Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google Testing Removal of WWW Subdomain from Search Results

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

Some Type of Virus

Started by Michael1026 , Feb 06 2011 10:07 PM

  • This topic is locked This topic is locked
26 replies to this topic

#1 Michael1026

Michael1026

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:08 PM

Posted 06 February 2011 - 10:07 PM

For the past week, I have been having troubles with my computer.

OS: Windows Vista Home Edition

Symptoms: Extremely slow internet, programs not responding, when I do a System Restore it undoes it. Also, Norton is reporting that different programs have been trying to "Access Process Data", Target: Norton, Actor: Multiple programs including msiexec.exe, Mcafee, ect. Just programs/files I have on my computer.

What I have tried: Ran full scans using Norton 360, mcafee, Malwarebytes, and avg. I have probably used other programs, I just can't think of them all.

I have a few things I can post like a HiJackThis log if you would like me to post that.



DDS.txt
DDS (Ver_10-12-12.02) - NTFSx86
Run by Michael at 19:24:50.43 on Wed 02/02/2011
Internet Explorer: 9.0.7930.16406
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2815.1134 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DELL\OSD\OSDSvr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\AIM\aim.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\MCUI32.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=15494&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files\sensible vision\fast access\FAIESSO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin
mRun: [FAStartup]
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FATrayAlert] c:\program files\sensible vision\fast access\FATrayMon.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iKnowPS] c:\program files\iknowps\iKnowPS.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\anycom\bluetooth-usb\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\anycom\bluetooth-usb\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\anycom\bluetooth-usb\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {01C65DA9-D1F8-4A3B-A7CD-C923E47573EF} = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\ipwuj5at.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2692722&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1210&p=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\ipwuj5at.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\ipwuj5at.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.5.dll
FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\ipwuj5at.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.6.dll
FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\ipwuj5at.default\extensions\cfxhelper@triton\components\dwmxpcom.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michael\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
FF - Ext: Fast Dial: fastdial@telega.phpnet.us - %profile%\extensions\fastdial@telega.phpnet.us
FF - Ext: foxiFrame basic: foxiFrame@basic.am - %profile%\extensions\foxiFrame@basic.am
FF - Ext: Pimp My Facebook Skin!: nitsansfbskins@nitsan.binnun.co.il - %profile%\extensions\nitsansfbskins@nitsan.binnun.co.il
FF - Ext: Pixel Perfect: pixelperfectplugin@openhouseconcepts.com - %profile%\extensions\pixelperfectplugin@openhouseconcepts.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Paste Email (original): {36365A44-0C40-4d16-B174-0B803FA14366} - %profile%\extensions\{36365A44-0C40-4d16-B174-0B803FA14366}
FF - Ext: Boost for Facebook: {47624dda-b77e-4feb-820a-e4f077d5d4ca} - %profile%\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coFFPlgn

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R0 FXOSDDRV;Foxconn ACPI BIOS Simulator Driver;c:\windows\system32\drivers\FxOSDdrv.sys [2009-6-30 13400]
R0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\drivers\nvamacpi.sys [2009-6-30 24608]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-23 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-14 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-23 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110204.001\IDSvix86.sys [2011-1-31 353912]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl2658c906;MpKsl2658c906;c:\programdata\microsoft\microsoft antimalware\definition updates\{9c542560-0362-4f00-8965-82b8530f7973}\MpKsl2658c906.sys [2011-2-1 28752]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-23 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-9-23 339504]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-6-30 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FOXOSDService;Dell OSD Service;c:\program files\dell\osd\OSDSvr.exe [2009-6-30 65536]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-23 126392]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-12-21 14976]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-20 1153368]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2228008]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-6-30 212992]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-6-30 135936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-28 102448]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 232832]
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2009-4-23 15360]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\drivers\fwleaf.sys [2010-10-16 23616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-28 20952]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FAService;FAService;c:\program files\sensible vision\fast access\FAService.exe [2010-4-4 2409800]
S2 gupdate1ca17168aaae1e;Google Update Service (gupdate1ca17168aaae1e);c:\program files\google\update\GoogleUpdate.exe [2009-8-6 133104]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;"c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" --> c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-20 39264]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-2 55296]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2010-4-18 36928]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-12-21 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-12-21 11104]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2011-02-02 05:22:31 69192 ----a-w- c:\windows\system32\mfevtps.exe.5479.deleteme
2011-02-02 05:22:07 -------- d-----w- c:\program files\common files\Cisco Systems
2011-02-02 05:21:59 -------- d-----w- c:\program files\McAfee
2011-02-02 03:25:36 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9c542560-0362-4f00-8965-82b8530f7973}\MpKsl2658c906.sys
2011-02-02 03:25:25 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9c542560-0362-4f00-8965-82b8530f7973}\mpengine.dll
2011-01-29 05:49:54 -------- d-----w- c:\users\michael\appdata\local\PackageAware
2011-01-29 04:58:10 -------- d-----w- c:\progra~2\IObit
2011-01-29 04:58:05 -------- d-----w- c:\program files\IObit
2011-01-29 04:28:19 -------- d-----w- c:\program files\iKnowPS
2011-01-28 01:27:20 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-27 04:04:22 -------- d-----w- c:\users\michael\appdata\roaming\SUPERAntiSpyware.com
2011-01-26 22:25:33 428352 ----a-w- c:\windows\system32\StubInstaller.exe
2011-01-24 23:59:21 -------- d-----w- c:\users\michael\appdata\roaming\Verizon Wireless
2011-01-24 07:01:20 -------- d--h--w- C:\$AVG
2011-01-24 06:09:32 -------- d-----w- c:\users\michael\appdata\roaming\AVG10
2011-01-24 06:08:34 -------- d--h--w- c:\progra~2\Common Files
2011-01-24 06:06:29 -------- d-----w- c:\progra~2\AVG10
2011-01-23 23:50:20 -------- d-----w- c:\users\michael\appdata\local\Symantec
2011-01-23 01:43:00 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9aa6f986-f756-4e34-8ec8-180e273e5d1f}\gapaengine.dll
2011-01-23 01:28:07 -------- d-----w- c:\windows\Temp0DCD36D9-329C-9FB5-496E-42272E10E84D-Signatures
2011-01-23 01:27:10 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-23 01:26:27 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-18 07:15:51 -------- d-----w- c:\program files\HTC
2011-01-18 07:08:59 -------- d-----w- C:\Temp
2011-01-11 01:37:33 190656 ----a-w- c:\progra~2\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2011-01-10 03:47:48 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-01-10 03:46:43 -------- d-----w- c:\program files\Microsoft Expression
2011-01-10 03:46:34 -------- d-----w- c:\program files\WPF Toolkit
2011-01-10 03:28:13 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-01-10 03:28:13 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-01-10 03:28:12 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-01-10 03:28:12 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-01-10 03:28:11 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-01-10 03:18:01 100512 ----a-w- c:\progra~2\microsoft\vpdexpress\10.0\1033\ResourceCache.dll
2011-01-10 03:14:57 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-01-10 03:13:53 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-01-10 03:12:40 -------- d-----w- c:\program files\Microsoft XDE
2011-01-10 03:12:31 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-01-09 06:38:24 -------- d-----w- c:\program files\common files\Merge Modules
2011-01-09 06:38:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-01-09 06:34:00 -------- d-----w- c:\program files\Search Toolbar
2011-01-08 04:18:12 -------- d-----w- c:\program files\VS Revo Group
2011-01-07 23:47:01 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-07 23:47:00 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-07 23:47:00 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-07 23:47:00 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-07 23:47:00 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-07 23:47:00 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-07 23:46:51 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-07 06:40:44 -------- d-----w- c:\users\michael\appdata\roaming\Wi-Fi Sync
2011-01-05 04:15:42 -------- d-----w- c:\program files\BreakPoint Software
2011-01-05 04:14:37 -------- d-----w- c:\users\michael\appdata\roaming\BreakPoint Software

==================== Find3M ====================

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-23 07:39:19 71880 ----a-w- c:\windows\system32\PxSecure.dll

============= FINISH: 19:26:55.38 ===============






If you would like to contact me on AIM: SomeoneVeryHot.

Thanks in advance.

Attached Files


Edited by Michael1026, 07 February 2011 - 01:52 AM.
Moved from Vista ~BP

BC AdBot (Login to Remove)

 

#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:08 PM

Posted 10 February 2011 - 06:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#3 Michael1026

Michael1026
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:08 PM

Posted 11 February 2011 - 01:43 AM

Thanks a ton. It's kind of hard to post because this virus is taking up a lot of recourses and making my computer slow, but I will try my best. Sorry I took so long, the gmer log took about 7 hours :/.


OTL.txt
-------------------------------------------------

OTL logfile created on: 2/6/2011 3:44:29 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Michael\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 50.16 Gb Free Space | 17.70% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 10.42 Gb Free Space | 71.16% Space Free | Partition Type: NTFS
Drive H: | 465.68 Gb Total Space | 398.42 Gb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/07 01:29:02 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2011/02/06 15:42:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/07 02:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/22 23:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/04 10:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/04/04 10:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/04/04 10:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe
PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/07/15 20:49:44 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/04 18:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/29 21:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/29 21:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/06 10:15:42 | 006,609,440 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/01/06 10:15:32 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2008/12/22 12:59:12 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell\OSD\OSDSvr.exe
PRC - [2008/12/18 10:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/02/20 10:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/09/28 01:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe


========== Modules (SafeList) ==========

MOD - [2011/02/06 15:42:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
MOD - [2011/01/10 17:34:37 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll
MOD - [2011/01/10 17:34:37 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcp90.dll
MOD - [2010/09/20 11:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (mi-raysat_3dsmax2011_32)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/01/20 05:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/01/01 17:24:59 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/07 02:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/04/18 20:28:51 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/04 10:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 10:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/29 21:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/06 10:15:32 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2008/12/22 12:59:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\OSD\OSDSvr.exe -- (FOXOSDService)
SRV - [2008/12/18 10:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 18:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/28 01:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/01/31 20:12:56 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110209.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/01/25 20:04:28 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk41.sys -- (PsSdk41)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/12 16:06:08 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110209.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/12 16:06:07 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110209.021\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/28 19:15:33 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/28 19:15:33 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/22 18:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/08 15:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/09/07 09:10:10 | 000,023,616 | ---- | M] (NETGEAR) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwleaf.sys -- (Fwleaf)
DRV - [2010/08/16 15:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/08/16 15:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/08/09 04:26:24 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/05/05 20:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/28 21:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 19:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 18:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 18:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/15 11:35:01 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/25 16:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/12/17 14:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/14 19:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/08/09 13:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/23 04:41:24 | 000,015,360 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fixustor.sys -- (FIXUSTOR)
DRV - [2009/04/10 20:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/01/06 11:13:06 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/01/06 10:56:18 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NVAMACPI.sys -- (nvamacpi)
DRV - [2009/01/06 10:34:12 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/01/06 10:25:54 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/01/06 10:15:46 | 002,232,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/21 10:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/16 08:56:50 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/11/28 06:32:14 | 000,013,400 | ---- | M] (Foxconn Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\FxOSDdrv.sys -- (FXOSDDRV)
DRV - [2008/11/04 15:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/10/28 07:48:04 | 000,135,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/09/24 16:36:14 | 000,232,832 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\facap.sys -- (FACAP)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/13 17:17:10 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/01/20 18:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 18:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 18:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/07/15 16:20:26 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/07/15 16:20:24 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/05/02 15:48:00 | 000,055,296 | ---- | M] (Leaf Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\leafnets.sys -- (leafnets)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/09/26 19:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/01 22:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15494&l=dis
IE - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "xDazee Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2692722&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.9.1
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b2
FF - prefs.js..extensions.enabledItems: foxiFrame@basic.am:5.1
FF - prefs.js..extensions.enabledItems: nitsansfbskins@nitsan.binnun.co.il:0.4
FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.6.1
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {36365A44-0C40-4d16-B174-0B803FA14366}:3.2.4
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=PCAFSI1210&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/02/25 20:53:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/25 17:00:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/03/15 11:35:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/02 22:42:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/02 17:14:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/05 22:08:59 | 000,000,000 | ---D | M]

