 17:55:44 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/25 19:38:06 | 000,001,489 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/03/16 17:55:44 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/16 17:55:44 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/16 17:55:44 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/08/12 03:12:24 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2010/03/16 17:55:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: ([2010/09/30 13:12:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.78.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [vqnbsoph] C:\Users\DEBE\AppData\Local\Temp\wddplgbxu\jytljettsbl.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\DEBE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CardCalendar.lnk = C:\Program Files (x86)\American Greetings Card Calendar\CardCalendar\CardCalendar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: convergysworkathome.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kern.ca.us ([assessor.co] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kw.com ([admin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: zipformonline.com ([wfo] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab (LightSurfUploadCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab (Java Plug-in 1.4.1_04)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://www.realquest.com/mapviewer/mapviewer.cab (First American Res MapActiveX Control)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files (x86)\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files (x86)\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Icons\80_Vector_Art_Earth_Wallpapers_1920_X_1200\21.jpg
O24 - Desktop BackupWallPaper: D:\Icons\80_Vector_Art_Earth_Wallpapers_1920_X_1200\21.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/30 13:12:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/02/12 02:46:15 | 000,000,025 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{619c4853-b4d5-11dd-a811-00a0d1a70447}\Shell - "" = AutoRun
O33 - MountPoints2\{619c4853-b4d5-11dd-a811-00a0d1a70447}\Shell\AutoRun\command - "" = F:\WIN\setup.exe -- File not found
O33 - MountPoints2\{72f2c310-b4c5-11dd-b281-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72f2c310-b4c5-11dd-b281-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2008/02/12 02:46:20 | 002,707,136 | R--- | M] (Research In Motion)
O33 - MountPoints2\{80680045-b508-11dd-a434-00a0d5ffffa1}\Shell - "" = AutoRun
O33 - MountPoints2\{80680045-b508-11dd-a434-00a0d5ffffa1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Sunbelt Software\VIPRE\Definitions) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/21 09:17:21 | 001,339,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DEBE\Desktop\TDSSKiller.exe
[2010/11/19 21:40:33 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/17 09:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar
[2010/11/05 11:20:51 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/11/05 11:20:50 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/11/05 11:20:48 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/11/05 11:20:21 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/11/05 11:20:18 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/11/05 11:20:18 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/11/05 11:20:17 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/11/05 11:20:17 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/11/05 11:20:14 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/11/05 11:20:13 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/11/05 11:19:49 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/11/05 11:19:46 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/11/05 11:19:39 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/11/05 11:19:38 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/11/05 11:19:19 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/11/05 11:19:19 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/11/05 11:19:19 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/11/05 11:19:18 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/11/05 11:19:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/11/05 11:19:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/11/05 11:19:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/11/05 11:19:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/11/05 11:19:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/11/05 11:19:17 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/11/05 11:19:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/11/05 11:19:16 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/11/05 11:19:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/11/05 11:19:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/05 11:19:16 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/11/05 11:19:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/11/05 11:19:15 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/11/05 11:19:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/11/05 11:19:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/11/05 11:19:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/11/05 11:19:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/11/05 11:19:15 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/11/05 11:19:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/11/05 11:19:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/11/05 11:19:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/11/05 11:19:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/11/05 11:19:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/11/05 11:19:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/11/05 11:18:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/11/05 11:18:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/11/05 11:18:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/11/05 11:18:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/11/05 11:18:26 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/11/05 11:18:26 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/11/05 11:18:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/11/05 11:18:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/11/05 11:18:22 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/11/05 11:18:21 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/11/05 11:18:11 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2010/11/05 11:18:02 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/11/05 11:18:02 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/11/04 16:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/11/04 12:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/03 01:02:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/03 01:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/02 06:51:20 | 000,000,000 | ---D | C] -- C:\Users\DEBE\Desktop\Quick Pages
[2010/11/02 06:49:54 | 000,000,000 | ---D | C] -- C:\Users\DEBE\Desktop\Freebie
[1997/06/06 17:27:50 | 000,059,904 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\SETUP.EXE
[1997/06/02 12:17:58 | 000,008,192 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_ISDEL.EXE
[1997/06/02 12:17:40 | 000,011,264 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_SETUP.DLL
[3 C:\Users\DEBE\Documents\*.tmp files -> C:\Users\DEBE\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\DEBE\Desktop\*.tmp files -> C:\Users\DEBE\Desktop\*.tmp -> ]
[1 C:\Users\DEBE\AppData\Local\*.tmp files -> C:\Users\DEBE\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/21 09:54:00 | 000,000,582 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D484822-CD96-49D4-82B3-23EF99CE4957}.job
[2010/11/21 09:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/21 08:52:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/21 08:29:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/21 04:03:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/21 04:03:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/20 22:32:21 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/20 06:50:49 | 000,086,876 | ---- | M] () -- C:\Users\DEBE\Desktop\AgentFirst - Comparables 8803 Dominigo.pdf
[2010/11/20 06:32:49 | 000,149,511 | ---- | M] () -- C:\Users\DEBE\Desktop\Image14.pspimage
[2010/11/20 03:06:56 | 000,839,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/20 03:06:56 | 000,688,700 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/20 03:06:56 | 000,137,432 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/19 23:50:52 | 000,065,847 | ---- | M] () -- C:\Users\DEBE\Desktop\Megans Logo2.jpg
[2010/11/19 23:35:16 | 000,071,252 | ---- | M] () -- C:\Users\DEBE\Desktop\Megans logo.jpg
[2010/11/19 23:17:04 | 000,170,159 | ---- | M] () -- C:\Users\DEBE\Desktop\Megans logo.pspimage
[2010/11/19 21:43:18 | 000,006,580 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/19 21:30:41 | 000,002,299 | ---- | M] () -- C:\Users\DEBE\AppData\Roaming\acervcmtmp.ini
[2010/11/19 21:28:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/11/19 21:27:51 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/19 21:23:29 | 003,912,337 | ---- | M] () -- C:\Users\DEBE\Desktop\Comfix.exe
[2010/11/19 13:53:18 | 000,001,460 | ---- | M] () -- C:\Users\DEBE\AppData\Local\d3d9caps64.dat
[2010/11/19 10:37:55 | 000,018,920 | ---- | M] () -- C:\Users\DEBE\Desktop\Payment_Confirmation#.pdf
[2010/11/18 16:45:04 | 000,001,356 | ---- | M] () -- C:\Users\DEBE\AppData\Local\d3d9caps.dat
[2010/11/17 07:24:22 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DEBE\Desktop\TDSSKiller.exe
[2010/11/14 13:47:11 | 000,029,184 | ---- | M] () -- C:\Users\DEBE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 19:58:51 | 000,047,377 | ---- | M] () -- C:\Users\DEBE\Desktop\2.jpg
[2010/11/13 18:26:42 | 000,010,255 | ---- | M] () -- C:\Users\DEBE\Desktop\bak0172527942.pdf
[2010/11/09 22:58:48 | 000,288,107 | ---- | M] () -- C:\Users\DEBE\Desktop\gmer.zip
[2010/11/09 22:41:53 | 000,630,272 | ---- | M] () -- C:\Users\DEBE\Desktop\dds.scr
[2010/11/09 22:41:29 | 000,000,000 | ---- | M] () -- C:\Users\DEBE\defogger_reenable
[2010/11/09 22:40:53 | 000,050,477 | ---- | M] () -- C:\Users\DEBE\Desktop\Defogger.exe
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\DEBE\Desktop\gmer.exe