[2009/11/10 19:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2009/10/17 21:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/02 02:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions
[2010/12/01 21:58:08 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/06/10 01:39:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/11 12:19:10 | 000,000,000 | ---D | M] (Paste Email (original)) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{36365A44-0C40-4d16-B174-0B803FA14366}
[2010/10/26 14:38:14 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/11/20 04:43:26 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2010/10/21 12:00:19 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/01/22 15:34:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/05 14:38:00 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/01/15 15:49:27 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/06/10 15:58:04 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\cfxe@Triton
[2010/06/10 15:58:09 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\cfxHelper@Triton
[2010/08/06 17:26:36 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\fastdial@telega.phpnet.us
[2010/07/15 19:43:15 | 000,000,000 | ---D | M] (foxiFrame basic) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\foxiFrame@basic.am
[2010/06/11 00:02:48 | 000,000,000 | ---D | M] (Pimp My Facebook Skin!) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\nitsansfbskins@nitsan.binnun.co.il
[2011/01/22 15:34:40 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\pixelperfectplugin@openhouseconcepts.com
[2011/01/08 22:34:13 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\searchtoolbar@zugo.com
[2010/12/07 11:22:21 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\smarterwiki@wikiatic.com
[2010/12/01 21:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2011/02/01 19:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\tzr8389h.default\extensions
[2009/11/10 20:02:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\tzr8389h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/10 20:02:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\tzr8389h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/12 19:27:29 | 000,002,242 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\AOL Search.xml
[2010/12/25 17:41:30 | 000,002,568 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\askcom.xml
[2010/07/10 02:11:01 | 000,001,832 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\bing.xml
[2010/07/03 22:23:36 | 000,000,915 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\conduit.xml
[2010/10/01 06:15:23 | 000,010,059 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\mywebsearch.xml
[2011/02/05 22:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/05 22:09:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/03/15 11:35:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/05/25 17:00:11 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/12 19:27:29 | 000,002,242 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011/01/24 22:42:34 | 000,425,257 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14728 more lines...
O2 - BHO: (no name) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-408373256-3366681759-4279272931-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe (Iknowprocess.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-408373256-3366681759-4279272931-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-408373256-3366681759-4279272931-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Michael\Desktop\Photoshop\photos\michal1026 pimpennnnnnn.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\Desktop\Photoshop\photos\michal1026 pimpennnnnnn.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/18 20:16:49 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4227425f-7b85-11df-a941-0024e8113cb3}\Shell - "" = AutoRun
O33 - MountPoints2\{4227425f-7b85-11df-a941-0024e8113cb3}\Shell\AutoRun\command - "" = G:\Welcome\Welcome.exe
O33 - MountPoints2\{4656aa08-f32d-11de-83aa-000a3a8739ab}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe
O33 - MountPoints2\{4656aa08-f32d-11de-83aa-000a3a8739ab}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe
O33 - MountPoints2\{fa73678d-21bf-11e0-b194-0024e8113cb3}\Shell - "" = AutoRun
O33 - MountPoints2\{fa73678d-21bf-11e0-b194-0024e8113cb3}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "bootini" - 0
MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.x264 - x264vfw.dll File not found
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/05 22:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/05 22:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/01 21:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/02/01 21:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/01/28 21:49:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\PackageAware
[2011/01/28 20:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/01/28 20:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/01/28 20:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iKnowPS
[2011/01/28 20:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\iKnowPS
[2011/01/27 17:27:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/26 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/26 14:25:33 | 000,428,352 | ---- | C] (Panda Security) -- C:\Windows\System32\StubInstaller.exe
[2011/01/24 15:59:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Verizon Wireless
[2011/01/23 23:01:20 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/01/23 22:09:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG10
[2011/01/23 22:08:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/01/23 22:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/01/23 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Symantec
[2011/01/22 17:28:07 | 000,000,000 | ---D | C] -- C:\Windows\Temp0DCD36D9-329C-9FB5-496E-42272E10E84D-Signatures
[2011/01/22 17:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/20 19:45:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\DS2
[2011/01/17 23:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2011/01/17 23:15:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\InstallShield
[2011/01/17 23:08:59 | 000,000,000 | ---D | C] -- C:\Temp
[2011/01/15 16:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Text Pad
[2011/01/12 19:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/01/09 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2011/01/09 19:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\WPF Toolkit
[2011/01/09 19:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2011/01/09 19:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2011/01/09 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2011/01/09 19:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 4.0
[2011/01/09 19:17:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Visual Studio 2010
[2011/01/09 19:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/01/09 19:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/01/09 19:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone Developer Tools
[2011/01/09 19:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/01/09 19:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XDE
[2011/01/08 22:40:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Visual Studio 2005
[2011/01/08 22:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual C++ 2005 Express Edition
[2011/01/08 22:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/01/08 22:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2011/01/08 22:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/01/08 22:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/01/07 20:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/07/23 12:40:11 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Michael\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/06 15:36:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/06 15:31:53 | 000,053,397 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/06 15:31:53 | 000,053,397 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/06 15:31:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/06 15:28:34 | 000,709,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/06 15:28:34 | 000,144,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/06 15:24:35 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/06 15:22:47 | 003,777,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/06 15:22:33 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 15:22:33 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/06 15:21:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/06 15:20:09 | 2951,905,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/05 22:57:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/05 22:55:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-408373256-3366681759-4279272931-1000UA.job
[2011/02/05 21:24:07 | 000,002,487 | ---- | M] () -- C:\Users\Michael\Desktop\HiJackThis.lnk
[2011/02/05 20:59:07 | 000,002,054 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2011/02/05 20:59:07 | 000,002,016 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/05 16:00:20 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Michael.job
[2011/02/02 19:36:31 | 000,000,020 | ---- | M] () -- C:\Users\Michael\Desktop\New WinRAR archive.rar
[2011/02/02 18:15:09 | 000,069,632 | ---- | M] () -- C:\Users\Michael\Documents\Events.evtx
[2011/01/31 16:18:03 | 000,720,344 | ---- | M] () -- C:\Users\Michael\Desktop\rkill.com
[2011/01/26 02:30:46 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/25 20:04:28 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk41.sys
[2011/01/25 12:55:18 | 000,000,900 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/25 00:55:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-408373256-3366681759-4279272931-1000Core.job
[2011/01/24 22:42:34 | 000,425,257 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/22 17:28:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/01/16 22:32:12 | 000,209,100 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/01/12 19:27:37 | 000,001,108 | -H-- | M] () -- C:\IPH.PH
[2011/01/12 19:27:29 | 000,001,680 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/01/08 18:52:07 | 000,109,116 | ---- | M] () -- C:\Users\Michael\Desktop\Dead Rising 2.rar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/02 19:36:31 | 000,000,020 | ---- | C] () -- C:\Users\Michael\Desktop\New WinRAR archive.rar
[2011/02/02 18:15:00 | 000,069,632 | ---- | C] () -- C:\Users\Michael\Documents\Events.evtx
[2011/01/28 18:54:41 | 2951,905,280 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/27 16:22:26 | 000,720,344 | ---- | C] () -- C:\Users\Michael\Desktop\rkill.com
[2011/01/26 02:30:46 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/22 17:28:58 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/11 22:03:20 | 003,481,600 | ---- | C] () -- C:\Users\Michael\Desktop\TU_12K2239_000000C000000.00000000001G3
[2011/01/11 01:19:39 | 001,038,463 | ---- | C] () -- C:\Users\Michael\Desktop\patch_mp.ff
[2010/12/21 11:12:35 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/12/21 11:12:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/12/21 10:28:50 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2010/12/21 10:28:42 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2010/11/28 22:36:03 | 000,053,248 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\chrtmp
[2010/11/23 03:00:20 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\clikf.sys
[2010/11/22 23:39:13 | 000,000,052 | ---- | C] () -- C:\Windows\wininit.ini
[2010/11/20 05:09:39 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xwsjed.sys
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/23 00:24:31 | 000,001,456 | ---- | C] () -- C:\Users\Michael\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/21 17:12:17 | 000,000,132 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/08/07 01:59:07 | 000,000,132 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/22 19:05:52 | 000,000,047 | ---- | C] () -- C:\Windows\huffyuv.ini
[2010/07/16 00:30:13 | 000,053,397 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/16 00:30:12 | 000,053,397 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/10 00:05:18 | 000,067,960 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\speech.wav
[2010/07/08 01:38:16 | 000,000,600 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\winscp.rnd
[2010/06/19 01:33:29 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/23 15:49:31 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/04/23 13:14:55 | 000,000,088 | RHS- | C] () -- C:\ProgramData\0C70463FC5.sys
[2010/04/23 13:14:54 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/10 16:41:22 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/04/04 10:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\System32\FAIEExtension.dll
[2010/04/04 10:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\System32\FAib.dll
[2010/04/04 10:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\System32\FACrashRpt.dll
[2009/10/20 10:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/09/21 14:50:51 | 000,008,268 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2009/09/16 16:14:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/23 21:00:29 | 000,000,224 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/30 13:54:59 | 000,001,547 | ---- | C] () -- C:\ProgramData\__FileUploader.log
[2009/07/24 19:12:57 | 000,072,704 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/30 08:42:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/06/30 08:42:19 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/02/18 22:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/04/07 18:16:43 | 000,000,224 | -H-- | C] () -- C:\Users\Michael\AppData\Roaming\Michaellog.dat
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/01/25 12:52:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems
[2009/12/09 20:46:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\acccore
[2010/04/18 20:30:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Autodesk
[2011/01/23 22:09:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVG10
[2011/01/04 20:14:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BreakPoint Software
[2009/12/19 20:38:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.adobe.ExMan
[2010/10/30 00:32:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Datarescue
[2009/12/20 22:07:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Datel
[2010/11/01 19:04:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FileZilla
[2010/06/16 00:12:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GameTuts
[2010/10/26 21:26:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GruntMods
[2010/10/30 00:35:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hex-Rays
[2011/02/01 17:13:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LimeWire
[2009/11/07 18:54:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mael
[2011/01/09 17:01:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NCH Swift Sound
[2011/01/26 15:05:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Notepad++
[2009/08/12 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Publish Providers
[2010/11/28 08:04:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Registry Mechanic
[2010/04/17 18:40:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sony
[2010/05/23 00:02:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/20 04:43:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SurfSecret Privacy Suite
[2010/04/26 19:41:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SystemRequirementsLab
[2011/01/23 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TeamViewer
[2009/08/23 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Template
[2010/10/22 22:32:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Tific
[2010/11/26 09:03:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TP
[2010/09/02 01:10:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ulead Systems
[2011/01/28 21:50:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uniblue
[2010/11/19 23:52:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uTorrent
[2011/01/06 22:40:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Wi-Fi Sync
[2009/11/11 18:48:17 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer
[2010/09/15 16:56:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Xbins
[2010/11/22 22:49:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Xerax
[2010/12/01 16:26:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XLink Kai
[2010/11/28 22:46:57 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\RegAce Scheduled Scan - Michael.job
[2010/10/22 01:03:38 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011/02/05 22:57:11 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/19 01:53:58 | 000,000,616 | ---- | M] () -- C:\Windows\Tasks\{C5C855CD-FF44-4D56-BFB5-F13A91617FB5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/12/21 10:32:20 | 001,044,992 | ---- | M] (Dell Inc.) Unable to obtain MD5 -- C:\Windows\System32\BCMLogon.dll
[2008/12/21 10:32:38 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/10 22:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 22:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.sys /90 >
[2010/12/31 05:57:01 | 002,039,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 19:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/06/03 21:19:52 | 000,001,397 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/06/30 11:26:06 | 000,003,475 | RH-- | M] () -- C:\dell.sdr
[2011/02/06 15:20:09 | 2951,905,280 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 15:43:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/12 19:27:37 | 000,001,108 | -H-- | M] () -- C:\IPH.PH
[2010/05/02 10:23:18 | 000,001,754 | ---- | M] () -- C:\lma_log.html
[2010/10/17 15:43:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/06 15:20:08 | 3265,794,048 | -HS- | M] () -- C:\pagefile.sys
[2010/03/21 20:29:41 | 002,404,352 | ---- | M] () -- C:\PBU0
[2010/12/15 02:17:35 | 000,001,188 | ---- | M] () -- C:\players.txt
[2009/09/20 13:30:26 | 000,000,018 | ---- | M] () -- C:\ram.vbe
[2011/02/02 16:24:16 | 000,000,730 | ---- | M] () -- C:\rkill.log
[2010/12/14 23:32:57 | 000,000,123 | ---- | M] () -- C:\Setting.txt
[2010/07/02 23:45:00 | 000,001,176 | ---- | M] () -- C:\sqmnoopt00.sqm
[2010/12/15 15:42:53 | 000,000,000 | ---- | M] () -- C:\TableDump.dat
[2011/02/05 21:52:25 | 000,068,332 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_05.02.2011_21.51.52_log.txt
[2010/11/19 01:33:19 | 000,065,796 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_19.11.2010_01.32.59_log.txt
[2010/11/23 03:01:11 | 000,066,024 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.11.2010_02.52.19_log.txt
[2011/01/27 17:12:56 | 000,067,458 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_27.01.2011_17.12.31_log.txt
[2011/01/27 18:07:15 | 000,068,180 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_27.01.2011_18.06.55_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:21E15261D154630F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >




Extras.txt
------------------------------------------------

OTL Extras logfile created on: 2/6/2011 3:44:29 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Michael\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 50.16 Gb Free Space | 17.70% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 10.42 Gb Free Space | 71.16% Space Free | Partition Type: NTFS
Drive H: | 465.68 Gb Total Space | 398.42 Gb Free Space | 85.56% Space Free | Partition Type: FAT32

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-408373256-3366681759-4279272931-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CEB2E3-3A1F-4D47-BD5F-5186C6DDD276}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F67668F-64DE-427F-BF92-24EF58912DD5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26B250BE-6403-49BB-835E-AB06BE6C356D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{61649CEE-2D72-4DF2-98CF-336C1008AEBF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{69213902-D4BC-4621-8D76-02776631AC5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B328C67-3B96-4ED4-A85D-274488BB01F1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{853E81A8-78DC-45F5-983D-10C9F56629F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B8B959A-FFB3-4392-8647-DDF941F49BEA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{908DFF9A-EE2C-40F9-88F0-5F55BA29A28F}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{9A8B4EA5-9F02-4330-AE31-BD346B497FF3}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9ADEDF19-4550-4830-9FBA-09BC78EB8946}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3F58910-9B6B-4412-9DEC-DEA1118B3DDF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC793CF0-16C9-4333-B8AF-5644788A29C5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B8FE8116-4290-4AAA-A293-A0C3491C43EC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4761116-9377-4010-BE39-0B81C5EC87F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC5CD94D-502E-43E1-ADCE-37FFFDDE48C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2DAAD03-D14B-45A2-BD96-53B1A36BCDA4}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007CADB5-86D4-4759-B901-D68F780A214A}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{044B2BB5-F85C-4AB2-B6EF-FEEA13530C59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{066FE975-B313-4594-B2A1-F5EE0126BD41}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{070ACE57-F244-4688-BA03-17C3B1BD3441}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{09F4A40A-679F-4316-9094-47F925B07033}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{0A02D411-FC34-4064-833A-DF21553DCA29}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{0C399DA9-98FE-40D9-97AB-44D2E5485657}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{10414679-C117-4E4B-9E87-B599EE5BCA56}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{117F6290-72C4-4651-89AA-2689F7F2D8B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11EE8717-AC8E-4008-BAD0-27332E381549}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{142CFA61-4DC1-4B41-8945-778D74AEA869}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{1DE32CF3-BEDF-477B-A7D6-5CE0CC7C8436}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1FDFA47C-7060-4150-AFF7-2EC8C033E243}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{232F23D2-24C1-40ED-82F7-8397D15146BE}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v3.0\bin\xnaliveproxy.exe |
"{289A0104-CDCD-467D-98EC-AA854C89D6A2}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{2B5891EF-1146-4611-BFC6-2C370617EEE4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{2BA9F04C-A365-4487-B8D6-8DDC665A6E8E}" = dir=in | app=c:\program files\leaf networks\leaf ce\bin\leaf.exe |
"{2BCED3FA-381A-4538-8771-24C4C8F13BD0}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{2E07BDD8-4CCA-4D08-A0D0-80367401E31C}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{3D03937A-CD94-48B8-8561-17D51E315296}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{416C6CAD-603F-43BB-A4DF-F919948E18B1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{443E3F65-0EBD-4266-85E1-52CF09D4BDDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{462192D5-0CEF-470E-829C-A6EF97E231AC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{4C17BD8B-133C-42CD-B5ED-41A2AC3E94E6}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{4DFF057D-FCCB-417D-9D31-56C4089DE318}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F212E99-C60A-4663-AA44-6C8AAFFC4A92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50924C37-5A2D-4307-8B9C-B7EA485EA254}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{56DA9F95-4B18-4447-B07F-87D227D5AE4E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5886A3F6-C210-4C72-B2EF-C44BB0E31683}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{5AF557F6-9C51-427C-9BB0-737D8FEF6C63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B563D04-F033-4920-89DB-C62F1DEDFC26}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{61458C40-0F77-44E4-A717-61C6B946B102}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{6662CF4F-8F52-42E6-AE18-5F1DD2F9339E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{671D64BD-3435-403F-98B9-1625DDE1B844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A0A5EBD-9825-4FE9-83DA-09463EB39B33}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"{6B11649E-C10D-48A7-AA53-67764891542C}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{6E060749-0109-4769-8DFA-EA133D800772}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{73FC4C28-9BC7-40DE-8987-4F7285979D19}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{7C5EAA99-2E08-4FC3-9C2A-3FD5ED041986}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{8019455D-36FD-4D8E-B75F-EB5B6C2F68D2}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{80A2301C-39D1-4C9D-8175-FE90E0D04946}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{811B9B80-30F1-4782-9689-B78BBFBEC756}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{884AE590-1F0F-4E8A-88F0-18B447C0B330}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AABAD66-4B6B-4EF2-9305-11C25228E8A4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{8BBC7C2B-4C95-408F-A35A-60DE95F682B8}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{92B7FACD-C2D4-41FD-80DE-B4AB6E4CB1C7}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{985D9CA8-7D6F-47DD-9A6E-1185BF0D08D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A14E125-BFBE-4FEE-BB6A-EC130E8F6E88}" = protocol=6 | dir=out | app=system |
"{9CCB580A-4588-4AA0-A76C-B8962B7AF601}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E0665E6-C299-45D2-BD62-A848199BA420}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{9E2C7229-64EC-45E6-8348-0103FFC74B18}" = protocol=6 | dir=in | app=c:\program files\ida\idag.exe |
"{9E9EA09A-04E1-40DB-B1B0-9854795F0C6C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe |
"{A29E0084-6071-4EBF-B6C1-14003E1D428A}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{A8907C97-64EA-4414-85AE-C7D1B178F167}" = protocol=6 | dir=in | app=c:\program files\leaf networks\leaf\bin\leaf.exe |
"{A8FDE9B0-F457-4A68-A770-2D5DB1835C70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A99DEAD7-6385-4E7C-A911-AB1B0684EF57}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{ABAB312E-6F07-4121-A4E8-0D809462D731}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{AD3F1286-309B-48AC-A5C6-71CB8C4ECF1E}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{AD9A9FDA-9699-40B1-89FB-4D91B5DA5D6D}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{B02253C2-DF24-40C9-A890-7E9E4B207321}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{B4BD1DB2-FA0C-46CB-AE0C-CA61B6EA4EB5}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{BBF24EB3-835D-4761-ADB1-D95B0866C7CC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{BCCDCFD9-5C6D-4AFE-9D7F-BD180A1C1C06}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{BF3B2029-5E05-4320-A1B5-C456164E52B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C99E8DF2-F397-4ADE-B8D1-FE63A00F2B25}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{D0E6EB62-C28B-44D8-A1BC-AD015EE20619}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DA9633E8-20FA-4FBE-95E9-B9543C0EA515}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{DC2F1800-82E9-4AB3-A449-4C25EB3EE935}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DE9D4EC8-F98D-4680-8209-20F29562CBEE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{E38BC34D-3825-49F3-9766-014F2D15EDB6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E7E8D13B-20AF-4284-B148-270CBDCF488E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EC311BBD-228C-4C74-9D54-162320C11A41}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{EDE790E8-847E-4ACB-B4F7-9C31C5ED6703}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F46A3469-C8D2-41E6-9440-945251028C94}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{F4F25A3C-AC7B-43C4-8CBB-CAA4C481934B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{F562406F-4988-41DD-8978-BA77C737999B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{F64EDC33-BA0E-4339-9AFC-6183398D4B3C}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{F8C2628F-9940-4552-87D7-86ED0CE7A60A}" = protocol=17 | dir=in | app=c:\program files\ida\idag.exe |
"{F9F10F32-CCC6-45B6-BE28-B94C3995D844}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FA60E00A-FAEC-496D-A0A6-4CD18B551AA8}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FBB4F284-30CA-4B23-B563-B9C01BC6D128}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe |
"{FC78A71E-E0EC-41D3-87C6-446EF19B6F4A}" = protocol=17 | dir=in | app=c:\program files\leaf networks\leaf\bin\leaf.exe |
"{FE70407E-D904-415F-ABDC-6282820C73B1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"TCP Query User{097B1D07-24E3-4441-B207-0136C38D9810}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{0E1A87DD-2634-4B66-871E-C892A144A8FC}C:\users\michael\desktop\programs\xbins.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\programs\xbins.exe |
"TCP Query User{3571ADEC-8F4C-463D-BCBD-BBA01451C860}C:\users\michael\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\mw2\iw4mp.exe |
"TCP Query User{43E32C66-9F20-4D55-BEE1-4CED7C077F6D}C:\users\michael\downloads\xbins.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\xbins.exe |
"TCP Query User{609D6C0D-754C-4BB0-90CF-5E538A1001D6}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe |
"TCP Query User{78743531-360E-4A47-BBD9-2F1418201937}C:\windows\fupldr.exe" = protocol=6 | dir=in | app=c:\windows\fupldr.exe |
"TCP Query User{8A0386C4-574D-4568-A68D-CC1EFF3CEC2A}C:\program files\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files\cain\cain.exe |
"TCP Query User{B91A559A-85A2-485E-8769-9B739202147F}C:\program files\pinnacle\studio 12\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"TCP Query User{D2425A7E-85DD-4063-800C-D1CE22A5B074}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F7D706CE-AF63-43E3-9B24-FA8A70D73C29}C:\program files\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files\net tools\nettools5.exe |
"UDP Query User{3960B5D9-9D88-43C1-8771-3CD3EC258F61}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe |
"UDP Query User{437A2523-366E-4EE6-B6E0-DA9A45E5EC9A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4F8DC710-5D80-4003-9F65-D9652260069F}C:\users\michael\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\mw2\iw4mp.exe |
"UDP Query User{6689EFD9-24B2-496E-B19C-7EF146BAA785}C:\users\michael\desktop\programs\xbins.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\programs\xbins.exe |
"UDP Query User{73E920B0-93F6-4202-99A3-9FE3012B1347}C:\users\michael\downloads\xbins.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\xbins.exe |
"UDP Query User{870EADA7-B8B6-428D-9D0A-E5FDD5BBD059}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A0AED9D9-A92A-40EE-ADF3-F70C3638F260}C:\program files\pinnacle\studio 12\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe |
"UDP Query User{A81F5180-375E-45F9-B455-5D60642D5A39}C:\program files\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files\net tools\nettools5.exe |
"UDP Query User{CAB04F1E-71D5-4B6E-89E2-E06E180C115F}C:\windows\fupldr.exe" = protocol=17 | dir=in | app=c:\windows\fupldr.exe |
"UDP Query User{FD6AFFE9-45C0-43C0-8371-6DE45541BB19}C:\program files\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files\cain\cain.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.0 (Platformer)
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ANYCOM Bluetooth Software 6.0.1.6300
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.0 (Redists)
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1336D61B-1D48-4E5C-9E39-35444B00EE3D}" = FastAccess
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 23
"{2773B836-AC66-4178-A414-C5A0F9F5D805}" = XLink Kai
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.0 (VCSExpress)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5542F72D-45E4-371C-BE4B-A7CB70C11E9D}" = Windows Phone Emulator - ENU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67574624-BF0F-0409-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-bit
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{76CB3301-6463-4D01-8BE2-A3C99692EB31}" = OSD
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.0 Documentation
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A06F2FC8-66FA-4CEE-8226-91A113102DAF}" = Xbox Live Bio Art Creator V2
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.0 (Shared Components)
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.0 (ARP entry)
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AI RoboForm" = AI RoboForm (All Users)
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"AMCap" = AMCap
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Cain & Abel v4.9.36" = Cain & Abel v4.9.36
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CycoreFX HD 1.6.1 for After Effects" = CycoreFX HD 1.6.1 for After Effects
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ffdshow_is1" = ffdshow v1.1.3355 [2010-04-11]
"Google Updater" = Google Updater
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"iKnowPS_is1" = iKnowPS
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"JDownloader" = JDownloader
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LimeWire" = LimeWire 5.6.2
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"N360" = Norton 360
"NetTools_is1" = NetTools 5.0
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Pixillion" = Pixillion Image Converter
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"TeamViewer 6" = TeamViewer 6
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.1 beta
"winscpfar_is1" = WinSCP plugin for FAR 1.6.2
"XNA Game Studio 3.0" = Microsoft XNA Game Studio 3.0
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"XPort 360_is1" = XPort 360

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-408373256-3366681759-4279272931-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"217e22b0936d606b" = WindowsApplication1
"Google Chrome" = Google Chrome
"I-Doser v4" = I-Doser v4
"QUICKMEDIACONVERTER" = Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Attached Files

  • Attached File  GMER.log   27.22KB   2 downloads

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:08 PM

Posted 11 February 2011 - 06:56 PM

Hello, Michael1026.
This may be due false positives due to having too many antivirus programs installed. It only appears that MSE is running now, but multiples were enabled in the original log.

There is one piece of malware too.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWire, ). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578



Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.

Two Antiviruses Warning


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton 360 or Microsoft Security Essentials.





Step 1

Please ensure only one antivirus is running in real-time protection mode.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

Edited by etavares, 11 February 2011 - 06:57 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#5 Michael1026

Michael1026
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:08 PM

Posted 11 February 2011 - 09:26 PM

Thanks for the reply. I uninstalled MSE and Ask toolbar.

My computer is still acting up. I can post a picture from Nortons security history if you would like me to.

Heres the Mbam log, I ran a full scan a few days ago and got the same results.




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5716

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

2/7/2011 6:26:20 PM
mbam-log-2011-02-07 (18-26-20).txt

Scan type: Quick scan
Objects scanned: 185317
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Michael1026, 12 February 2011 - 02:26 AM.

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:08 PM

Posted 12 February 2011 - 07:30 AM

Hello, Michael1026.
A photo would be helpful. That is generally normal behavior provided they are legitimate files. msiexec is one. Here's a thread from the Norton Forums as an example. It could be something, and it may just be normal. The photo will help us determine that.

Now, the other issues concern me more. Between the System Restore and the non responding programs and slow internet, what is happening? Are you installing Windows updates, or anything else? Something has to be re-occuring.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  • Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  • Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  • Click OK at the first message box.
  • Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  • Click OK.
  • Click Yes to create the new folder.
  • You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
SRV - File not found [Auto | Stopped] -- -- (mi-raysat_3dsmax2011_32)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
O2 - BHO: (no name) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - No CLSID value found.
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [FAStartup] File not found
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
@Alternate Data Stream - 24 bytes -> C:\Windows:21E15261D154630F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
:Commands
[EmptyTemp]
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#7 Michael1026

Michael1026
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:08 PM

Posted 12 February 2011 - 06:50 PM

Norton picture: http://i819.photobucket.com/albums/zz118/pb1143/Norton.jpg This is an old picture, about a week old, but I am getting the same thing, about three of these errors per minute. About 90% of them are from C:\Program Files\Sensible Vision\Fast Access\Faservice. This is a program that I use when I login. It came installed on my computer. It didn't start reporting this until the day my computer was acting up. If it's not this, it will be something different. Oh yeah, to answer your other question, I have done a couple of system updates. I got once last night, and one about 1-2 weeks ago.








OTL log 1.
All processes killed
========== OTL ==========
Service mi-raysat_3dsmax2011_32 stopped successfully!
Service mi-raysat_3dsmax2011_32 deleted successfully!
Service ACDaemon stopped successfully!
Service ACDaemon deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
Starting removal of ActiveX control {20A60F0D-9AFA-4515-A0FD-83BD84642501}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20A60F0D-9AFA-4515-A0FD-83BD84642501}\ not found.
Starting removal of ActiveX control {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
C:\Windows\Downloaded Program Files\DownloadManagerV2.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
Starting removal of ActiveX control {8100D56A-5661-482C-BEE8-AFECE305D968}
C:\Windows\Downloaded Program Files\PhotoUploader55.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Starting removal of ActiveX control {9C23D886-43CB-43DE-B2DB-112A68D7E10A}
C:\Windows\Downloaded Program Files\MySpaceUploader2.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ not found.
Starting removal of ActiveX control {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
ADS C:\Windows:21E15261D154630F deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:B63300D1 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
C:\Program Files\Search Toolbar\SearchToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->FireFox cache emptied: 3543948 bytes
->Flash cache emptied: 41661 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41661 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael
->Temp folder emptied: 2006 bytes
->Temporary Internet Files folder emptied: 3033163 bytes
->Java cache emptied: 99231700 bytes
->FireFox cache emptied: 42092781 bytes
->Google Chrome cache emptied: 371348049 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 48309 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 223660 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 31832 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 956998 bytes

Total Files Cleaned = 497.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02082011_134404

Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\C9320E64-EE0F-4422-B6DA-C0F3768C080E.dat moved successfully.
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2L09XJE\ask_com[1].htm moved successfully.
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I887SF3I\hpstatic[1].htm moved successfully.

Registry entries deleted on Reboot...





OTL log 2.
OTL logfile created on: 2/8/2011 1:49:45 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = c:\Users\Michael\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 50.93 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 10.42 Gb Free Space | 71.16% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/06 15:42:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\Michael\Downloads\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/07 02:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/22 23:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/04 10:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/04/04 10:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/04/04 10:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe
PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/07/15 20:49:44 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/04 18:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/29 21:50:10 | 001,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/01/29 21:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/29 21:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/06 10:15:42 | 006,609,440 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/01/06 10:15:32 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2008/12/22 12:59:12 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell\OSD\OSDSvr.exe
PRC - [2008/12/18 10:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/02/20 10:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/09/28 01:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe


========== Modules (SafeList) ==========

MOD - [2011/02/06 15:42:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\Michael\Downloads\OTL.exe
MOD - [2011/01/10 17:34:37 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll
MOD - [2011/01/10 17:34:37 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcp90.dll
MOD - [2010/09/20 11:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/20 05:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/01/01 17:24:59 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/07 02:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/04/18 20:28:51 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/04 10:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 10:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/08/24 03:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/29 21:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/06 10:15:32 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2008/12/22 12:59:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\OSD\OSDSvr.exe -- (FOXOSDService)
SRV - [2008/12/18 10:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 18:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/28 01:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/01/31 20:12:56 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110211.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/01/25 20:04:28 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk41.sys -- (PsSdk41)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/12 16:06:08 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110211.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/12 16:06:07 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110211.033\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/28 19:15:33 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/28 19:15:33 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/22 18:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/04 14:12:04 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/09/08 15:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/09/07 09:10:10 | 000,023,616 | ---- | M] (NETGEAR) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwleaf.sys -- (Fwleaf)
DRV - [2010/08/16 15:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/08/16 15:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/08/09 04:26:24 | 000,039,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/05/05 20:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/28 21:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 19:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 18:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 18:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/04/03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/15 11:35:01 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/25 16:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/12/17 14:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/14 19:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/08/09 13:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/04/23 04:41:24 | 000,015,360 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fixustor.sys -- (FIXUSTOR)
DRV - [2009/04/10 20:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/01/06 11:13:06 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/01/06 10:56:18 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NVAMACPI.sys -- (nvamacpi)
DRV - [2009/01/06 10:34:12 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/01/06 10:25:54 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/01/06 10:15:46 | 002,232,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/21 10:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/16 08:56:50 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/11/28 06:32:14 | 000,013,400 | ---- | M] (Foxconn Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\FxOSDdrv.sys -- (FXOSDDRV)
DRV - [2008/11/04 15:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/10/28 07:48:04 | 000,135,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/09/24 16:36:14 | 000,232,832 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\facap.sys -- (FACAP)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/13 17:17:10 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/01/20 18:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 18:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 18:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 18:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 18:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 18:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 18:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 18:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/20 18:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 18:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 18:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 18:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 18:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 18:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 18:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 18:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 18:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 18:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 18:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 18:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 18:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 18:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 18:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 18:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 18:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 18:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/07/15 16:20:26 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/07/15 16:20:24 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/05/02 15:48:00 | 000,055,296 | ---- | M] (Leaf Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\leafnets.sys -- (leafnets)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/09/26 19:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/08/01 22:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15494&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "xDazee Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2692722&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.9.1
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b2
FF - prefs.js..extensions.enabledItems: foxiFrame@basic.am:5.1
FF - prefs.js..extensions.enabledItems: nitsansfbskins@nitsan.binnun.co.il:0.4
FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.6.1
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: {36365A44-0C40-4d16-B174-0B803FA14366}:3.2.4
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=PCAFSI1210&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/02/25 20:53:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/25 17:00:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/03/15 11:35:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/02 22:42:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/02 17:14:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/05 22:08:59 | 000,000,000 | ---D | M]