[2010/11/08 00:41:12 | 000,495,579 | ---- | M] () -- C:\Users\DEBE\Desktop\Antivirus_Soft_Removal_Tool.zip
[2010/11/06 02:38:10 | 000,656,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/05 14:10:29 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/11/05 13:54:11 | 000,090,523 | ---- | M] () -- C:\Users\DEBE\Desktop\15508 Stephenie.pdf
[2010/11/04 16:40:10 | 000,000,134 | ---- | M] () -- C:\Users\DEBE\Desktop\Internet Explorer Troubleshooting.url
[2010/11/03 01:02:48 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 00:45:35 | 000,002,551 | ---- | M] () -- C:\Users\DEBE\Desktop\HiJackThis.lnk
[2010/11/02 21:40:49 | 000,002,796 | ---- | M] () -- C:\Users\DEBE\Desktop\cc_20101102_224040.reg
[2010/11/02 06:03:52 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/10/30 19:06:12 | 067,942,633 | ---- | M] () -- C:\Users\DEBE\Desktop\Image6.pspimage
[2010/10/30 18:59:33 | 000,000,011 | ---- | M] () -- C:\Windows\3DShadow.INI
[2010/10/30 13:26:28 | 000,115,489 | ---- | M] () -- C:\Users\DEBE\Desktop\counter offer 1 - 13851 Meacham.pdf
[2010/10/30 13:18:27 | 000,676,226 | ---- | M] () -- C:\Users\DEBE\Desktop\Counter Offer Meacham - Donald Glenn.pdf
[2010/10/30 08:23:21 | 000,275,428 | ---- | M] () -- C:\Users\DEBE\Desktop\Mapped Listings Report for 10-30.pdf
[2010/10/29 12:15:34 | 000,253,716 | ---- | M] () -- C:\Users\DEBE\Desktop\f843.pdf
[2010/10/28 22:11:44 | 111,948,867 | ---- | M] () -- C:\Users\DEBE\Desktop\princess.psd
[2010/10/28 10:03:58 | 000,028,112 | ---- | M] () -- C:\Users\DEBE\Desktop\HR_Temp_Help_Price_Schedule.pdf
[2010/10/27 21:23:06 | 111,948,867 | ---- | M] () -- C:\Users\DEBE\Desktop\Image5.psd
[2010/10/27 18:10:42 | 000,189,727 | ---- | M] () -- C:\Users\DEBE\Desktop\Charles Round- commitmentletter 15558 Screaming Eagle.pdf
[2010/10/27 12:48:35 | 000,565,503 | ---- | M] () -- C:\Users\DEBE\Desktop\Document (14).pdf
[2010/10/25 19:56:52 | 002,394,305 | ---- | M] () -- C:\Users\DEBE\Desktop\Rio_De_Janiero_Disclosures.pdf
[2010/10/25 19:56:38 | 000,066,748 | ---- | M] () -- C:\Users\DEBE\Desktop\Freeway_Disclosure.pdf
[2010/10/25 19:56:15 | 000,722,449 | ---- | M] () -- C:\Users\DEBE\Desktop\Rio_De_Janiero_-_Natural_Hazard_Disclosuresp.pdf
[2010/10/25 19:50:39 | 000,027,707 | ---- | M] () -- C:\Users\DEBE\Desktop\Rio_De_Janeiro_Addendum.pdf
[3 C:\Users\DEBE\Documents\*.tmp files -> C:\Users\DEBE\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\DEBE\Desktop\*.tmp files -> C:\Users\DEBE\Desktop\*.tmp -> ]
[1 C:\Users\DEBE\AppData\Local\*.tmp files -> C:\Users\DEBE\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/20 06:51:07 | 000,086,876 | ---- | C] () -- C:\Users\DEBE\Desktop\AgentFirst - Comparables 8803 Dominigo.pdf
[2010/11/20 06:32:48 | 000,149,511 | ---- | C] () -- C:\Users\DEBE\Desktop\Image14.pspimage
[2010/11/19 23:50:52 | 000,065,847 | ---- | C] () -- C:\Users\DEBE\Desktop\Megans Logo2.jpg
[2010/11/19 23:35:16 | 000,071,252 | ---- | C] () -- C:\Users\DEBE\Desktop\Megans logo.jpg
[2010/11/19 23:17:04 | 000,170,159 | ---- | C] () -- C:\Users\DEBE\Desktop\Megans logo.pspimage
[2010/11/19 21:27:51 | 4284,932,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/19 21:23:29 | 003,912,337 | ---- | C] () -- C:\Users\DEBE\Desktop\Comfix.exe
[2010/11/19 10:37:55 | 000,018,920 | ---- | C] () -- C:\Users\DEBE\Desktop\Payment_Confirmation#.pdf
[2010/11/13 19:58:51 | 000,047,377 | ---- | C] () -- C:\Users\DEBE\Desktop\2.jpg
[2010/11/13 18:26:42 | 000,010,255 | ---- | C] () -- C:\Users\DEBE\Desktop\bak0172527942.pdf
[2010/11/09 22:59:12 | 000,296,448 | ---- | C] () -- C:\Users\DEBE\Desktop\gmer.exe
[2010/11/09 22:58:44 | 000,288,107 | ---- | C] () -- C:\Users\DEBE\Desktop\gmer.zip
[2010/11/09 22:41:47 | 000,630,272 | ---- | C] () -- C:\Users\DEBE\Desktop\dds.scr
[2010/11/09 22:41:29 | 000,000,000 | ---- | C] () -- C:\Users\DEBE\defogger_reenable
[2010/11/09 22:40:50 | 000,050,477 | ---- | C] () -- C:\Users\DEBE\Desktop\Defogger.exe
[2010/11/08 00:41:10 | 000,495,579 | ---- | C] () -- C:\Users\DEBE\Desktop\Antivirus_Soft_Removal_Tool.zip
[2010/11/05 13:54:22 | 000,090,523 | ---- | C] () -- C:\Users\DEBE\Desktop\15508 Stephenie.pdf
[2010/11/04 16:40:10 | 000,000,134 | ---- | C] () -- C:\Users\DEBE\Desktop\Internet Explorer Troubleshooting.url
[2010/11/03 01:02:48 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/02 21:40:45 | 000,002,796 | ---- | C] () -- C:\Users\DEBE\Desktop\cc_20101102_224040.reg
[2010/11/02 19:01:13 | 000,012,568 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistUI027F.txt
[2010/11/02 19:01:13 | 000,001,848 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistMSI027F.txt
[2010/11/02 19:01:12 | 000,012,520 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistUI027C.txt
[2010/11/02 19:01:12 | 000,001,824 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistMSI027C.txt
[2010/10/30 19:05:36 | 067,942,633 | ---- | C] () -- C:\Users\DEBE\Desktop\Image6.pspimage
[2010/10/30 16:37:57 | 016,574,068 | ---- | C] () -- C:\Users\DEBE\Desktop\light_SDS_sibling.png
[2010/10/30 16:37:55 | 021,515,743 | ---- | C] () -- C:\Users\DEBE\Desktop\light_SDS_photoshoot.png
[2010/10/30 13:13:08 | 000,676,226 | ---- | C] () -- C:\Users\DEBE\Desktop\Counter Offer Meacham - Donald Glenn.pdf
[2010/10/30 13:12:01 | 000,115,489 | ---- | C] () -- C:\Users\DEBE\Desktop\counter offer 1 - 13851 Meacham.pdf
[2010/10/30 08:23:51 | 000,275,428 | ---- | C] () -- C:\Users\DEBE\Desktop\Mapped Listings Report for 10-30.pdf
[2010/10/29 12:15:34 | 000,253,716 | ---- | C] () -- C:\Users\DEBE\Desktop\f843.pdf
[2010/10/28 22:11:22 | 111,948,867 | ---- | C] () -- C:\Users\DEBE\Desktop\princess.psd
[2010/10/28 10:03:58 | 000,028,112 | ---- | C] () -- C:\Users\DEBE\Desktop\HR_Temp_Help_Price_Schedule.pdf
[2010/10/27 21:18:14 | 111,948,867 | ---- | C] () -- C:\Users\DEBE\Desktop\Image5.psd
[2010/10/27 18:11:12 | 000,189,727 | ---- | C] () -- C:\Users\DEBE\Desktop\Charles Round- commitmentletter 15558 Screaming Eagle.pdf
[2010/10/27 12:48:35 | 000,565,503 | ---- | C] () -- C:\Users\DEBE\Desktop\Document (14).pdf
[2010/10/25 19:56:52 | 002,394,305 | ---- | C] () -- C:\Users\DEBE\Desktop\Rio_De_Janiero_Disclosures.pdf
[2010/10/25 19:56:38 | 000,066,748 | ---- | C] () -- C:\Users\DEBE\Desktop\Freeway_Disclosure.pdf
[2010/10/25 19:56:15 | 000,722,449 | ---- | C] () -- C:\Users\DEBE\Desktop\Rio_De_Janiero_-_Natural_Hazard_Disclosuresp.pdf
[2010/10/25 19:50:39 | 000,027,707 | ---- | C] () -- C:\Users\DEBE\Desktop\Rio_De_Janeiro_Addendum.pdf
[2010/05/16 22:17:28 | 000,000,012 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\kqyvwo.dat
[2010/05/08 08:06:45 | 000,436,046 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistMSI39D6.txt
[2010/05/08 08:06:39 | 000,016,330 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistUI39D6.txt
[2009/12/13 18:53:28 | 000,000,011 | ---- | C] () -- C:\Windows\3DShadow.INI
[2009/12/13 18:44:24 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2009/11/16 11:00:34 | 000,002,299 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\acervcmtmp.ini
[2009/11/10 14:48:28 | 000,001,406 | ---- | C] () -- C:\Program Files (x86)\favicon.ico
[2009/09/16 22:06:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/16 22:03:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/03 11:57:59 | 000,000,182 | ---- | C] () -- C:\Program Files (x86)\deleteindex.vbs
[2009/06/24 21:37:25 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2009/03/19 11:39:43 | 000,038,423 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/12/09 14:25:01 | 000,001,460 | ---- | C] () -- C:\Users\DEBE\AppData\Local\d3d9caps64.dat
[2008/12/05 19:25:18 | 000,000,092 | ---- | C] () -- C:\Users\DEBE\AppData\Local\fusioncache.dat
[2008/11/29 02:45:47 | 000,000,031 | ---- | C] () -- C:\Windows\bluevoda.ini
[2008/11/22 14:10:38 | 000,000,040 | ---- | C] () -- C:\Windows\iltwain.ini
[2008/11/20 20:20:00 | 000,001,356 | ---- | C] () -- C:\Users\DEBE\AppData\Local\d3d9caps.dat
[2008/11/19 23:46:13 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\libssl32.dll
[2008/11/19 23:44:39 | 000,790,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/18 23:43:37 | 000,229,252 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\UserTile.png
[2008/11/18 07:33:44 | 000,000,106 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\wklnhst.dat
[2008/11/17 21:52:45 | 000,029,184 | ---- | C] () -- C:\Users\DEBE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/17 21:05:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\Zlib.dll
[2008/11/17 21:04:57 | 000,041,984 | ---- | C] () -- C:\Windows\SysWow64\ZFExt.dll
[2008/11/17 10:02:04 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini
[2008/11/17 10:01:09 | 001,548,099 | ---- | C] () -- C:\Windows\SysWow64\VMC3KAPI.dll
[2008/10/15 11:58:34 | 000,028,808 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2008/09/19 13:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/19 13:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/04/22 04:30:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008/04/22 04:30:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008/04/22 03:48:22 | 000,258,560 | ---- | C] () -- C:\Windows\SysWow64\SysHook.dll
[2008/04/22 03:38:40 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll
[2007/01/22 09:32:44 | 000,081,920 | ---- | C] () -- C:\Windows\xmltok.dll
[2007/01/22 09:32:44 | 000,053,248 | ---- | C] () -- C:\Windows\xmlparse.dll
[2005/07/15 13:26:00 | 026,720,259 | ---- | C] () -- C:\Program Files\data1.cab
[2005/07/15 13:26:00 | 000,000,334 | ---- | C] () -- C:\Program Files\layout.bin
[2005/07/15 13:26:00 | 000,000,047 | ---- | C] () -- C:\Program Files\setup.lid
[2005/07/15 13:25:32 | 000,205,135 | ---- | C] () -- C:\Program Files\_sys1.cab
[2005/07/15 13:25:32 | 000,140,030 | ---- | C] () -- C:\Program Files\_user1.cab
[2005/07/15 13:25:32 | 000,000,091 | ---- | C] () -- C:\Program Files\DATA.TAG
[2005/07/15 13:25:32 | 000,000,068 | ---- | C] () -- C:\Program Files\SETUP.INI
[2005/04/14 13:10:14 | 000,098,373 | ---- | C] () -- C:\Program Files\setup.ins
[2005/03/29 00:58:20 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2005/03/29 00:58:10 | 000,847,872 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
[1997/06/02 12:44:00 | 000,317,092 | ---- | C] () -- C:\Program Files\_INST32I.EX_
[1997/05/30 12:31:50 | 000,004,557 | ---- | C] () -- C:\Program Files\lang.dat
[1997/05/06 15:15:20 | 000,000,417 | ---- | C] () -- C:\Program Files\os.dat