[2009/11/10 19:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2009/10/17 21:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/02 02:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions
[2010/12/01 21:58:08 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/06/10 01:39:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/11 12:19:10 | 000,000,000 | ---D | M] (Paste Email (original)) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{36365A44-0C40-4d16-B174-0B803FA14366}
[2010/10/26 14:38:14 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/11/20 04:43:26 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2010/10/21 12:00:19 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/01/22 15:34:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/05 14:38:00 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/01/15 15:49:27 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/06/10 15:58:04 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\cfxe@Triton
[2010/06/10 15:58:09 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\cfxHelper@Triton
[2010/08/06 17:26:36 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\fastdial@telega.phpnet.us
[2010/07/15 19:43:15 | 000,000,000 | ---D | M] (foxiFrame basic) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\foxiFrame@basic.am
[2010/06/11 00:02:48 | 000,000,000 | ---D | M] (Pimp My Facebook Skin!) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\nitsansfbskins@nitsan.binnun.co.il
[2011/01/22 15:34:40 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\pixelperfectplugin@openhouseconcepts.com
[2011/01/08 22:34:13 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\searchtoolbar@zugo.com
[2010/12/07 11:22:21 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\smarterwiki@wikiatic.com
[2010/12/01 21:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2011/02/01 19:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\tzr8389h.default\extensions
[2009/11/10 20:02:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\tzr8389h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/10 20:02:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\tzr8389h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/12 19:27:29 | 000,002,242 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\AOL Search.xml
[2010/12/25 17:41:30 | 000,002,568 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\askcom.xml
[2010/07/10 02:11:01 | 000,001,832 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\bing.xml
[2010/07/03 22:23:36 | 000,000,915 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\conduit.xml
[2010/10/01 06:15:23 | 000,010,059 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\searchplugins\mywebsearch.xml
[2011/02/05 22:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/05 22:09:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/03/15 11:35:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN
[2010/05/25 17:00:11 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/12 19:27:29 | 000,002,242 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

O1 HOSTS File: ([2011/01/24 22:42:34 | 000,425,257 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14728 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe (Iknowprocess.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Michael\Desktop\Photoshop\photos\michal1026 pimpennnnnnn.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michael\Desktop\Photoshop\photos\michal1026 pimpennnnnnn.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/18 20:16:49 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4227425f-7b85-11df-a941-0024e8113cb3}\Shell - "" = AutoRun
O33 - MountPoints2\{4227425f-7b85-11df-a941-0024e8113cb3}\Shell\AutoRun\command - "" = G:\Welcome\Welcome.exe
O33 - MountPoints2\{4656aa08-f32d-11de-83aa-000a3a8739ab}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe
O33 - MountPoints2\{4656aa08-f32d-11de-83aa-000a3a8739ab}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe
O33 - MountPoints2\{fa73678d-21bf-11e0-b194-0024e8113cb3}\Shell - "" = AutoRun
O33 - MountPoints2\{fa73678d-21bf-11e0-b194-0024e8113cb3}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/08 13:44:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/08 13:42:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/08 13:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/08 13:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/08 02:33:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\doubleTwist Corporation
[2011/02/08 02:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doubleTwist
[2011/02/08 02:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\doubleTwist
[2011/02/08 02:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\doubleTwist 2.0
[2011/02/05 22:55:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/05 22:55:49 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/05 22:55:49 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/05 22:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/05 22:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/05 22:08:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/05 22:08:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/05 22:08:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/05 22:08:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/05 15:55:53 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/05 15:55:52 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/05 15:55:33 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/05 15:55:23 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/05 15:55:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/05 15:55:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/05 15:55:22 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/05 15:55:22 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/05 15:55:22 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/05 15:55:21 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/05 15:55:21 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/05 15:55:21 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/02/05 15:55:21 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/05 15:55:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/05 15:55:20 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/05 15:55:20 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/05 15:55:20 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/05 15:55:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/05 15:55:20 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/05 15:55:20 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/05 15:55:20 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/05 15:55:20 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/05 15:55:20 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/05 15:55:19 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/05 15:55:18 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/05 15:55:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/05 15:55:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/05 15:55:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/05 15:54:49 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/05 15:54:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/01 21:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/02/01 21:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/01/28 21:49:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\PackageAware
[2011/01/28 20:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/01/28 20:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/01/28 20:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iKnowPS
[2011/01/28 20:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\iKnowPS
[2011/01/27 17:27:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/26 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/26 14:25:33 | 000,428,352 | ---- | C] (Panda Security) -- C:\Windows\System32\StubInstaller.exe
[2011/01/24 15:59:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Verizon Wireless
[2011/01/23 23:01:20 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/01/23 22:09:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\AVG10
[2011/01/23 22:08:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/01/23 22:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/01/23 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Symantec
[2011/01/22 17:28:07 | 000,000,000 | ---D | C] -- C:\Windows\Temp0DCD36D9-329C-9FB5-496E-42272E10E84D-Signatures
[2011/01/22 17:26:27 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/01/20 19:45:44 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\DS2
[2011/01/17 23:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2011/01/17 23:15:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\InstallShield
[2011/01/17 23:08:59 | 000,000,000 | ---D | C] -- C:\Temp
[2011/01/15 16:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Text Pad
[2011/01/12 19:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/01/09 19:47:48 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/01/09 19:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2011/01/09 19:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\WPF Toolkit
[2011/01/09 19:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2011/01/09 19:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2011/01/09 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2011/01/09 19:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 4.0
[2011/01/09 19:28:13 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/01/09 19:28:13 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/01/09 19:28:12 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/01/09 19:28:12 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/01/09 19:28:11 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/01/09 19:17:35 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Visual Studio 2010
[2011/01/09 19:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/01/09 19:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/01/09 19:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone Developer Tools
[2011/01/09 19:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/01/09 19:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XDE
[2011/01/09 19:12:31 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2009/07/23 12:40:11 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Michael\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/02/08 13:55:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-408373256-3366681759-4279272931-1000UA.job
[2011/02/08 13:53:18 | 000,707,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/08 13:53:17 | 000,143,656 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/08 13:48:59 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/02/08 13:47:13 | 000,053,397 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/08 13:47:13 | 000,053,397 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/08 13:46:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 13:46:38 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 13:46:38 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/08 13:46:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/08 13:46:24 | 2951,958,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/08 13:45:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/08 13:42:15 | 000,000,875 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/08 13:42:01 | 000,000,695 | ---- | M] () -- C:\Users\Michael\Desktop\NTREGOPT.lnk
[2011/02/08 13:42:01 | 000,000,676 | ---- | M] () -- C:\Users\Michael\Desktop\ERUNT.lnk
[2011/02/08 13:35:25 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 02:33:23 | 000,001,836 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\doubleTwist.lnk
[2011/02/08 02:33:23 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2011/02/08 00:55:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-408373256-3366681759-4279272931-1000Core.job
[2011/02/07 23:13:06 | 000,002,054 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2011/02/07 23:13:06 | 000,002,016 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/07 18:23:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/07 16:06:20 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Michael.job
[2011/02/06 15:59:53 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2011/02/06 15:22:47 | 003,777,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/05 21:24:07 | 000,002,487 | ---- | M] () -- C:\Users\Michael\Desktop\HiJackThis.lnk
[2011/02/02 19:36:31 | 000,000,020 | ---- | M] () -- C:\Users\Michael\Desktop\New WinRAR archive.rar
[2011/02/02 18:15:09 | 000,069,632 | ---- | M] () -- C:\Users\Michael\Documents\Events.evtx
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/01/31 16:18:03 | 000,720,344 | ---- | M] () -- C:\Users\Michael\Desktop\rkill.com
[2011/01/26 02:30:46 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/25 20:04:28 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\Windows\System32\drivers\pssdk41.sys
[2011/01/25 12:55:18 | 000,000,900 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/24 22:42:34 | 000,425,257 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/20 08:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/01/20 08:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/01/20 08:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/20 08:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/01/20 08:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/20 08:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/01/20 08:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/01/20 08:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/01/20 08:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/01/20 08:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/01/20 06:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/01/20 06:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/20 06:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/01/20 06:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/01/20 06:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/20 06:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/20 06:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/01/20 06:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/01/20 06:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/01/20 06:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/20 06:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/20 06:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/01/20 05:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/20 05:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/20 05:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/16 22:32:12 | 000,209,100 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/01/12 19:27:37 | 000,001,108 | -H-- | M] () -- C:\IPH.PH
[2011/01/12 19:27:29 | 000,001,680 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

========== Files Created - No Company Name ==========

[2011/02/08 13:42:14 | 000,000,875 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/08 13:42:01 | 000,000,695 | ---- | C] () -- C:\Users\Michael\Desktop\NTREGOPT.lnk
[2011/02/08 13:42:01 | 000,000,676 | ---- | C] () -- C:\Users\Michael\Desktop\ERUNT.lnk
[2011/02/08 02:33:23 | 000,001,836 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\doubleTwist.lnk
[2011/02/08 02:33:23 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2011/02/06 15:59:53 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2011/02/02 19:36:31 | 000,000,020 | ---- | C] () -- C:\Users\Michael\Desktop\New WinRAR archive.rar
[2011/02/02 18:15:00 | 000,069,632 | ---- | C] () -- C:\Users\Michael\Documents\Events.evtx
[2011/01/28 18:54:41 | 2951,958,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/27 16:22:26 | 000,720,344 | ---- | C] () -- C:\Users\Michael\Desktop\rkill.com
[2011/01/26 02:30:46 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/22 17:28:58 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/11 22:03:20 | 003,481,600 | ---- | C] () -- C:\Users\Michael\Desktop\TU_12K2239_000000C000000.00000000001G3
[2011/01/11 01:19:39 | 001,038,463 | ---- | C] () -- C:\Users\Michael\Desktop\patch_mp.ff
[2010/12/21 11:12:35 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/12/21 11:12:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/12/21 10:28:50 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2010/12/21 10:28:42 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2010/11/28 22:36:03 | 000,053,248 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\chrtmp
[2010/11/23 03:00:20 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\clikf.sys
[2010/11/22 23:39:13 | 000,000,052 | ---- | C] () -- C:\Windows\wininit.ini
[2010/11/20 05:09:39 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xwsjed.sys
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/23 00:24:31 | 000,001,456 | ---- | C] () -- C:\Users\Michael\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/21 17:12:17 | 000,000,132 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/08/07 01:59:07 | 000,000,132 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/22 19:05:52 | 000,000,047 | ---- | C] () -- C:\Windows\huffyuv.ini
[2010/07/16 00:30:13 | 000,053,397 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/16 00:30:12 | 000,053,397 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/10 00:05:18 | 000,067,960 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\speech.wav
[2010/07/08 01:38:16 | 000,000,600 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\winscp.rnd
[2010/06/19 01:33:29 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/23 15:49:31 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/04/23 13:14:55 | 000,000,088 | RHS- | C] () -- C:\ProgramData\0C70463FC5.sys
[2010/04/23 13:14:54 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/10 16:41:22 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/04/04 10:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\System32\FAIEExtension.dll
[2010/04/04 10:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\System32\FAib.dll
[2010/04/04 10:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\System32\FACrashRpt.dll
[2009/10/20 10:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/09/21 14:50:51 | 000,008,268 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2009/09/16 16:14:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/23 21:00:29 | 000,000,224 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/30 13:54:59 | 000,001,547 | ---- | C] () -- C:\ProgramData\__FileUploader.log
[2009/07/24 19:12:57 | 000,072,704 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/30 08:42:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/06/30 08:42:19 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/02/18 22:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/04/07 18:16:43 | 000,000,224 | -H-- | C] () -- C:\Users\Michael\AppData\Roaming\Michaellog.dat
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >


The ESET scan is still running, and I will post the results when it's done. Thanks a ton for helping me with this.

Edited by Michael1026, 13 February 2011 - 03:16 AM.

#8 Michael1026

Michael1026
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:08 PM

Posted 12 February 2011 - 08:32 PM

ESET scan:

C:\Users\Michael\Documents\media.player.codec.pack.v3.8.0.setup.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Users\Michael\Documents\Sony478091.rar a variant of Win32/Keygen.AR application deleted - quarantined
C:\Users\Michael\Documents\Downloads\SonyVPRO9MEDICINE.rar a variant of Win32/Keygen.AR application deleted - quarantined

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:08 PM

Posted 13 February 2011 - 08:16 AM

Hello, Michael1026.
I see ESET removed a couple of keygens. I'll skip the legal aspect and just warn you that keygens are often infected with malicious software. It's one of the major infection vectors so be very careful.

It's interesting that the accesses started with the other problems as the Norton community considers that program accessing blocked areas as benign.
http://community.norton.com/t5/Norton-Internet-Security-Norton/Security-History-Problems-should-I-be-concerned/m-p/225399

I'm asking about the updates to try and narrow down the cause. If you do a system restore, it runs OK. So something must be happening between that and when it acts up. New software installed, Windows update installed, etc. Have you run a system restore since we started? If you do, I'll be unlikely to see what's going on. It does appaer to be benign at this point. We can use more powerful tools although nothing in the logs is suggesting we should. Let me know how you want to proceed. Is it acting up now, or has it been ok since you posted, short of the Norton logs.


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#10 Michael1026

Michael1026
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:08 PM

Posted 13 February 2011 - 03:38 PM

I have not tried running a system restore since have started. And yes my computer is still acting up. I will go ahead and run any program you want me to try. Also i don't know if this helps or not, but the day my computer started acting up, a lot of shortcuts got deleted off of my desktop, and Malwarebytes was uninstalled. Thanks.

Edited by Michael1026, 13 February 2011 - 04:08 PM.

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:08 PM

Posted 14 February 2011 - 07:08 PM

Hello, Michael1026.
That is very odd and suspiciuos to say the least. Let's go ahead with Combofix.



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#12 Michael1026

Michael1026
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:08 PM

Posted 14 February 2011 - 07:45 PM

ComboFix is telling me Norton 360 is active when I disabled it.
Edit: Nevermind, got it.







Log:
ComboFix 11-02-13.04 - Michael 02/10/2011 16:50:00.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2815.1350 [GMT -8:00]
Running from: c:\users\Michael\Desktop\etavaresCF.exe.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Desktop
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Michael\AppData\Roaming\chrtmp
c:\windows\Install
c:\windows\system32\App
c:\windows\system32\App\Photoshop\ACE.dll
c:\windows\system32\App\Photoshop\adobe_caps.dll
c:\windows\system32\App\Photoshop\adobe_epic.dll
c:\windows\system32\App\Photoshop\adobe_epic\eula\back.html
c:\windows\system32\App\Photoshop\adobe_epic\eula\background.png
c:\windows\system32\App\Photoshop\adobe_epic\eula\default.css
c:\windows\system32\App\Photoshop\adobe_epic\eula\domutils.js
c:\windows\system32\App\Photoshop\adobe_epic\eula\en_gb\install.html
c:\windows\system32\App\Photoshop\adobe_epic\eula\en_gb\install2.html
c:\windows\system32\App\Photoshop\adobe_epic\eula\en_us\install.html
c:\windows\system32\App\Photoshop\adobe_epic\eula\en_us\install2.html
c:\windows\system32\App\Photoshop\adobe_epic\eula\fr_ca\install.html
c:\windows\system32\App\Photoshop\adobe_epic\eula\fr_ca\install2.html
c:\windows\system32\App\Photoshop\adobe_epic\eula\fr_fr\install.html
c:\windows\system32\App\Photoshop\adobe_epic\eula\fr_fr\install2.html
c:\windows\system32\App\Photoshop\adobe_epic\eula\onframeload.js
c:\windows\system32\App\Photoshop\adobe_epic\eula\Thumbs.db
c:\windows\system32\App\Photoshop\adobe_epic\eula\wizardcore.js
c:\windows\system32\App\Photoshop\adobe_eula.dll
c:\windows\system32\App\Photoshop\AdobeLinguistic.dll
c:\windows\system32\App\Photoshop\AdobeLM.dll
c:\windows\system32\App\Photoshop\AdobeLM_libFNP.dll
c:\windows\system32\App\Photoshop\AdobeOwl.dll
c:\windows\system32\App\Photoshop\AdobeOwlCanvas.dll
c:\windows\system32\App\Photoshop\AdobePDFL.dll
c:\windows\system32\App\Photoshop\AdobeUpdater.dll
c:\windows\system32\App\Photoshop\AdobeXMP.dll
c:\windows\system32\App\Photoshop\AdobeXMPFiles.dll
c:\windows\system32\App\Photoshop\AdobeXMPScript.dll
c:\windows\system32\App\Photoshop\AFlamingo.dll
c:\windows\system32\App\Photoshop\AGM.dll
c:\windows\system32\App\Photoshop\ahclient.dll
c:\windows\system32\App\Photoshop\aif_core.dll
c:\windows\system32\App\Photoshop\aif_ogl.dll
c:\windows\system32\App\Photoshop\AlignmentLib.dll
c:\windows\system32\App\Photoshop\AMT\AdobeConfig.xml
c:\windows\system32\App\Photoshop\AMT\application.sif
c:\windows\system32\App\Photoshop\AMT\application.xml
c:\windows\system32\App\Photoshop\AMT\aul.xml
c:\windows\system32\App\Photoshop\AMT\AUMProduct.cer
c:\windows\system32\App\Photoshop\AMT\Core key files\ConflictingProcesses
c:\windows\system32\App\Photoshop\AMT\Core key files\CreatePanelsDir
c:\windows\system32\App\Photoshop\AMT\Core key files\CreatePSPrefsDir
c:\windows\system32\App\Photoshop\AMT\Core key files\MergeModules
c:\windows\system32\App\Photoshop\AMT\Core key files\ps.png
c:\windows\system32\App\Photoshop\AMT\Core key files\Registry
c:\windows\system32\App\Photoshop\AMT\Core key files\Thumbs.db
c:\windows\system32\App\Photoshop\AMT\en_gb\AMT.zdct
c:\windows\system32\App\Photoshop\AMT\en_us\AMT.zdct
c:\windows\system32\App\Photoshop\AMT\fr_ca\AMT.zdct
c:\windows\system32\App\Photoshop\AMT\fr_fr\AMT.zdct
c:\windows\system32\App\Photoshop\AMT\legal\ar_ae\license.html
c:\windows\system32\App\Photoshop\AMT\legal\bg_bg\license.html
c:\windows\system32\App\Photoshop\AMT\legal\cs_cz\license.html
c:\windows\system32\App\Photoshop\AMT\legal\da_dk\license.html
c:\windows\system32\App\Photoshop\AMT\legal\de_de\license.html
c:\windows\system32\App\Photoshop\AMT\legal\el_gr\license.html
c:\windows\system32\App\Photoshop\AMT\legal\en_gb\license.html
c:\windows\system32\App\Photoshop\AMT\legal\en_us\license.html
c:\windows\system32\App\Photoshop\AMT\legal\es_es\license.html
c:\windows\system32\App\Photoshop\AMT\legal\es_mx\license.html
c:\windows\system32\App\Photoshop\AMT\legal\et_ee\license.html
c:\windows\system32\App\Photoshop\AMT\legal\fi_fi\license.html
c:\windows\system32\App\Photoshop\AMT\legal\fr_ca\license.html
c:\windows\system32\App\Photoshop\AMT\legal\fr_fr\license.html
c:\windows\system32\App\Photoshop\AMT\legal\he_il\license.html
c:\windows\system32\App\Photoshop\AMT\legal\hr_hr\license.html
c:\windows\system32\App\Photoshop\AMT\legal\hu_hu\license.html
c:\windows\system32\App\Photoshop\AMT\legal\it_it\license.html
c:\windows\system32\App\Photoshop\AMT\legal\ja_jp\license.html
c:\windows\system32\App\Photoshop\AMT\legal\ko_kr\license.html
c:\windows\system32\App\Photoshop\AMT\legal\lt_lt\license.html
c:\windows\system32\App\Photoshop\AMT\legal\lv_lv\license.html
c:\windows\system32\App\Photoshop\AMT\legal\nb_no\license.html
c:\windows\system32\App\Photoshop\AMT\legal\nl_nl\license.html
c:\windows\system32\App\Photoshop\AMT\legal\pl_pl\license.html
c:\windows\system32\App\Photoshop\AMT\legal\pt_br\license.html
c:\windows\system32\App\Photoshop\AMT\legal\ro_ro\license.html
c:\windows\system32\App\Photoshop\AMT\legal\ru_ru\license.html
c:\windows\system32\App\Photoshop\AMT\legal\sk_sk\license.html
c:\windows\system32\App\Photoshop\AMT\legal\sl_si\license.html
c:\windows\system32\App\Photoshop\AMT\legal\sv_se\license.html
c:\windows\system32\App\Photoshop\AMT\legal\tr_tr\license.html
c:\windows\system32\App\Photoshop\AMT\legal\uk_ua\license.html
c:\windows\system32\App\Photoshop\AMT\legal\zh_cn\license.html
c:\windows\system32\App\Photoshop\AMT\legal\zh_tw\license.html
c:\windows\system32\App\Photoshop\AMT\LMResources\adobelogo.png
c:\windows\system32\App\Photoshop\AMT\LMResources\background.png
c:\windows\system32\App\Photoshop\AMT\LMResources\Thumbs.db
c:\windows\system32\App\Photoshop\AMT\reg_custom_background.bmp
c:\windows\system32\App\Photoshop\AMT\Thumbs.db
c:\windows\system32\App\Photoshop\amtlib.dll
c:\windows\system32\App\Photoshop\amtservices.dll
c:\windows\system32\App\Photoshop\ARE.dll
c:\windows\system32\App\Photoshop\asneu.dll
c:\windows\system32\App\Photoshop\authplay.dll
c:\windows\system32\App\Photoshop\AXE8SharedExpat.dll
c:\windows\system32\App\Photoshop\AXEDOMCore.dll
c:\windows\system32\App\Photoshop\Bib.dll
c:\windows\system32\App\Photoshop\BIBUtils.dll
c:\windows\system32\App\Photoshop\cg.dll
c:\windows\system32\App\Photoshop\cgGL.dll
c:\windows\system32\App\Photoshop\Configuration\PS_exman_24px.png
c:\windows\system32\App\Photoshop\Configuration\Thumbs.db
c:\windows\system32\App\Photoshop\Configuration\XManConfig.xml
c:\windows\system32\App\Photoshop\CoolType.dll
c:\windows\system32\App\Photoshop\data_flow.dll
c:\windows\system32\App\Photoshop\ExtendScript.dll
c:\windows\system32\App\Photoshop\FileInfo.dll
c:\windows\system32\App\Photoshop\FNP_Act_Installer.dll
c:\windows\system32\App\Photoshop\icucnv36.dll
c:\windows\system32\App\Photoshop\icudt36.dll
c:\windows\system32\App\Photoshop\image_flow.dll
c:\windows\system32\App\Photoshop\image_runtime.dll
c:\windows\system32\App\Photoshop\JP2KLib.dll
c:\windows\system32\App\Photoshop\Legal\en_GB\license.html
c:\windows\system32\App\Photoshop\Legal\en_US\license.html
c:\windows\system32\App\Photoshop\Legal\fr_CA\license.html
c:\windows\system32\App\Photoshop\Legal\fr_FR\license.html
c:\windows\system32\App\Photoshop\LegalNotices.pdf
c:\windows\system32\App\Photoshop\libifcoremd.dll
c:\windows\system32\App\Photoshop\libmmd.dll
c:\windows\system32\App\Photoshop\lmresources\A_ActivationPrivacy_MD_N.png
c:\windows\system32\App\Photoshop\lmresources\A_Bullet_MD_N.png
c:\windows\system32\App\Photoshop\lmresources\A_PhoneActivation_MD_N.png
c:\windows\system32\App\Photoshop\lmresources\A_ProductLicense_MD_N.png
c:\windows\system32\App\Photoshop\lmresources\ActInfoMenu.strings
c:\windows\system32\App\Photoshop\lmresources\ActivationDenialWF.exv
c:\windows\system32\App\Photoshop\lmresources\ActivationFyiWF.exv
c:\windows\system32\App\Photoshop\lmresources\ActivationWF.exv
c:\windows\system32\App\Photoshop\lmresources\BadSerialNumberAlert.exv
c:\windows\system32\App\Photoshop\lmresources\C_Key_Md_N.png
c:\windows\system32\App\Photoshop\lmresources\CancelActivationAlert.exv
c:\windows\system32\App\Photoshop\lmresources\CancelActivationExpAlert.exv
c:\windows\system32\App\Photoshop\lmresources\CancelActivationGraceAlert.exv
c:\windows\system32\App\Photoshop\lmresources\CancelAlert.exv
c:\windows\system32\App\Photoshop\lmresources\CancelUninstallAlert.exv
c:\windows\system32\App\Photoshop\lmresources\CantChangeSerialNumberAlert.exv
c:\windows\system32\App\Photoshop\lmresources\ClockWindbackAlert.exv
c:\windows\system32\App\Photoshop\lmresources\ConfirmTransferAlert.exv
c:\windows\system32\App\Photoshop\lmresources\en_gb\ActivationDenial.zdct
c:\windows\system32\App\Photoshop\lmresources\en_gb\ConnectionFAQ.html
c:\windows\system32\App\Photoshop\lmresources\en_gb\LicenseFAQ.html
c:\windows\system32\App\Photoshop\lmresources\en_gb\Main.zdct
c:\windows\system32\App\Photoshop\lmresources\en_gb\ReEnterSN.zdct
c:\windows\system32\App\Photoshop\lmresources\en_gb\Retail_Activation.zdct
c:\windows\system32\App\Photoshop\lmresources\en_gb\Retail_Return.zdct
c:\windows\system32\App\Photoshop\lmresources\en_us\ActivationDenial.zdct
c:\windows\system32\App\Photoshop\lmresources\en_us\ConnectionFAQ.html
c:\windows\system32\App\Photoshop\lmresources\en_us\LicenseFAQ.html
c:\windows\system32\App\Photoshop\lmresources\en_us\Main.zdct
c:\windows\system32\App\Photoshop\lmresources\en_us\ReEnterSN.zdct
c:\windows\system32\App\Photoshop\lmresources\en_us\Retail_Activation.zdct
c:\windows\system32\App\Photoshop\lmresources\en_us\Retail_Return.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_ca\ActivationDenial.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_ca\ConnectionFAQ.html
c:\windows\system32\App\Photoshop\lmresources\fr_ca\LicenseFAQ.html
c:\windows\system32\App\Photoshop\lmresources\fr_ca\Main.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_ca\ReEnterSN.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_ca\Retail_Activation.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_ca\Retail_Return.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_fr\ActivationDenial.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_fr\ConnectionFAQ.html
c:\windows\system32\App\Photoshop\lmresources\fr_fr\LicenseFAQ.html
c:\windows\system32\App\Photoshop\lmresources\fr_fr\Main.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_fr\ReEnterSN.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_fr\Retail_Activation.zdct
c:\windows\system32\App\Photoshop\lmresources\fr_fr\Retail_Return.zdct
c:\windows\system32\App\Photoshop\lmresources\greentick.png
c:\windows\system32\App\Photoshop\lmresources\InValidUpGradeKeyCodeAlert.exv
c:\windows\system32\App\Photoshop\lmresources\InValidUpGradeSerialNumberAlert.exv
c:\windows\system32\App\Photoshop\lmresources\NoAdminPriviledgeAlert.exv
c:\windows\system32\App\Photoshop\lmresources\phonelist.xml
c:\windows\system32\App\Photoshop\lmresources\privacyinfolist.xml
c:\windows\system32\App\Photoshop\lmresources\PrivacyPolicyMissingAlert.exv
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationARA.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationBGR.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationChs.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationCht.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationCZE.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationDan.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationDeu.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationDut.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationEng.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationEnu.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationETI.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationFin.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationFra.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationGRE.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationHEB.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationHRV.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationHUN.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationIta.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationJpn.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationKor.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationLTH.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationLVI.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationNor.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationPOL.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationPtb.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationRUM.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationRUS.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationSKY.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationSLV.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationSpa.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationSve.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationTUR.txt
c:\windows\system32\App\Photoshop\lmresources\privacystatements\ActivationInformationUKR.txt
c:\windows\system32\App\Photoshop\lmresources\redX.png
c:\windows\system32\App\Photoshop\lmresources\ReEnterSNWF.exv
c:\windows\system32\App\Photoshop\lmresources\ReinstallAlert.exv
c:\windows\system32\App\Photoshop\lmresources\RepairAlert.exv
c:\windows\system32\App\Photoshop\lmresources\ReserializeAlert.exv
c:\windows\system32\App\Photoshop\lmresources\RestartAlert.exv
c:\windows\system32\App\Photoshop\lmresources\ReturnWF.exv
c:\windows\system32\App\Photoshop\lmresources\SerializationWF.exv
c:\windows\system32\App\Photoshop\lmresources\TechSupport.exv
c:\windows\system32\App\Photoshop\lmresources\Thumbs.db
c:\windows\system32\App\Photoshop\lmresources\TrialExpiredAlert.exv
c:\windows\system32\App\Photoshop\lmresources\TryDieWF.exv
c:\windows\system32\App\Photoshop\lmresources\UpgradeLaterAlert.exv
c:\windows\system32\App\Photoshop\lmresources\xball1.png
c:\windows\system32\App\Photoshop\lmresources\xball1_hc.png
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Plug-Ins\Win\Filters\Variations.8BF
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Menu Customization\Basic.mnu
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Menu Customization\What's New in CS4.mnu
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\1-Basic Workspaces\Basic
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\1-Basic Workspaces\What's New in CS4
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces\Advanced 3D
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces\Analysis
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces\Automation
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces\Color and Tone
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces\Painting
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces\Proofing
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces\Typography
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces\Video
c:\windows\system32\App\Photoshop\Locales\en_US\Additional Presets\Win\Workspaces\2-Task-based Workspaces\Web
c:\windows\system32\App\Photoshop\Locales\en_US\Help\howto.dat
c:\windows\system32\App\Photoshop\Locales\en_US\Support Files\Default New Doc Sizes.txt
c:\windows\system32\App\Photoshop\Locales\en_US\Support Files\Feature Help\featureSearch.xml
c:\windows\system32\App\Photoshop\Locales\en_US\Support Files\pack.inf
c:\windows\system32\App\Photoshop\Locales\en_US\Support Files\Shortcuts\Win\Default Keyboard Shortcuts.kys
c:\windows\system32\App\Photoshop\Locales\en_US\Support Files\Shortcuts\Win\OS Shortcuts.txt
c:\windows\system32\App\Photoshop\MATLAB\MATLAB Photoshop Read Me.pdf
c:\windows\system32\App\Photoshop\MATLAB\Required\Contents.m
c:\windows\system32\App\Photoshop\MATLAB\Required\demos\c4blackchecker.psd
c:\windows\system32\App\Photoshop\MATLAB\Required\demos\c4gameboard.psd
c:\windows\system32\App\Photoshop\MATLAB\Required\demos\c4redchecker.psd
c:\windows\system32\App\Photoshop\MATLAB\Required\demos\psavitophotoshop.m
c:\windows\system32\App\Photoshop\MATLAB\Required\demos\psconnectfour.m
c:\windows\system32\App\Photoshop\MATLAB\Required\demos\psintrowalk.avi
c:\windows\system32\App\Photoshop\MATLAB\Required\demos\psplot.m
c:\windows\system32\App\Photoshop\MATLAB\Required\demos\pspreview.m
c:\windows\system32\App\Photoshop\MATLAB\Required\demos\Thumbs.db
c:\windows\system32\App\Photoshop\MATLAB\Required\English\helptoc.xml
c:\windows\system32\App\Photoshop\MATLAB\Required\English\info.xml
c:\windows\system32\App\Photoshop\MATLAB\Required\English\psexamples.html
c:\windows\system32\App\Photoshop\MATLAB\Required\English\psfunctionsalpha.html
c:\windows\system32\App\Photoshop\MATLAB\Required\English\psfunctionscat.html
c:\windows\system32\App\Photoshop\MATLAB\Required\English\psgetstarted.html
c:\windows\system32\App\Photoshop\MATLAB\Required\English\pstoolbox.html
c:\windows\system32\App\Photoshop\MATLAB\Required\psaddnoise.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psaverage.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psblur.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psblurmore.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psboxblur.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pschannelnames.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psclosedoc.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pscolorprofile.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pscolorsettings.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psconfig.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psconvertprofile.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pscustom.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psdocinfo.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psdocnames.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psdustandscratches.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psgaussianblur.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psgetpath.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psgetpixels.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pshighpass.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pshistogram.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psimread.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psjavascript.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psjavascriptu.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pslaunch.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pslayernames.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pslensblur.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psmatlab.dll
c:\windows\system32\App\Photoshop\MATLAB\Required\psmatlab.h
c:\windows\system32\App\Photoshop\MATLAB\Required\psmaximum.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psmedian.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psminimum.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psmotionblur.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psnewdoc.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psnewdocmatrix.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psnewlayer.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psnewlayermatrix.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psnewpath.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psnumchannels.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psnumdocs.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psnumlayers.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psnumpaths.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psoffset.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psopendoc.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pspathnames.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psproto.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psquit.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psradialblur.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pssetactivechannels.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pssetactivedoc.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pssetactivelayer.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pssetpixels.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psshapeblur.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pssharpen.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pssharpenedges.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pssharpenmore.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pssmartblur.m
c:\windows\system32\App\Photoshop\MATLAB\Required\pssurfaceblur.m
c:\windows\system32\App\Photoshop\MATLAB\Required\psunsharpmask.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\pslogit.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test1.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test10.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test11.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test12.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test13.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test14.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test2.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test3.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test4.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test5.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test6.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test7.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test8.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\test9.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\testall.m
c:\windows\system32\App\Photoshop\MATLAB\Required\tests\teststats.m
c:\windows\system32\App\Photoshop\Microsoft.VC80.CRT.manifest
c:\windows\system32\App\Photoshop\MPS.dll
c:\windows\system32\App\Photoshop\msvcp71.dll
c:\windows\system32\App\Photoshop\msvcr71.dll
c:\windows\system32\App\Photoshop\pdfsettings.dll
c:\windows\system32\App\Photoshop\Photoshop CS4 - Lisez-moi.pdf
c:\windows\system32\App\Photoshop\Photoshop CS4 Read Me.pdf
c:\windows\system32\App\Photoshop\Photoshop.dll
c:\windows\system32\App\Photoshop\Photoshop.exe
c:\windows\system32\App\Photoshop\Photoshop.exp
c:\windows\system32\App\Photoshop\Photoshop.lib
c:\windows\system32\App\Photoshop\Plug-ins\3D Engines\Photoshop3DEngine.8BI
c:\windows\system32\App\Photoshop\Plug-ins\ADM\ADMPlugin.apl
c:\windows\system32\App\Photoshop\Plug-ins\Automate\CropPhotosAuto.8LI
c:\windows\system32\App\Photoshop\Plug-ins\Automate\HDRMergeUI.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Automate\WIASupport.8LI
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\DigiRead.8bf
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\cs.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\da.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\de.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\en_US.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\es.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\fi.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\fr.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\hu.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\it.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ja.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ko.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\nl.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\no.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\pl.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\pt_BR.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ro.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\ru.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\sv.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\tr.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\uk.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\zh_CN.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digiread\zh_TW.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\DigiSign.8bf