========== LOP Check ==========

[2010/08/06 06:55:33 | 000,000,000 | -HSD | M] -- C:\Users\DEBE\AppData\Roaming\.#
[2008/12/01 14:59:32 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Acer
[2008/04/22 04:03:31 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Acer GameZone Console
[2010/08/04 10:00:41 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\AmericanGreetings.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1
[2010/02/07 23:05:32 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\AMPSoft
[2009/04/26 17:25:08 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Artisteer
[2010/09/17 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Avery
[2009/06/29 06:53:18 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/14 22:40:27 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\EasyJob Resume Builder
[2010/05/15 23:27:16 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\eSobi
[2009/06/25 08:55:51 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\FileOpen
[2009/08/30 12:38:26 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\FileZilla
[2009/12/09 18:07:55 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\FireShot
[2009/11/25 22:56:22 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\IndigoRose
[2010/02/22 09:33:36 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Individual Software
[2010/08/13 20:11:00 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\KompoZer
[2008/11/17 09:55:36 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Leadertech
[2009/12/13 10:10:33 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Merscom
[2010/08/20 16:56:04 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Notepad++
[2009/11/13 18:57:07 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\OxelonMC
[2010/01/02 13:13:59 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Research In Motion
[2008/11/17 15:41:38 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Sierra Wireless
[2009/12/06 10:58:29 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\SmartDraw
[2008/11/18 07:34:34 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Template
[2009/06/17 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\TuneUp Software
[2009/04/19 09:31:28 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010/08/27 14:58:11 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Uniblue
[2008/11/17 10:00:28 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Validity
[2009/04/07 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\YouSendIt
[2010/11/10 12:06:42 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/21 09:54:00 | 000,000,582 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D484822-CD96-49D4-82B3-23EF99CE4957}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:054B9966
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:39F44D9C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B26E984E