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\cs.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\da.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\de.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\en_US.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\es.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\fi.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\fr.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\hu.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\it.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ja.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ko.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\nl.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\no.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\pl.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\pt_BR.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ro.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\ru.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\sv.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\tr.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\uk.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\zh_CN.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Digimarc\Win\Digisign\zh_TW.lproj\Localizable.strings
c:\windows\system32\App\Photoshop\Plug-ins\Effects\Filter Gallery.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Extensions\FastCore.8BX
c:\windows\system32\App\Photoshop\Plug-ins\Extensions\MMXCore.8BX
c:\windows\system32\App\Photoshop\Plug-ins\Extensions\MultiProcessor Support.8BX
c:\windows\system32\App\Photoshop\Plug-ins\Extensions\ScriptingSupport.8li
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\BMP.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\Cineon.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\Dicom.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\FilmStrip.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\FXG.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\GIF.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\IFF Format.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\OpenEXR.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\PBM.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\PCX.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\Pixar.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\PNG.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\Radiance.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\Targa.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\U3D.8BI
c:\windows\system32\App\Photoshop\Plug-ins\File Formats\WBMP.8BI
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Average.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\ChannelPort.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Clouds.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Color Halftone.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\CropPhotos.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Crystallize.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\De-Interlace.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Displace.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Extrude.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Fibers.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lens Blur.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lens Correction.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lens Flare.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\2 O'clock Spotlight
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Blue Omni
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Circle of Light
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Crossing Down
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Crossing
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Default
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Five Lights Down
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Five Lights Up
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Flashlight
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Flood Light
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Parallel Directional
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\RGB Lights
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Soft Direct Lights
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Soft Omni
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Soft Spotlight
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Three Down
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Lighting Styles\Triple Spotlight
c:\windows\system32\App\Photoshop\Plug-ins\Filters\LightingEffects.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Liquify.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Mezzotint.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\NTSC Colors.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Pinch.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Pointillize.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Polar Coordinates.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Radial Blur.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Ripple.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Shear.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Smart Blur.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Solarize.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Spherize.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Tiles.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Twirl.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\VanishingPoint.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Wave.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\Wind.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Filters\ZigZag.8BF
c:\windows\system32\App\Photoshop\Plug-ins\Image Stacks\statistics.8BA
c:\windows\system32\App\Photoshop\Plug-ins\Import-Export\FireWire Export.8BE
c:\windows\system32\App\Photoshop\Plug-ins\Import-Export\FireWire.dll
c:\windows\system32\App\Photoshop\Plug-ins\Import-Export\Paths to Illustrator.8BE
c:\windows\system32\App\Photoshop\Plug-ins\Import-Export\Save for Web.8BE
c:\windows\system32\App\Photoshop\Plug-ins\Import-Export\Twain_32.8BA
c:\windows\system32\App\Photoshop\Plug-ins\Measurements\MeasurementCore.8ME
c:\windows\system32\App\Photoshop\Plugin.dll
c:\windows\system32\App\Photoshop\PlugPlug.dll
c:\windows\system32\App\Photoshop\Presets\Actions\Commands.atn
c:\windows\system32\App\Photoshop\Presets\Actions\Frames.atn
c:\windows\system32\App\Photoshop\Presets\Actions\Image Effects.atn
c:\windows\system32\App\Photoshop\Presets\Actions\Production.atn
c:\windows\system32\App\Photoshop\Presets\Actions\Text Effects.atn
c:\windows\system32\App\Photoshop\Presets\Actions\Textures.atn
c:\windows\system32\App\Photoshop\Presets\Actions\Video Actions.atn
c:\windows\system32\App\Photoshop\Presets\Black and White\Blue Filter.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\Darker.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\Green Filter.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\High Contrast Blue Filter.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\High Contrast Red Filter.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\Infrared.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\Lighter.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\Maximum Black.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\Maximum White.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\Neutral Density.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\Red Filter.blw
c:\windows\system32\App\Photoshop\Presets\Black and White\Yellow Filter.blw
c:\windows\system32\App\Photoshop\Presets\Brushes\Assorted Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Basic Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Calligraphic Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Drop Shadow Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Dry Media Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Faux Finish Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Natural Brushes 2.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Natural Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Special Effect Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Square Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Thick Heavy Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Brushes\Wet Media Brushes.abr
c:\windows\system32\App\Photoshop\Presets\Camera Profiles\Camera Profiles.xml
c:\windows\system32\App\Photoshop\Presets\Channel Mixer\Black & White Infrared (RGB).cha
c:\windows\system32\App\Photoshop\Presets\Channel Mixer\Black & White with Blue Filter (RGB).cha
c:\windows\system32\App\Photoshop\Presets\Channel Mixer\Black & White with Green Filter (RGB).cha
c:\windows\system32\App\Photoshop\Presets\Channel Mixer\Black & White with Orange Filter (RGB).cha
c:\windows\system32\App\Photoshop\Presets\Channel Mixer\Black & White with Red Filter (RGB).cha
c:\windows\system32\App\Photoshop\Presets\Channel Mixer\Black & White with Yellow Filter (RGB).cha
c:\windows\system32\App\Photoshop\Presets\Color Books\ANPA Color.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\DIC Color Guide.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\FOCOLTONE.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\HKS E Process.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\HKS E.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\HKS K Process.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\HKS K.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\HKS N Process.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\HKS N.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\HKS Z Process.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\HKS Z.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE color bridge CMYK EC.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE color bridge CMYK PC.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE color bridge CMYK UP.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE metallic coated.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE pastel coated.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE pastel uncoated.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE process coated.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE process uncoated.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE solid coated.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE solid matte.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE solid to process EURO.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE solid to process.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\PANTONE solid uncoated.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\TOYO 94 COLOR FINDER.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\TOYO COLOR FINDER.acb
c:\windows\system32\App\Photoshop\Presets\Color Books\TRUMATCH.acb
c:\windows\system32\App\Photoshop\Presets\Color Swatches\ANPA Colors.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\DIC Color Guide.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\DIC Swatch ReadMe.pdf
c:\windows\system32\App\Photoshop\Presets\Color Swatches\FOCOLTONE Colors.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\HKS E Process.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\HKS E.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\HKS K Process.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\HKS K.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\HKS N Process.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\HKS N.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\HKS Z Process.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\HKS Z.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\Mac OS.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE color bridge CMYK EC.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE color bridge CMYK PC.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE color bridge CMYK UP.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE metallic coated.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE pastel coated.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE pastel uncoated.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE process coated.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE process uncoated.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE solid coated.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE solid matte.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE solid to process EURO.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE solid to process.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\PANTONE solid uncoated.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\Photo Filter Colors.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\TOYO 94 COLOR FINDER.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\TOYO COLOR FINDER.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\TRUMATCH Colors.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\Visi Bone ReadMe.pdf
c:\windows\system32\App\Photoshop\Presets\Color Swatches\VisiBone.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\VisiBone2.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\Web Hues.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\Web Safe Colors.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\Web Spectrum.aco
c:\windows\system32\App\Photoshop\Presets\Color Swatches\Windows.aco
c:\windows\system32\App\Photoshop\Presets\Contours\Contours.shc
c:\windows\system32\App\Photoshop\Presets\Curves\Color Negative (RGB).acv
c:\windows\system32\App\Photoshop\Presets\Curves\Cross Process (RGB).acv
c:\windows\system32\App\Photoshop\Presets\Curves\Darker (RGB).acv
c:\windows\system32\App\Photoshop\Presets\Curves\Increase Contrast (RGB).acv
c:\windows\system32\App\Photoshop\Presets\Curves\Lighter (RGB).acv
c:\windows\system32\App\Photoshop\Presets\Curves\Linear Contrast (RGB).acv
c:\windows\system32\App\Photoshop\Presets\Curves\Medium Contrast (RGB).acv
c:\windows\system32\App\Photoshop\Presets\Curves\Negative (RGB).acv
c:\windows\system32\App\Photoshop\Presets\Curves\Strong Contrast (RGB).acv
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\All.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Animals.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Arrows.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Banners and Awards.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Frames.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Music.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Nature.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Objects.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Ornaments.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Shapes.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Symbols.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Talk Bubbles.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Tiles.csh
c:\windows\system32\App\Photoshop\Presets\Custom Shapes\Web.csh
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\424 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\424 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\424 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\424 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Cool Gray 7 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Cool Gray 7 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Cool Gray 7 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Cool Gray 7 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Cool Gray 9 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Cool Gray 9 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Cool Gray 9 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Cool Gray 9 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\gray 423 bl soft.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\gray 423 bl very soft.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\gray 423 bl.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Warm Gray 11 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Warm Gray 11 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Warm Gray 11 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Warm Gray 11 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Warm Gray 8 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Warm Gray 8 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Warm Gray 8 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Gray-Black Duotones\Warm Gray 8 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\144 orange (25%) bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\144 orange (25%) bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\144 orange (25%) bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\144 orange (25%) bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\144 orange bl 80% shad.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\159 dk orange bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\159 dk orange bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\159 dk orange bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\159 dk orange bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\327 aqua (50%) bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\327 aqua (50%) bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\327 aqua (50%) bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\327 aqua (50%) bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\478 brown (100%) bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\478 brown (100%) bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\478 brown (100%) bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\478 brown (100%) bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\506 burgundy (75%) bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\506 burgundy (75%) bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\506 burgundy (75%) bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\506 burgundy (75%) bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\527 purple (100%) bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\527 purple (100%) bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\527 purple (100%) bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\527 purple (100%) bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\blue 072 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\blue 072 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\blue 072 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\blue 072 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\blue 286 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\blue 286 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\blue 286 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\blue 286 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\brown 464 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\brown 464 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\brown 464 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\brown 464 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\green 3405 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\green 3405 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\green 3405 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\green 3405 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\green 349 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\green 349 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\green 349 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\green 349 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\mauve 4655 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\mauve 4655 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\mauve 4655 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\mauve 4655 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\red 485 bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\red 485 bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\red 485 bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\PANTONE® Duotones\red 485 bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\cyan bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\cyan bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\cyan bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\cyan bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\magenta bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\magenta bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\magenta bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\magenta bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\yellow bl 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\yellow bl 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\yellow bl 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Duotones\Process Duotones\yellow bl 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Gray Quadtones\Bl CG10 CG4 WmG3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Gray Quadtones\Bl CG10 WmG3 CG1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Gray Quadtones\Bl CG10 WmG4 CG3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Gray Quadtones\Bl WmG9 CG6 CG3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\PANTONE® Quadtones\Bl 430 493 557.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\PANTONE® Quadtones\Bl 431 492 556.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\PANTONE® Quadtones\Bl 541 513 5773.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\PANTONE® Quadtones\Bl 75% 50% 25%.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Process Quadtones\CMYK cool.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Process Quadtones\CMYK ext wm.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Process Quadtones\CMYK neutral.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Process Quadtones\CMYK very cool.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Process Quadtones\CMYK very wm.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Quadtones\Process Quadtones\CMYK wm.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones\Bl 404 WmGray 401 WmGray.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones\Bl 409 WmGray 407 WmGray.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones\Bl Cool Gray 10 WmGray 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones\Bl for dark CG9 CG2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones\Bl for low con CG9 CG2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones\Bl normal CG9 CG2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones\Bl soft CG9 CG2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Gray Tritones\Bl WmGray 7 WmGray 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\PANTONE® Tritones\Bl 165 red orange 457 brown.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\PANTONE® Tritones\Bl 172 orange 423 gray.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\PANTONE® Tritones\Bl 313 aqua 127 gold.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\PANTONE® Tritones\Bl 334 green 437 mauve.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\PANTONE® Tritones\Bl 340 green 423 gray.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\PANTONE® Tritones\Bl 437 burgundy 127 gold.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\PANTONE® Tritones\Bl 50% 25%.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BCY green 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BCY green 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BCY green 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BCY green 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMC blue 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMC blue 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMC blue 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMC blue 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY brown 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY brown 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY brown 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY brown 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY red 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY red 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY red 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY red 4.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY sepia 1.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY sepia 2.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY sepia 3.ADO