< End of report >


OTL Extras logfile created on: 11/21/2010 9:48:44 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\DEBE\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.44 Gb Total Space | 12.35 Gb Free Space | 11.09% Space Free | Partition Type: NTFS
Drive D: | 105.90 Gb Total Space | 52.26 Gb Free Space | 49.35% Space Free | Partition Type: NTFS
Drive E: | 566.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DEBE-PC | User Name: DEBE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = jsfile] -- Reg Error: Value error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Value error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 2D 2A AC 42 F2 58 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\DEBE\AppData\Local\Temp\RarSFX0\SwiApiMux.exe" = C:\Users\DEBE\AppData\Local\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"" =
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Users\DEBE\AppData\Local\Temp\RarSFX0\SwiApiMux.exe" = C:\Users\DEBE\AppData\Local\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"" =
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{105A0460-E279-462D-8A13-531B18742E2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60F1A711-A4C1-4C81-AC96-782EA8A55277}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C7F5903C-52EF-4DBE-BBA6-10D0FA384A3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2261373D-6429-454E-B27A-68AA7AE6203B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{2E782EBF-BE41-41F6-B530-D15A212D5AC0}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{315C9327-E783-44BD-A798-447E3DF54BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\atompark\atomic email hunter\atomicemailhunter.exe |
"{373064E3-A844-41C2-98EE-33278D530C91}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{37DE54AB-9C73-42CD-844C-BB1D66D91FD2}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{41B2668A-9E28-422E-B168-497D62A2443C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4DE49ACD-AECB-4D28-A6BA-5DA12E40F1F5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{66C889D5-7677-4C92-8481-E9F83E374399}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6ED10758-E123-43D9-8E92-1F06B7370AF9}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{81008D4E-A94D-476B-91E9-08BBE75420A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{859ED4C5-21DE-416E-9B86-38257858F5A7}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{B34C22F3-0578-488B-B2FD-0815E7F37649}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B80C00CB-D5DF-4B35-8184-E0F48986F2E1}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BCA23699-E621-4747-B2FA-3B8F4E6888F3}" = protocol=17 | dir=in | app=c:\program files (x86)\atompark\atomic email hunter\atomicemailhunter.exe |
"{CA414D03-7B59-4F09-A103-16E0941D8089}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D558054C-B504-4044-9758-8985A27FC388}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E7B734C7-A1E6-4936-936D-B8DA5585948B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{EE18C639-E4B6-49A8-B32C-44FBC9DCDFFA}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{EFC8BE25-0EFF-4A73-BBA3-BE070B1F3936}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F400B2E9-E0D6-42C9-8A12-6749F1359429}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{FD37DDA8-5749-4C44-89C0-C42853D417C9}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{FE676633-7AAC-4FEF-BD71-AC7B092D75D2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"TCP Query User{6D51F7F4-9922-4942-831D-16944E89DCBA}C:\windows\lmi8be7.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi8be7.tmp\lmi_rescue.exe |
"TCP Query User{D0228E0A-BB7F-4EC2-8BF1-E24A88B22F4A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{570484EC-553D-4B74-B967-BEF4F111F614}C:\windows\lmi8be7.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi8be7.tmp\lmi_rescue.exe |
"UDP Query User{C20CB539-005E-4D82-8A6D-D5E72F5CFEBB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{84E0D40C-ED8E-48B2-83D2-4C11AB246F4A}" = Sprint SmartView
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CutePDF Writer Installation" = CutePDF Writer 2.7
"doPDF 6 printer_is1" = doPDF 6.1 printer
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{0E3C4A88-7C19-414E-9634-66AC13CB11F6}" = IntraLinks IRM Client for Office
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{27E371D2-A9A7-42CC-815F-E9EB224057B1}" = Picture Viewer (Beta) for Windows SideShow
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus+® Download Manager for Corel
"{471F7EDB-6C75-4195-B65D-800DCE4A9E1D}" = WDtransitionInstall_GD
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EF6CE03-C8B6-44CC-A937-A02809B98232}" = abrViewer.NET v2
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACD27BF3-7CDC-11D7-9D4D-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_04
"{AD29A697-E023-48D4-B46E-2D58BAC7C063}" = DesignPro 5 eMedia
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B26AEDA3-B044-4FC0-B243-871FDAA6D2B6}" = Hex Color Finder
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4CCC35E-C1D6-495C-B49A-1819A975744F}" = Newsletter Studio
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC398AAD-7EC9-488F-9D2C-7A710A8F3BF6}" = Sierra Wireless 3G Watcher
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E0CBBB2C-57FE-40BF-8816-44E3AC6BD2D6}" = ResumeMaker Professional
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F04DF9C7-8DAA-4CE3-A061-311F1E7AE114}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8C8221C-F7A7-D6D1-3FD8-240CCD1A647C}" = CardCalendar
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"3D Shadow by Lokas Software" = 3D Shadow by Lokas Software
"Acer Acer Bio Protection 6.0.00.12" = Acer Bio Protection

AAV 6.0.00.12
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMP Font Viewer" = AMP Font Viewer
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"CCleaner" = CCleaner
"Color Schemer v3_is1" = Color Schemer v3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eye Candy 6" = Alien Skin Eye Candy 6
"FileZilla Client" = FileZilla Client 3.2.6.1
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IncrediMail" = IncrediMail 2.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"InstallShield_{AD29A697-E023-48D4-B46E-2D58BAC7C063}" = DesignPro 5 eMedia
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Notepad++" = Notepad++
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"PhotoMail" = PhotoMail Maker
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Searchqu MediaBar" = Windows Searchqu Toolbar
"SWiSH Max2" = SWiSH Max2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/28/2010 9:37:26 PM | Computer Name = DEBE-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/29/2010 1:44:32 AM | Computer Name = DEBE-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3667 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 34a8 Start Time: 01cb5b4db1c7f098 Termination Time: 223

Error - 09/29/2010 11:08:06 AM | Computer Name = DEBE-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/29/2010 11:08:10 AM | Computer Name = DEBE-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/29/2010 11:08:10 AM | Computer Name = DEBE-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/29/2010 11:10:16 AM | Computer Name = DEBE-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/29/2010 11:14:25 AM | Computer Name = DEBE-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 09/29/2010 3:13:18 PM | Computer Name = DEBE-PC | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 9.0.0.332, time stamp 0x4850eb76,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0052f250, process id 0xfac, application start time 0x01cb5ff28bf9e713.

Error - 09/30/2010 11:58:37 AM | Computer Name = DEBE-PC | Source = Google Update | ID = 20
Description =

Error - 09/30/2010 11:59:58 AM | Computer Name = DEBE-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 11/13/2009 12:51:22 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/28/2009 1:13:00 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/10/2009 12:54:22 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2009 12:49:21 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/20/2009 1:09:37 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/21/2009 12:51:57 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/30/2009 12:43:05 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 01/10/2010 1:06:13 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 01/16/2010 1:03:32 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 02/08/2010 12:43:42 AM | Computer Name = DEBE-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 05/29/2010 3:50:53 AM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12138
seconds with 6900 seconds of active time. This session ended with a crash.

Error - 05/29/2010 6:18:18 PM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29364
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 05/30/2010 2:51:37 PM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 71039
seconds with 3900 seconds of active time. This session ended with a crash.

Error - 05/31/2010 2:36:05 AM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1844
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 05/31/2010 4:27:31 AM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5095
seconds with 600 seconds of active time. This session ended with a crash.

Error - 08/28/2010 4:23:18 AM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09/10/2010 5:43:05 PM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1009831
seconds with 9000 seconds of active time. This session ended with a crash.

Error - 09/10/2010 6:00:26 PM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 166
seconds with 120 seconds of active time. This session ended with a crash.

Error - 09/14/2010 6:03:19 PM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83593
seconds with 8340 seconds of active time. This session ended with a crash.