c:\windows\system32\App\Photoshop\Presets\Duotones\Tritones\Process Tritones\BMY sepia 4.ADO
c:\windows\system32\App\Photoshop\Presets\Exposure\Minus 1.0.eap
c:\windows\system32\App\Photoshop\Presets\Exposure\Minus 2.0.eap
c:\windows\system32\App\Photoshop\Presets\Exposure\Plus 1.0.eap
c:\windows\system32\App\Photoshop\Presets\Exposure\Plus 2.0.eap
c:\windows\system32\App\Photoshop\Presets\Gradients\Color Harmonies 1.grd
c:\windows\system32\App\Photoshop\Presets\Gradients\Color Harmonies 2.grd
c:\windows\system32\App\Photoshop\Presets\Gradients\Metals.grd
c:\windows\system32\App\Photoshop\Presets\Gradients\Noise Samples.grd
c:\windows\system32\App\Photoshop\Presets\Gradients\Pastels.grd
c:\windows\system32\App\Photoshop\Presets\Gradients\Simple.grd
c:\windows\system32\App\Photoshop\Presets\Gradients\Special Effects.grd
c:\windows\system32\App\Photoshop\Presets\Gradients\Spectrums.grd
c:\windows\system32\App\Photoshop\Presets\Hue and Saturation\Cyanotype.ahu
c:\windows\system32\App\Photoshop\Presets\Hue and Saturation\Increase Saturation More.ahu
c:\windows\system32\App\Photoshop\Presets\Hue and Saturation\Increase Saturation.ahu
c:\windows\system32\App\Photoshop\Presets\Hue and Saturation\Old Style.ahu
c:\windows\system32\App\Photoshop\Presets\Hue and Saturation\Red Boost.ahu
c:\windows\system32\App\Photoshop\Presets\Hue and Saturation\Sepia.ahu
c:\windows\system32\App\Photoshop\Presets\Hue and Saturation\Strong Saturation.ahu
c:\windows\system32\App\Photoshop\Presets\Hue and Saturation\Yellow Boost.ahu
c:\windows\system32\App\Photoshop\Presets\Levels\Darker.alv
c:\windows\system32\App\Photoshop\Presets\Levels\Increase Contrast 1.alv
c:\windows\system32\App\Photoshop\Presets\Levels\Increase Contrast 2.alv
c:\windows\system32\App\Photoshop\Presets\Levels\Increase Contrast 3.alv
c:\windows\system32\App\Photoshop\Presets\Levels\Lighten Shadows.alv
c:\windows\system32\App\Photoshop\Presets\Levels\Lighter.alv
c:\windows\system32\App\Photoshop\Presets\Levels\Midtones Brighter.alv
c:\windows\system32\App\Photoshop\Presets\Levels\Midtones Darker.alv
c:\windows\system32\App\Photoshop\Presets\Lights\Blue Lights.p3l
c:\windows\system32\App\Photoshop\Presets\Lights\CAD Optimized.p3l
c:\windows\system32\App\Photoshop\Presets\Lights\Cube Lights.p3l
c:\windows\system32\App\Photoshop\Presets\Lights\Day Lights.p3l
c:\windows\system32\App\Photoshop\Presets\Lights\Hard Lights.p3l
c:\windows\system32\App\Photoshop\Presets\Lights\Night Lights.p3l
c:\windows\system32\App\Photoshop\Presets\Lights\Primary Colors.p3l
c:\windows\system32\App\Photoshop\Presets\Lights\Red Lights.p3l
c:\windows\system32\App\Photoshop\Presets\Lights\White Lights.p3l
c:\windows\system32\App\Photoshop\Presets\Materials\Brick.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Brushed Steel.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Bumpy Plastic.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Concrete.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Fabric.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Metal Plate.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Pink Granite.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Rusty Metal.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Slate Tile.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Slate.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Stucco.p3m
c:\windows\system32\App\Photoshop\Presets\Materials\Wood.p3m
c:\windows\system32\App\Photoshop\Presets\Meshes\Cone.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\Cube.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\Cylinder.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\Donut.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\Hat.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\Pyramid.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\Ring.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\Soda.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\Sphere.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\SphericalPanorama.dae
c:\windows\system32\App\Photoshop\Presets\Meshes\Wine.dae
c:\windows\system32\App\Photoshop\Presets\Optimized Colors\Black - White.act
c:\windows\system32\App\Photoshop\Presets\Optimized Colors\Grayscale.act
c:\windows\system32\App\Photoshop\Presets\Optimized Colors\Mac OS.act
c:\windows\system32\App\Photoshop\Presets\Optimized Colors\Windows.act
c:\windows\system32\App\Photoshop\Presets\Optimized Output Settings\Background Image.iros
c:\windows\system32\App\Photoshop\Presets\Optimized Output Settings\Default Settings.iros
c:\windows\system32\App\Photoshop\Presets\Optimized Output Settings\XHTML.iros
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\GIF 128 Dithered.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\GIF 128 No Dither.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\GIF 32 Dithered.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\GIF 32 No Dither.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\GIF 64 Dithered.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\GIF 64 No Dither.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\GIF Restrictive.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\JPEG High.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\JPEG Low.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\JPEG Medium.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\PNG-24.irs
c:\windows\system32\App\Photoshop\Presets\Optimized Settings\PNG-8 128 Dithered.irs
c:\windows\system32\App\Photoshop\Presets\Patterns\Artist Surfaces.pat
c:\windows\system32\App\Photoshop\Presets\Patterns\Color Paper.pat
c:\windows\system32\App\Photoshop\Presets\Patterns\Grayscale Paper.pat
c:\windows\system32\App\Photoshop\Presets\Patterns\Nature Patterns.pat
c:\windows\system32\App\Photoshop\Presets\Patterns\Patterns 2.pat
c:\windows\system32\App\Photoshop\Presets\Patterns\Patterns.pat
c:\windows\system32\App\Photoshop\Presets\Patterns\Rock Patterns.pat
c:\windows\system32\App\Photoshop\Presets\Patterns\Texture Fill 2.pat
c:\windows\system32\App\Photoshop\Presets\Patterns\Texture Fill.pat
c:\windows\system32\App\Photoshop\Presets\Render Settings\Bounding Box.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Depth Map.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Hidden Wireframe.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Line Illustration.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Normals.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Paint Mask.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Ray Traced.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Shaded Illustration.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Shaded Vertices.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Shaded Wireframe.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Solid Wireframe.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Solid.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Transparent Bounding Box Outline.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Transparent Bounding Box.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Two-Sided.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Vertices.p3r
c:\windows\system32\App\Photoshop\Presets\Render Settings\Wireframe.p3r
c:\windows\system32\App\Photoshop\Presets\Scripts\Conditional Mode Change.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Event Scripts Only\Clean Listener.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Event Scripts Only\Display Camera Maker.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Event Scripts Only\Open As Layer.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Event Scripts Only\Resize.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Event Scripts Only\Save Extra JPEG.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Event Scripts Only\Update File Info.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Event Scripts Only\Warn If RGB.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Event Scripts Only\Welcome.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Export Layers To Files.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Fit Image.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Flatten All Layer Effects.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Flatten All Masks.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Image Processor.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Layer Comps To Files.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Layer Comps To WPG.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Load DICOM.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Load Files into Stack.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Merge To HDR.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Photomerge.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Script Events Manager.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\CreateImageStack.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\Geometry.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\LatteUI.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\LoadLayers.exv
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\M2HDR.exv
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\P_AutoAlign_Automatic_87x38.png
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\P_AutoAlign_Collage_87x38.png
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\P_AutoAlign_Cylindrical_87x38.png
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\P_AutoAlign_Interactive_87x38.png
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\P_AutoAlign_Perspective_87x38.png
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\P_AutoAlign_Reposition_87x38.png
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\P_AutoAlign_Spherical_87x38.png
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\PMBlendingProgress.exv
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\PMDialog.exv
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\PolyClip.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\StackSupport.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\Statistics.exv
c:\windows\system32\App\Photoshop\Presets\Scripts\Stack Scripts Only\Terminology.jsx
c:\windows\system32\App\Photoshop\Presets\Scripts\Statistics.jsx
c:\windows\system32\App\Photoshop\Presets\Styles\Abstract Styles.asl
c:\windows\system32\App\Photoshop\Presets\Styles\Buttons.asl
c:\windows\system32\App\Photoshop\Presets\Styles\Dotted Strokes.asl
c:\windows\system32\App\Photoshop\Presets\Styles\Glass Buttons.asl
c:\windows\system32\App\Photoshop\Presets\Styles\Image Effects.asl
c:\windows\system32\App\Photoshop\Presets\Styles\Photographic Effects.asl
c:\windows\system32\App\Photoshop\Presets\Styles\Text Effects 2.asl
c:\windows\system32\App\Photoshop\Presets\Styles\Text Effects.asl
c:\windows\system32\App\Photoshop\Presets\Styles\Textures.asl
c:\windows\system32\App\Photoshop\Presets\Styles\Web Styles.asl
c:\windows\system32\App\Photoshop\Presets\Tools\Art History.tpl
c:\windows\system32\App\Photoshop\Presets\Tools\Brushes.tpl
c:\windows\system32\App\Photoshop\Presets\Tools\Crop and Marquee.tpl
c:\windows\system32\App\Photoshop\Presets\Tools\Text.tpl
c:\windows\system32\App\Photoshop\Presets\Volumes\Enhanced Boundaries-Default.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\Full Range Color Scale.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\High-Low.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\High Range Highlights.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\Low Range Highlights.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\Maximum Intensity Projection (MIP).p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\MIP-X-Ray.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\Red-Blue Color Scale.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\Thin Isolines.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\White-Black Color Scale.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\X-Ray with Boundaries.p3r
c:\windows\system32\App\Photoshop\Presets\Volumes\X-Ray.p3r
c:\windows\system32\App\Photoshop\Presets\Widgets\AxisWidget.dae
c:\windows\system32\App\Photoshop\Presets\Widgets\InfiniteLightWidget.dae
c:\windows\system32\App\Photoshop\Presets\Widgets\PointLightWidget.dae
c:\windows\system32\App\Photoshop\Presets\Widgets\SpotLightWidget.dae
c:\windows\system32\App\Photoshop\Presets\Zoomify\Zoomify Viewer (Black Background).zvt
c:\windows\system32\App\Photoshop\Presets\Zoomify\Zoomify Viewer (Gray Background).zvt
c:\windows\system32\App\Photoshop\Presets\Zoomify\Zoomify Viewer (White Background).zvt
c:\windows\system32\App\Photoshop\Presets\Zoomify\Zoomify Viewer with Navigator (Black Background).zvt
c:\windows\system32\App\Photoshop\Presets\Zoomify\Zoomify Viewer with Navigator (Gray Background).zvt
c:\windows\system32\App\Photoshop\Presets\Zoomify\Zoomify Viewer with Navigator (White Background).zvt
c:\windows\system32\App\Photoshop\Presets\Zoomify\zoomifyViewer.swf
c:\windows\system32\App\Photoshop\PSArt.dll
c:\windows\system32\App\Photoshop\PSViews.dll
c:\windows\system32\App\Photoshop\QuickTimeGlue.dll
c:\windows\system32\App\Photoshop\registration.dll
c:\windows\system32\App\Photoshop\regloc\en_gb\countries.zdct
c:\windows\system32\App\Photoshop\regloc\en_gb\countrySubdivisions.zdct
c:\windows\system32\App\Photoshop\regloc\en_gb\jobs.zdct
c:\windows\system32\App\Photoshop\regloc\en_gb\orgs.zdct
c:\windows\system32\App\Photoshop\regloc\en_gb\registration.zdct
c:\windows\system32\App\Photoshop\regloc\en_gb\titles.zdct
c:\windows\system32\App\Photoshop\regloc\en_us\countries.zdct
c:\windows\system32\App\Photoshop\regloc\en_us\countrySubdivisions.zdct
c:\windows\system32\App\Photoshop\regloc\en_us\jobs.zdct
c:\windows\system32\App\Photoshop\regloc\en_us\orgs.zdct
c:\windows\system32\App\Photoshop\regloc\en_us\registration.zdct
c:\windows\system32\App\Photoshop\regloc\en_us\titles.zdct
c:\windows\system32\App\Photoshop\regloc\fr_ca\countries.zdct
c:\windows\system32\App\Photoshop\regloc\fr_ca\countrySubdivisions.zdct
c:\windows\system32\App\Photoshop\regloc\fr_ca\jobs.zdct
c:\windows\system32\App\Photoshop\regloc\fr_ca\orgs.zdct
c:\windows\system32\App\Photoshop\regloc\fr_ca\registration.zdct
c:\windows\system32\App\Photoshop\regloc\fr_ca\titles.zdct
c:\windows\system32\App\Photoshop\regloc\fr_fr\countries.zdct
c:\windows\system32\App\Photoshop\regloc\fr_fr\countrySubdivisions.zdct
c:\windows\system32\App\Photoshop\regloc\fr_fr\jobs.zdct
c:\windows\system32\App\Photoshop\regloc\fr_fr\orgs.zdct
c:\windows\system32\App\Photoshop\regloc\fr_fr\registration.zdct
c:\windows\system32\App\Photoshop\regloc\fr_fr\titles.zdct
c:\windows\system32\App\Photoshop\regloc\reg_default_background.bmp
c:\windows\system32\App\Photoshop\regloc\reg_default_backgroundRTL.bmp
c:\windows\system32\App\Photoshop\regloc\Thumbs.db
c:\windows\system32\App\Photoshop\Required\ADMUI3.fon
c:\windows\system32\App\Photoshop\Required\Default Actions.atn
c:\windows\system32\App\Photoshop\Required\Default Brushes.abr
c:\windows\system32\App\Photoshop\Required\Default Contours.shc
c:\windows\system32\App\Photoshop\Required\Default Custom Shapes.csh
c:\windows\system32\App\Photoshop\Required\Default Filter Colors.aco
c:\windows\system32\App\Photoshop\Required\Default Gradients.grd
c:\windows\system32\App\Photoshop\Required\Default Menus.mnu
c:\windows\system32\App\Photoshop\Required\Default Patterns.pat
c:\windows\system32\App\Photoshop\Required\Default Styles.asl
c:\windows\system32\App\Photoshop\Required\Default Swatches.aco
c:\windows\system32\App\Photoshop\Required\Default Tool Presets.tpl
c:\windows\system32\App\Photoshop\Required\Droplet Template
c:\windows\system32\App\Photoshop\Required\Droplet Template.exe
c:\windows\system32\App\Photoshop\Required\GlobalResources
c:\windows\system32\App\Photoshop\Required\MeasurementScaleMarker.jsx
c:\windows\system32\App\Photoshop\Required\OWL\appbar.adm
c:\windows\system32\App\Photoshop\Required\OWL\appbar.eve
c:\windows\system32\App\Photoshop\Required\OWL\grid.eve
c:\windows\system32\App\Photoshop\Required\OWL\screenmode.eve
c:\windows\system32\App\Photoshop\Required\OWL\viewoptions.eve
c:\windows\system32\App\Photoshop\SCCore.dll
c:\windows\system32\App\Photoshop\Scripting\Documents\Photoshop CS4 AppleScript Ref.pdf
c:\windows\system32\App\Photoshop\Scripting\Documents\Photoshop CS4 JavaScript Ref.pdf
c:\windows\system32\App\Photoshop\Scripting\Documents\Photoshop CS4 Scripting Guide.pdf
c:\windows\system32\App\Photoshop\Scripting\Documents\Photoshop CS4 VBScript Ref.pdf
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Alpha Channel From Text
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Apply Text Style
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Batch Convert
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Convert Colors
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Create New Text Item
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Crop and Rotate ArtLayers
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Crop
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Get Document By Name
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Get Text Item Center
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Layer Style
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Make Selection
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Make Warp Text
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\New Document
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Run JavaScript
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Save As TIFF
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Trim Document
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Trim
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\AppleScript\Unit Types
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\ActiveLayer.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\ApplyFilters.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\ApplyLayerStyle.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\CompareColors.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\ConvertColors.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\CopyAndPaste.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\CropAndRotate.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\Debugger.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\Emboss.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\EnableAllPluginsForSmartFilters.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\ExecuteMoltenLead.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\FileInclude.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\FileIncludeIncluded.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\FillSelection.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\FlashUISample.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\FlashUISample.mxml
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\FlashUISample.swf
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\LayerKind.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\LinkLayers.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\LoadSelection.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\MakeSelection.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\MosaicTiles.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\MoveToLayerSet.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\NewDocument.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\ObjectTree.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\OpenDocument.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\RotateLayer.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\RulerUnits.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\ScriptUICheckBox.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\SelectionStroke.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\SetChannels.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\Socket.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\JavaScript\WorkingWithText.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\ApplyStyle.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\BatchProcess.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\ClipboardInteraction.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\CreateAndExecuteAction.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\CreateNewTextArt.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\Crop.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\DocumentByName.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\DuplicateLayers.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\ExecuteAction.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\ExecuteJavaScript.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\Filters.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\HistoryState.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\localize.jsx
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\OpenDocument.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\SaveAsFormats.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\Selection.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\SelectionEffects.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\TextArt.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\TextArtCenter.vbs
c:\windows\system32\App\Photoshop\Scripting\Sample Scripts\VBScript\Trim.vbs
c:\windows\system32\App\Photoshop\Scripting\Utilities\ScriptListener.8li
c:\windows\system32\App\Photoshop\shfolder.dll
c:\windows\system32\App\Photoshop\TypeLibrary.tlb
c:\windows\system32\App\Photoshop\VersionCue.dll
c:\windows\system32\App\Photoshop\WRServices.dll
c:\windows\system32\App\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.cat
c:\windows\system32\App\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474.manifest
c:\windows\system32\App\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat
c:\windows\system32\App\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest
c:\windows\system32\App\WinSxS\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.cat
c:\windows\system32\App\WinSxS\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05.manifest
c:\windows\system32\App\WinSxS\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.cat
c:\windows\system32\App\WinSxS\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303.manifest
c:\windows\system32\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.762.cat
c:\windows\system32\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.762.policy
c:\windows\system32\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.cat
c:\windows\system32\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.762.policy
c:\windows\system32\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.cat
c:\windows\system32\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e\8.0.50727.762.policy
c:\windows\system32\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.cat
c:\windows\system32\App\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150\8.0.50727.762.policy
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
c:\windows\system32\App\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
c:\windows\system32\Drivers\clikf.sys
c:\windows\system32\Drivers\xwsjed.sys
c:\windows\XSxS