Error - 09/28/2010 3:17:23 PM | Computer Name = DEBE-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 79966
seconds with 3420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/20/2010 7:11:02 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/20/2010 7:11:02 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/20/2010 7:11:02 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/20/2010 7:12:27 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/20/2010 7:12:27 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/20/2010 7:13:13 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/20/2010 7:13:13 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/20/2010 7:13:44 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/20/2010 7:13:44 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/21/2010 1:26:22 AM | Computer Name = DEBE-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 PM

Posted 22 November 2010 - 06:37 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=101&q="
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
[2010/11/17 09:49:15 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
[2010/08/12 03:12:24 | 000,005,529 | ---- | M] () -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\searchplugins\SearchquWebSearch.xml
[2010/08/12 03:12:24 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O4 - HKCU..\Run: [vqnbsoph] C:\Users\DEBE\AppData\Local\Temp\wddplgbxu\jytljettsbl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
[2010/11/17 09:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar
[2010/05/16 22:17:28 | 000,000,012 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\kqyvwo.dat
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:054B9966
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:39F44D9C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B26E984E
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please now run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Finally, please rerun OTL to scan only - as you did the first time you ran it. Post the resulting log.
Posted Image
m0le is a proud member of UNITE

#12 darnson

darnson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 22 November 2010 - 10:42 PM

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://www.searchqu.com/web?src=ffb&systemid=101&q=" removed from keyword.URL
Prefs.js: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0 removed from extensions.enabledItems
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\components folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\searchbar folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\options folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257 folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255 folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\modules folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\data\search folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\data folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} folder moved successfully.
C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}\ deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FF99715-3016-4381-84CE-E4E4C9673020} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}\ not found.
File C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vqnbsoph deleted successfully.
C:\Users\DEBE\AppData\Local\Temp\wddplgbxu\jytljettsbl.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257 folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255 folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar folder moved successfully.
C:\Users\DEBE\AppData\Roaming\kqyvwo.dat moved successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:054B9966 deleted successfully.
ADS C:\ProgramData\TEMP:39F44D9C deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:B26E984E deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.17.3 log created on 11222010_193830

#13 darnson

darnson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 23 November 2010 - 01:10 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5174

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18975

11/22/2010 10:08:06 PM
mbam-log-2010-11-22 (22-08-06).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 527235
Time elapsed: 1 hour(s), 59 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\esoehddh (Rogue.AntivirusAction) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\DEBE\AppData\Local\Temp\jruyxfiax\gplcrqatsbl.exe (Rogue.AntivirusAction) -> Quarantined and deleted successfully.
C:\Users\DEBE\AppData\Local\Temp\00145135.exe (Rogue.AntivirusAction) -> Quarantined and deleted successfully.
C:\Users\DEBE\AppData\Local\Temp\9.664682219120729E7.exe (Rogue.AntivirusAction) -> Quarantined and deleted successfully.
C:\Users\DEBE\AppData\Local\Temp\slvTnIRH.exe.part (Rogue.SmartEngine) -> Quarantined and deleted successfully.
C:\Users\DEBE\DoctorWeb\Quarantine\8dfd7b09.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\DEBE\DoctorWeb\Quarantine\cafvhlstsbl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\DEBE\DoctorWeb\Quarantine\crkscpbtsbl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\DEBE\DoctorWeb\Quarantine\fd7d5378.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11222010_193830\C_Users\DEBE\AppData\Local\Temp\wddplgbxu\jytljettsbl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\DEBE\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#14 darnson

darnson
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 23 November 2010 - 01:54 AM

OTL logfile created on: 11/22/2010 10:39:09 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\DEBE\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.44 Gb Total Space | 12.11 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
Drive D: | 105.90 Gb Total Space | 52.26 Gb Free Space | 49.35% Space Free | Partition Type: NTFS

Computer Name: DEBE-PC | User Name: DEBE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DEBE\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files (x86)\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCMProxy.exe (Acer)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Acer VCM\acp2HID.exe (Acer Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\DEBE\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ASTSRV) -- C:\Windows\SysNative\ASTSRV.EXE File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (nlsInterface) -- C:\Windows\SysNative\nlsInterface.exe (Nalpeiron Ltd.)
SRV:64bit: - (vfsFPService) -- C:\Windows\SysNative\vfsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (File Backup) -- C:\Program Files (x86)\Starfield\offSyncService.exe (Starfield Technologies, Inc.)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3001.dll (NOS Microsystems Ltd.)
SRV - (SprintRcAppSvc) -- C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)
SRV - (CASprint) -- C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe (SmithMicro Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IGBASVC) -- C:\Program Files (x86)\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (ASTSRV) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (vfsFPService) -- C:\Windows\SysWOW64\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (BUNAgentSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (CLHNService) -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) -- C:\Windows\SysNative\DRIVERS\swumx20.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\Windows\SysNative\DRIVERS\SWNC5E00.sys (Sierra Wireless Inc.)
DRV:64bit: - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\Windows\SysNative\DRIVERS\swmx00.sys (Sierra Wireless Inc.)
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\DRIVERS\swmsflt.sys ()
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (PCTINDIS5X64) -- C:\Windows\SysNative\PCTINDIS5X64.SYS (Smith Micro Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (AlfaFF) -- C:\Windows\SysNative\Drivers\AlfaFF.sys (Alfa Corporation)
DRV:64bit: - (sbtis) -- C:\Windows\SysNative\drivers\sbtis.sys (Sunbelt Software)
DRV:64bit: - (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56) -- C:\Windows\SysNative\DRIVERS\swumx56.sys (Sierra Wireless Inc.)
DRV:64bit: - (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56) -- C:\Windows\SysNative\DRIVERS\swnc8u56.sys (Sierra Wireless Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (vfs101a) -- C:\Windows\SysNative\drivers\vfs101a.sys (Validity Sensors, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (Amusbprt) -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys (A4Tech Co.,Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (NETw4v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys (Intel Corporation)
DRV:64bit: - (Amfilter) -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys ((Standard mouse types))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (swivsp) -- C:\Windows\SysNative\DRIVERS\swivspnt.sys (Sierra Wireless Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (moufiltr) -- C:\Windows\SysNative\DRIVERS\moufiltr.sys (Chic)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\WBEM\ntfs.mof ()
DRV - (PCASp50a64) -- C:\Windows\SysWOW64\drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (swmsflt) -- C:\Windows\SysWOW64\drivers\swmsflt.sys ()
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (DritekPortIO) -- C:\Program Files (x86)\Launch Manager\DPortIO.sys (Dritek System Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/18 05:05:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/16 17:55:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/05 09:00:38 | 000,000,000 | ---D | M]

[2008/11/19 00:48:36 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Extensions
[2010/11/17 10:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/11/22 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions
[2009/08/26 07:38:47 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/08/26 07:38:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/01 15:40:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/09/26 20:36:57 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/02/10 10:53:35 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/09/26 20:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{f1ac39e3-5cd4-4b04-902f-e1add0245a11}
[2009/09/26 20:36:55 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\firebug@software.joehewitt.com
[2009/10/25 12:26:53 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\plugin@yontoo.com
[2010/03/05 23:06:10 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\support@ancestry.com
[2009/09/26 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\wisestamp@wisestamp.com
[2010/05/08 09:32:38 | 000,002,149 | ---- | M] () -- C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\searchplugins\MyStart Search.xml
[2010/11/22 11:23:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/16 17:55:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/31 18:08:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/12/31 15:38:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/10/25 12:26:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\plugin@yontoo.com
[2010/03/16 17:55:33 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/16 17:55:33 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2008/10/17 10:29:52 | 001,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2008/09/19 13:55:20 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/03/16 17:55:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/11/29 09:15:12 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008/06/11 21:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/24 18:22:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/24 18:22:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/24 18:22:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/24 18:22:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/24 18:22:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/24 18:22:19 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/24 18:22:20 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/06/09 23:43:57 | 000,031,920 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_IEGetPlugin.dll
[2010/03/16 17:55:44 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/16 17:55:44 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/25 19:38:06 | 000,001,489 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/03/16 17:55:44 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/16 17:55:44 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/16 17:55:44 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/03/16 17:55:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: ([2010/09/30 13:12:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\DEBE\AppData\Roaming\Mozilla\Firefox\Profiles\x1s1bube.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.78.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\DEBE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CardCalendar.lnk = C:\Program Files (x86)\American Greetings Card Calendar\CardCalendar\CardCalendar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: convergysworkathome.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kern.ca.us ([assessor.co] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kw.com ([admin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: zipformonline.com ([wfo] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab (LightSurfUploadCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab (Java Plug-in 1.4.1_04)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://www.realquest.com/mapviewer/mapviewer.cab (First American Res MapActiveX Control)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email03.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files (x86)\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files (x86)\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Icons\80_Vector_Art_Earth_Wallpapers_1920_X_1200\21.jpg
O24 - Desktop BackupWallPaper: D:\Icons\80_Vector_Art_Earth_Wallpapers_1920_X_1200\21.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/30 13:12:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{619c4853-b4d5-11dd-a811-00a0d1a70447}\Shell - "" = AutoRun
O33 - MountPoints2\{619c4853-b4d5-11dd-a811-00a0d1a70447}\Shell\AutoRun\command - "" = F:\WIN\setup.exe -- File not found
O33 - MountPoints2\{72f2c310-b4c5-11dd-b281-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72f2c310-b4c5-11dd-b281-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- File not found
O33 - MountPoints2\{80680045-b508-11dd-a434-00a0d5ffffa1}\Shell - "" = AutoRun
O33 - MountPoints2\{80680045-b508-11dd-a434-00a0d5ffffa1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Sunbelt Software\VIPRE\Definitions) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 19:38:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/21 09:17:21 | 001,339,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DEBE\Desktop\TDSSKiller.exe
[2010/11/19 21:40:33 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/05 11:20:51 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/11/05 11:20:50 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/11/05 11:20:48 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/11/05 11:20:21 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/11/05 11:20:18 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/11/05 11:20:18 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/11/05 11:20:17 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/11/05 11:20:17 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/11/05 11:20:14 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010/11/05 11:20:13 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/11/05 11:19:49 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/11/05 11:19:46 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/11/05 11:19:39 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/11/05 11:19:38 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/11/05 11:19:19 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/11/05 11:19:19 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/11/05 11:19:19 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/11/05 11:19:18 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/11/05 11:19:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/11/05 11:19:18 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/11/05 11:19:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/11/05 11:19:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/11/05 11:19:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/11/05 11:19:17 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/11/05 11:19:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/11/05 11:19:16 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/11/05 11:19:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/11/05 11:19:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/05 11:19:16 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/11/05 11:19:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/11/05 11:19:15 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/11/05 11:19:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/11/05 11:19:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/11/05 11:19:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/11/05 11:19:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/11/05 11:19:15 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/11/05 11:19:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/11/05 11:19:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/11/05 11:19:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/11/05 11:19:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/11/05 11:19:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/11/05 11:19:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/11/05 11:18:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/11/05 11:18:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010/11/05 11:18:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010/11/05 11:18:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/11/05 11:18:26 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/11/05 11:18:26 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/11/05 11:18:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/11/05 11:18:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/11/05 11:18:22 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/11/05 11:18:21 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/11/05 11:18:11 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2010/11/05 11:18:02 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/11/05 11:18:02 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/11/04 16:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010/11/04 12:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/03 01:02:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/03 01:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/02 06:51:20 | 000,000,000 | ---D | C] -- C:\Users\DEBE\Desktop\Quick Pages
[2010/11/02 06:49:54 | 000,000,000 | ---D | C] -- C:\Users\DEBE\Desktop\Freebie
[1997/06/06 17:27:50 | 000,059,904 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\SETUP.EXE
[1997/06/02 12:17:58 | 000,008,192 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_ISDEL.EXE
[1997/06/02 12:17:40 | 000,011,264 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_SETUP.DLL
[3 C:\Users\DEBE\Documents\*.tmp files -> C:\Users\DEBE\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\DEBE\Desktop\*.tmp files -> C:\Users\DEBE\Desktop\*.tmp -> ]
[1 C:\Users\DEBE\AppData\Local\*.tmp files -> C:\Users\DEBE\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/22 22:44:00 | 000,000,582 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D484822-CD96-49D4-82B3-23EF99CE4957}.job
[2010/11/22 22:41:55 | 000,006,580 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/11/22 22:37:20 | 000,688,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/22 22:37:20 | 000,137,628 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/22 22:37:19 | 000,824,808 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/22 22:33:01 | 000,002,299 | ---- | M] () -- C:\Users\DEBE\AppData\Roaming\acervcmtmp.ini
[2010/11/22 22:32:33 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/22 22:31:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/22 22:30:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/11/22 22:30:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/22 22:30:24 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/22 22:30:06 | 000,656,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/11/22 22:29:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/22 22:29:43 | 4284,932,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/22 21:54:35 | 000,001,460 | ---- | M] () -- C:\Users\DEBE\AppData\Local\d3d9caps64.dat
[2010/11/22 13:27:21 | 000,001,356 | ---- | M] () -- C:\Users\DEBE\AppData\Local\d3d9caps.dat
[2010/11/21 23:52:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/21 17:04:33 | 000,654,324 | ---- | M] () -- C:\Users\DEBE\Desktop\RELOCATION ADDENDUM SENECA FALLS.pdf
[2010/11/20 06:50:49 | 000,086,876 | ---- | M] () -- C:\Users\DEBE\Desktop\AgentFirst - Comparables 8803 Dominigo.pdf