----- BITS: Possible infected sites -----

hxxp://wlxindex
.
((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
.

2011-02-11 01:00 . 2011-02-11 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-08 22:02 . 2011-02-08 22:02 -------- d-----w- c:\program files\ESET
2011-02-08 21:44 . 2011-02-08 21:44 -------- d-----w- C:\_OTL
2011-02-08 21:42 . 2011-02-08 21:42 -------- d-----w- c:\program files\ERUNT
2011-02-08 10:33 . 2011-02-08 10:33 -------- d-----w- c:\users\Michael\AppData\Local\doubleTwist Corporation
2011-02-08 10:33 . 2011-02-08 10:33 -------- d-----w- c:\program files\Common Files\doubleTwist
2011-02-08 10:13 . 2011-02-08 10:33 -------- d-----w- c:\program files\doubleTwist 2.0
2011-02-08 09:48 . 2011-02-03 01:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA0283CD-B3A8-4F0E-891B-1BB3A896AFA9}\mpengine.dll
2011-02-06 06:55 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-06 06:55 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-06 06:09 . 2011-02-06 06:09 -------- d-----w- c:\program files\Common Files\Java
2011-02-06 06:08 . 2010-11-13 02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-06 06:08 . 2010-11-13 02:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-05 23:54 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-05 23:54 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-02 05:22 . 2011-02-02 05:22 -------- d-----w- c:\program files\Common Files\Cisco Systems
2011-02-02 05:21 . 2011-02-03 01:14 -------- d-----w- c:\program files\McAfee
2011-01-29 05:49 . 2011-01-29 05:49 -------- d-----w- c:\users\Michael\AppData\Local\PackageAware
2011-01-29 04:58 . 2011-01-29 04:58 -------- d-----w- c:\programdata\IObit
2011-01-29 04:58 . 2011-01-29 04:58 -------- d-----w- c:\program files\IObit
2011-01-29 04:28 . 2011-01-29 04:39 -------- d-----w- c:\program files\iKnowPS
2011-01-27 04:04 . 2011-01-27 04:04 -------- d-----w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2011-01-26 22:25 . 2010-10-07 16:50 428352 ----a-w- c:\windows\system32\StubInstaller.exe
2011-01-25 20:49 . 2011-01-25 20:50 -------- d-----w- c:\users\Administrator
2011-01-24 23:59 . 2011-01-24 23:59 -------- d-----w- c:\users\Michael\AppData\Roaming\Verizon Wireless
2011-01-24 07:01 . 2011-01-24 07:01 -------- d-----w- C:\$AVG
2011-01-24 06:09 . 2011-01-24 06:09 -------- d-----w- c:\users\Michael\AppData\Roaming\AVG10
2011-01-24 06:08 . 2011-01-24 06:08 -------- d--h--w- c:\programdata\Common Files
2011-01-24 06:06 . 2011-01-24 23:57 -------- d-----w- c:\programdata\AVG10
2011-01-23 23:50 . 2011-01-23 23:50 -------- d-----w- c:\users\Michael\AppData\Local\Symantec
2011-01-23 01:28 . 2011-01-23 01:28 -------- d-----w- c:\windows\Temp0DCD36D9-329C-9FB5-496E-42272E10E84D-Signatures
2011-01-23 01:26 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-18 07:15 . 2011-01-18 07:15 -------- d-----w- c:\program files\HTC
2011-01-18 07:15 . 2011-01-18 07:15 -------- d-----w- c:\users\Michael\AppData\Roaming\InstallShield
2011-01-18 07:08 . 2011-01-18 07:09 -------- d-----w- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2009-12-15 04:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 04:04 . 2010-04-18 22:56 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2011-01-18 05:17 . 2010-11-19 07:40 2469888 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{2773B836-AC66-4178-A414-C5A0F9F5D805}\kaiEngine.exe
2011-01-11 01:39 . 2011-01-11 01:37 190656 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-01-10 03:41 . 2011-01-10 03:18 100512 ----a-w- c:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2010-12-28 15:55 . 2011-01-07 23:47 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-21 02:09 . 2010-11-29 03:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2010-11-29 03:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-07 23:46 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-23 07:40 . 2010-11-23 07:39 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-11-23 07:39 . 2010-11-23 07:39 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-11-23 07:39 . 2010-11-23 07:39 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-11-23 07:39 . 2010-11-23 07:39 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6609440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"FATrayAlert"="c:\program files\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-14 1807600]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"iKnowPS"="c:\program files\iKnowPS\iKnowPS.exe" [2005-11-25 114688]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Sensible Vision\Fast Access\FALogNot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv

R1 MpKsl0632b1c9;MpKsl0632b1c9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84825779-B2BB-4511-8C2F-FC1362E5CA46}\MpKsl0632b1c9.sys [x]
R1 MpKsl0b0b24dd;MpKsl0b0b24dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96DDD77B-6E92-4F69-ACD8-54953AB69E01}\MpKsl0b0b24dd.sys [x]
R1 MpKsl99ea8138;MpKsl99ea8138;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35B5B372-7F28-4E7C-B909-7D9249B2364B}\MpKsl99ea8138.sys [x]
R1 MpKsla013b8b6;MpKsla013b8b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96DDD77B-6E92-4F69-ACD8-54953AB69E01}\MpKsla013b8b6.sys [x]
R1 MpKslb0c0c834;MpKslb0c0c834;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84825779-B2BB-4511-8C2F-FC1362E5CA46}\MpKslb0c0c834.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca17168aaae1e;Google Update Service (gupdate1ca17168aaae1e);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 133104]
R3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV32.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV32.sys [x]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2007-05-02 55296]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-04 22904]
R3 PsSdk30;PsSdk30;c:\windows\system32\Drivers\PsSdk30.drv [x]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2011-01-26 36928]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-07 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys [x]
R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 FXOSDDRV;Foxconn ACPI BIOS Simulator Driver;c:\windows\system32\DRIVERS\FxOSDdrv.sys [2008-11-28 13400]
S0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-01-06 24608]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110211.002\IDSvix86.sys [2011-02-01 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-01-06 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FAService;FAService;c:\program files\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800]
S2 FOXOSDService;Dell OSD Service;c:\program files\DELL\OSD\OSDSvr.exe [2008-12-22 65536]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-04 6656]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-01-06 212992]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-10-28 135936]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-29 102448]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 232832]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\DRIVERS\fixustor.sys [2009-04-23 15360]
S3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [2010-09-07 23616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-16 04:16]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 04:17]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-07 04:17]

2011-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408373256-3366681759-4279272931-1000Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 20:23]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-408373256-3366681759-4279272931-1000UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-24 20:23]

2011-02-11 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Michael.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-11-29 02:08]

2010-11-19 c:\windows\Tasks\{C5C855CD-FF44-4D56-BFB5-F13A91617FB5}.job
- c:\program files\Mozilla Firefox\firefox.exe [2010-11-19 23:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15494&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
TCP: {01C65DA9-D1F8-4A3B-A7CD-C923E47573EF} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ipwuj5at.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2692722&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1210&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
FF - Ext: Fast Dial: fastdial@telega.phpnet.us - %profile%\extensions\fastdial@telega.phpnet.us
FF - Ext: foxiFrame basic: foxiFrame@basic.am - %profile%\extensions\foxiFrame@basic.am
FF - Ext: Pimp My Facebook Skin!: nitsansfbskins@nitsan.binnun.co.il - %profile%\extensions\nitsansfbskins@nitsan.binnun.co.il
FF - Ext: Pixel Perfect: pixelperfectplugin@openhouseconcepts.com - %profile%\extensions\pixelperfectplugin@openhouseconcepts.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Paste Email (original): {36365A44-0C40-4d16-B174-0B803FA14366} - %profile%\extensions\{36365A44-0C40-4d16-B174-0B803FA14366}
FF - Ext: Boost for Facebook: {47624dda-b77e-4feb-820a-e4f077d5d4ca} - %profile%\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-FAStartup - (no file)
SafeBoot-klmdb.sys
AddRemove-Google Updater - c:\program files\Google\Google Updater\GoogleUpdater.exe
AddRemove-I-Doser v4 - c:\program files\IDoser v4\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 17:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1812)
c:\windows\system32\timedate.cpl
c:\windows\system32\authui.dll
c:\program files\Norton 360\Engine\4.3.0.5\ccVrTrst.dll
c:\program files\Norton 360\Engine\4.3.0.5\ccSet.dll
c:\program files\Norton 360\Engine\4.3.0.5\ccGEvt.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\wbem\wbemsvc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2011-02-10 17:11:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-11 01:11

Pre-Run: 73,838,317,568 bytes free
Post-Run: 73,470,861,312 bytes free

- - End Of File - - C4CA7DFA072ABAA9075EC5D8211F0C25

Edited by Michael1026, 14 February 2011 - 08:21 PM.

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:08 PM

Posted 15 February 2011 - 07:02 PM

Hello, Michael1026.

OK, it appears that a cracked version of Photoshop was installed. I can't help you replace it and I will caution you it was likely infected as most cracks are.

Do you know what this schedule task is? It's very odd since it has one hit in Google. This thread. That's usually a symptom of malware.

2010-11-19 c:\windows\Tasks\{C5C855CD-FF44-4D56-BFB5-F13A91617FB5}.job
- c:\program files\Mozilla Firefox\firefox.exe [2010-11-19 23:41]




Step 1

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\Drivers\PsSdk30.drv

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Step 2



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#14 Michael1026

Michael1026
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:08 PM

Posted 15 February 2011 - 07:30 PM

I cannot find pssdk30.drv, I only found pssdk41.sys. I also have all files displayed. Should I go ahead and go with step 2?

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:08 PM

Posted 15 February 2011 - 07:41 PM

Yes, go ahead. PSSDK41.sys is legit. PSSKD30.drv is a bit more of an enigma. Especially since it's not there. :) Go ahead with the next step, please. How are things running now?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·