[2010/11/20 06:32:49 | 000,149,511 | ---- | M] () -- C:\Users\DEBE\Desktop\Image14.pspimage
[2010/11/19 23:50:52 | 000,065,847 | ---- | M] () -- C:\Users\DEBE\Desktop\Megans Logo2.jpg
[2010/11/19 23:35:16 | 000,071,252 | ---- | M] () -- C:\Users\DEBE\Desktop\Megans logo.jpg
[2010/11/19 23:17:04 | 000,170,159 | ---- | M] () -- C:\Users\DEBE\Desktop\Megans logo.pspimage
[2010/11/19 21:23:29 | 003,912,337 | ---- | M] () -- C:\Users\DEBE\Desktop\Comfix.exe
[2010/11/19 10:37:55 | 000,018,920 | ---- | M] () -- C:\Users\DEBE\Desktop\Payment_Confirmation#.pdf
[2010/11/17 07:24:22 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DEBE\Desktop\TDSSKiller.exe
[2010/11/14 13:47:11 | 000,029,184 | ---- | M] () -- C:\Users\DEBE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 19:58:51 | 000,047,377 | ---- | M] () -- C:\Users\DEBE\Desktop\2.jpg
[2010/11/13 18:26:42 | 000,010,255 | ---- | M] () -- C:\Users\DEBE\Desktop\bak0172527942.pdf
[2010/11/09 22:58:48 | 000,288,107 | ---- | M] () -- C:\Users\DEBE\Desktop\gmer.zip
[2010/11/09 22:41:53 | 000,630,272 | ---- | M] () -- C:\Users\DEBE\Desktop\dds.scr
[2010/11/09 22:41:29 | 000,000,000 | ---- | M] () -- C:\Users\DEBE\defogger_reenable
[2010/11/09 22:40:53 | 000,050,477 | ---- | M] () -- C:\Users\DEBE\Desktop\Defogger.exe
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\DEBE\Desktop\gmer.exe
[2010/11/08 00:41:12 | 000,495,579 | ---- | M] () -- C:\Users\DEBE\Desktop\Antivirus_Soft_Removal_Tool.zip
[2010/11/05 14:10:29 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/11/05 13:54:11 | 000,090,523 | ---- | M] () -- C:\Users\DEBE\Desktop\15508 Stephenie.pdf
[2010/11/04 16:40:10 | 000,000,134 | ---- | M] () -- C:\Users\DEBE\Desktop\Internet Explorer Troubleshooting.url
[2010/11/03 01:02:48 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/03 00:45:35 | 000,002,551 | ---- | M] () -- C:\Users\DEBE\Desktop\HiJackThis.lnk
[2010/11/02 21:40:49 | 000,002,796 | ---- | M] () -- C:\Users\DEBE\Desktop\cc_20101102_224040.reg
[2010/11/02 06:03:52 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/10/30 19:06:12 | 067,942,633 | ---- | M] () -- C:\Users\DEBE\Desktop\Image6.pspimage
[2010/10/30 18:59:33 | 000,000,011 | ---- | M] () -- C:\Windows\3DShadow.INI
[2010/10/30 13:26:28 | 000,115,489 | ---- | M] () -- C:\Users\DEBE\Desktop\counter offer 1 - 13851 Meacham.pdf
[2010/10/30 13:18:27 | 000,676,226 | ---- | M] () -- C:\Users\DEBE\Desktop\Counter Offer Meacham - Donald Glenn.pdf
[2010/10/30 08:23:21 | 000,275,428 | ---- | M] () -- C:\Users\DEBE\Desktop\Mapped Listings Report for 10-30.pdf
[2010/10/29 12:15:34 | 000,253,716 | ---- | M] () -- C:\Users\DEBE\Desktop\f843.pdf
[2010/10/28 22:11:44 | 111,948,867 | ---- | M] () -- C:\Users\DEBE\Desktop\princess.psd
[2010/10/28 10:03:58 | 000,028,112 | ---- | M] () -- C:\Users\DEBE\Desktop\HR_Temp_Help_Price_Schedule.pdf
[2010/10/27 21:23:06 | 111,948,867 | ---- | M] () -- C:\Users\DEBE\Desktop\Image5.psd
[2010/10/27 18:10:42 | 000,189,727 | ---- | M] () -- C:\Users\DEBE\Desktop\Charles Round- commitmentletter 15558 Screaming Eagle.pdf
[2010/10/27 12:48:35 | 000,565,503 | ---- | M] () -- C:\Users\DEBE\Desktop\Document (14).pdf
[2010/10/25 19:56:52 | 002,394,305 | ---- | M] () -- C:\Users\DEBE\Desktop\Rio_De_Janiero_Disclosures.pdf
[2010/10/25 19:56:38 | 000,066,748 | ---- | M] () -- C:\Users\DEBE\Desktop\Freeway_Disclosure.pdf
[2010/10/25 19:56:15 | 000,722,449 | ---- | M] () -- C:\Users\DEBE\Desktop\Rio_De_Janiero_-_Natural_Hazard_Disclosuresp.pdf
[2010/10/25 19:50:39 | 000,027,707 | ---- | M] () -- C:\Users\DEBE\Desktop\Rio_De_Janeiro_Addendum.pdf
[3 C:\Users\DEBE\Documents\*.tmp files -> C:\Users\DEBE\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\DEBE\Desktop\*.tmp files -> C:\Users\DEBE\Desktop\*.tmp -> ]
[1 C:\Users\DEBE\AppData\Local\*.tmp files -> C:\Users\DEBE\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/22 22:29:43 | 4284,932,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/21 17:04:33 | 000,654,324 | ---- | C] () -- C:\Users\DEBE\Desktop\RELOCATION ADDENDUM SENECA FALLS.pdf
[2010/11/20 06:51:07 | 000,086,876 | ---- | C] () -- C:\Users\DEBE\Desktop\AgentFirst - Comparables 8803 Dominigo.pdf
[2010/11/20 06:32:48 | 000,149,511 | ---- | C] () -- C:\Users\DEBE\Desktop\Image14.pspimage
[2010/11/19 23:50:52 | 000,065,847 | ---- | C] () -- C:\Users\DEBE\Desktop\Megans Logo2.jpg
[2010/11/19 23:35:16 | 000,071,252 | ---- | C] () -- C:\Users\DEBE\Desktop\Megans logo.jpg
[2010/11/19 23:17:04 | 000,170,159 | ---- | C] () -- C:\Users\DEBE\Desktop\Megans logo.pspimage
[2010/11/19 21:23:29 | 003,912,337 | ---- | C] () -- C:\Users\DEBE\Desktop\Comfix.exe
[2010/11/19 10:37:55 | 000,018,920 | ---- | C] () -- C:\Users\DEBE\Desktop\Payment_Confirmation#.pdf
[2010/11/13 19:58:51 | 000,047,377 | ---- | C] () -- C:\Users\DEBE\Desktop\2.jpg
[2010/11/13 18:26:42 | 000,010,255 | ---- | C] () -- C:\Users\DEBE\Desktop\bak0172527942.pdf
[2010/11/09 22:59:12 | 000,296,448 | ---- | C] () -- C:\Users\DEBE\Desktop\gmer.exe
[2010/11/09 22:58:44 | 000,288,107 | ---- | C] () -- C:\Users\DEBE\Desktop\gmer.zip
[2010/11/09 22:41:47 | 000,630,272 | ---- | C] () -- C:\Users\DEBE\Desktop\dds.scr
[2010/11/09 22:41:29 | 000,000,000 | ---- | C] () -- C:\Users\DEBE\defogger_reenable
[2010/11/09 22:40:50 | 000,050,477 | ---- | C] () -- C:\Users\DEBE\Desktop\Defogger.exe
[2010/11/08 00:41:10 | 000,495,579 | ---- | C] () -- C:\Users\DEBE\Desktop\Antivirus_Soft_Removal_Tool.zip
[2010/11/05 13:54:22 | 000,090,523 | ---- | C] () -- C:\Users\DEBE\Desktop\15508 Stephenie.pdf
[2010/11/04 16:40:10 | 000,000,134 | ---- | C] () -- C:\Users\DEBE\Desktop\Internet Explorer Troubleshooting.url
[2010/11/03 01:02:48 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/02 21:40:45 | 000,002,796 | ---- | C] () -- C:\Users\DEBE\Desktop\cc_20101102_224040.reg
[2010/11/02 19:01:13 | 000,012,568 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistUI027F.txt
[2010/11/02 19:01:13 | 000,001,848 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistMSI027F.txt
[2010/11/02 19:01:12 | 000,012,520 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistUI027C.txt
[2010/11/02 19:01:12 | 000,001,824 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistMSI027C.txt
[2010/10/30 19:05:36 | 067,942,633 | ---- | C] () -- C:\Users\DEBE\Desktop\Image6.pspimage
[2010/10/30 16:37:57 | 016,574,068 | ---- | C] () -- C:\Users\DEBE\Desktop\light_SDS_sibling.png
[2010/10/30 16:37:55 | 021,515,743 | ---- | C] () -- C:\Users\DEBE\Desktop\light_SDS_photoshoot.png
[2010/10/30 13:13:08 | 000,676,226 | ---- | C] () -- C:\Users\DEBE\Desktop\Counter Offer Meacham - Donald Glenn.pdf
[2010/10/30 13:12:01 | 000,115,489 | ---- | C] () -- C:\Users\DEBE\Desktop\counter offer 1 - 13851 Meacham.pdf
[2010/10/30 08:23:51 | 000,275,428 | ---- | C] () -- C:\Users\DEBE\Desktop\Mapped Listings Report for 10-30.pdf
[2010/10/29 12:15:34 | 000,253,716 | ---- | C] () -- C:\Users\DEBE\Desktop\f843.pdf
[2010/10/28 22:11:22 | 111,948,867 | ---- | C] () -- C:\Users\DEBE\Desktop\princess.psd
[2010/10/28 10:03:58 | 000,028,112 | ---- | C] () -- C:\Users\DEBE\Desktop\HR_Temp_Help_Price_Schedule.pdf
[2010/10/27 21:18:14 | 111,948,867 | ---- | C] () -- C:\Users\DEBE\Desktop\Image5.psd
[2010/10/27 18:11:12 | 000,189,727 | ---- | C] () -- C:\Users\DEBE\Desktop\Charles Round- commitmentletter 15558 Screaming Eagle.pdf
[2010/10/27 12:48:35 | 000,565,503 | ---- | C] () -- C:\Users\DEBE\Desktop\Document (14).pdf
[2010/10/25 19:56:52 | 002,394,305 | ---- | C] () -- C:\Users\DEBE\Desktop\Rio_De_Janiero_Disclosures.pdf
[2010/10/25 19:56:38 | 000,066,748 | ---- | C] () -- C:\Users\DEBE\Desktop\Freeway_Disclosure.pdf
[2010/10/25 19:56:15 | 000,722,449 | ---- | C] () -- C:\Users\DEBE\Desktop\Rio_De_Janiero_-_Natural_Hazard_Disclosuresp.pdf
[2010/10/25 19:50:39 | 000,027,707 | ---- | C] () -- C:\Users\DEBE\Desktop\Rio_De_Janeiro_Addendum.pdf
[2010/05/08 08:06:45 | 000,436,046 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistMSI39D6.txt
[2010/05/08 08:06:39 | 000,016,330 | ---- | C] () -- C:\Users\DEBE\AppData\Local\dd_vcredistUI39D6.txt
[2009/12/13 18:53:28 | 000,000,011 | ---- | C] () -- C:\Windows\3DShadow.INI
[2009/12/13 18:44:24 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2009/11/16 11:00:34 | 000,002,299 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\acervcmtmp.ini
[2009/11/10 14:48:28 | 000,001,406 | ---- | C] () -- C:\Program Files (x86)\favicon.ico
[2009/09/16 22:06:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/16 22:03:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/03 11:57:59 | 000,000,182 | ---- | C] () -- C:\Program Files (x86)\deleteindex.vbs
[2009/06/24 21:37:25 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2009/03/19 11:39:43 | 000,038,423 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/12/09 14:25:01 | 000,001,460 | ---- | C] () -- C:\Users\DEBE\AppData\Local\d3d9caps64.dat
[2008/12/05 19:25:18 | 000,000,092 | ---- | C] () -- C:\Users\DEBE\AppData\Local\fusioncache.dat
[2008/11/29 02:45:47 | 000,000,031 | ---- | C] () -- C:\Windows\bluevoda.ini
[2008/11/22 14:10:38 | 000,000,040 | ---- | C] () -- C:\Windows\iltwain.ini
[2008/11/20 20:20:00 | 000,001,356 | ---- | C] () -- C:\Users\DEBE\AppData\Local\d3d9caps.dat
[2008/11/19 23:46:13 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\libssl32.dll
[2008/11/19 23:44:39 | 000,790,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/11/18 23:43:37 | 000,229,252 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\UserTile.png
[2008/11/18 07:33:44 | 000,000,106 | ---- | C] () -- C:\Users\DEBE\AppData\Roaming\wklnhst.dat
[2008/11/17 21:52:45 | 000,029,184 | ---- | C] () -- C:\Users\DEBE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/17 21:05:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\Zlib.dll
[2008/11/17 21:04:57 | 000,041,984 | ---- | C] () -- C:\Windows\SysWow64\ZFExt.dll
[2008/11/17 10:02:04 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini
[2008/11/17 10:01:09 | 001,548,099 | ---- | C] () -- C:\Windows\SysWow64\VMC3KAPI.dll
[2008/10/15 11:58:34 | 000,028,808 | ---- | C] () -- C:\Windows\SysWow64\drivers\swmsflt.sys
[2008/09/19 13:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/09/19 13:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/04/22 04:30:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008/04/22 04:30:51 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008/04/22 03:48:22 | 000,258,560 | ---- | C] () -- C:\Windows\SysWow64\SysHook.dll
[2008/04/22 03:38:40 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll
[2007/01/22 09:32:44 | 000,081,920 | ---- | C] () -- C:\Windows\xmltok.dll
[2007/01/22 09:32:44 | 000,053,248 | ---- | C] () -- C:\Windows\xmlparse.dll
[2005/07/15 13:26:00 | 026,720,259 | ---- | C] () -- C:\Program Files\data1.cab
[2005/07/15 13:26:00 | 000,000,334 | ---- | C] () -- C:\Program Files\layout.bin
[2005/07/15 13:26:00 | 000,000,047 | ---- | C] () -- C:\Program Files\setup.lid
[2005/07/15 13:25:32 | 000,205,135 | ---- | C] () -- C:\Program Files\_sys1.cab
[2005/07/15 13:25:32 | 000,140,030 | ---- | C] () -- C:\Program Files\_user1.cab
[2005/07/15 13:25:32 | 000,000,091 | ---- | C] () -- C:\Program Files\DATA.TAG
[2005/07/15 13:25:32 | 000,000,068 | ---- | C] () -- C:\Program Files\SETUP.INI
[2005/04/14 13:10:14 | 000,098,373 | ---- | C] () -- C:\Program Files\setup.ins
[2005/03/29 00:58:20 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2005/03/29 00:58:10 | 000,847,872 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
[1997/06/02 12:44:00 | 000,317,092 | ---- | C] () -- C:\Program Files\_INST32I.EX_
[1997/05/30 12:31:50 | 000,004,557 | ---- | C] () -- C:\Program Files\lang.dat
[1997/05/06 15:15:20 | 000,000,417 | ---- | C] () -- C:\Program Files\os.dat

========== LOP Check ==========

[2010/08/06 06:55:33 | 000,000,000 | -HSD | M] -- C:\Users\DEBE\AppData\Roaming\.#
[2008/12/01 14:59:32 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Acer
[2008/04/22 04:03:31 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Acer GameZone Console
[2010/08/04 10:00:41 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\AmericanGreetings.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1
[2010/02/07 23:05:32 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\AMPSoft
[2009/04/26 17:25:08 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Artisteer
[2010/09/17 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Avery
[2009/06/29 06:53:18 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/14 22:40:27 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\EasyJob Resume Builder
[2010/05/15 23:27:16 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\eSobi
[2009/06/25 08:55:51 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\FileOpen
[2009/08/30 12:38:26 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\FileZilla
[2009/12/09 18:07:55 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\FireShot
[2009/11/25 22:56:22 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\IndigoRose
[2010/02/22 09:33:36 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Individual Software
[2010/08/13 20:11:00 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\KompoZer
[2008/11/17 09:55:36 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Leadertech
[2009/12/13 10:10:33 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Merscom
[2010/08/20 16:56:04 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Notepad++
[2009/11/13 18:57:07 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\OxelonMC
[2010/01/02 13:13:59 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Research In Motion
[2008/11/17 15:41:38 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Sierra Wireless
[2009/12/06 10:58:29 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\SmartDraw
[2008/11/18 07:34:34 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Template
[2009/06/17 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\TuneUp Software
[2009/04/19 09:31:28 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2010/08/27 14:58:11 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Uniblue
[2008/11/17 10:00:28 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\Validity
[2009/04/07 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\DEBE\AppData\Roaming\YouSendIt
[2010/11/22 13:15:46 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/22 22:49:00 | 000,000,582 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D484822-CD96-49D4-82B3-23EF99CE4957}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:57 PM

Posted 23 November 2010 - 09:56 AM

How's the PC now?

Please run the system through the ESET online scanner

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users