Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several problems with XP


  • This topic is locked This topic is locked
37 replies to this topic

#1 agerickson

agerickson

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 06 February 2011 - 11:07 PM

HELP!
I have several problems with my PC. The symptoms are:
1. I ALWAYS get a "Generic Host Process for Win32 Services has encountered a problem."
2. I always hang on shutdown after explorer.exe.
3. I CANNOT boot in SAFE MODE - I get a BAD_POOL_CALLER BSOD
4. I SOMETIMES get a svchost.exe Application error where an instruction references memory location 0x00000000.

I find that if I do not acknowledge the error in #1 above, that I can pretty much work as normal. If I do acknowledge the error, my computer runs slow, and my taskbar icons no longer highlight on mouseover, nor work when I click them.

Here are my DDS and GMER output:

DDS:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Alan at 21:40:20.09 on 02/06/11
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2215 [GMT -6:00]

AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP Wireless Adapter\HPWLAN.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TightVNC\tvnserver.exe
C:\Documents and Settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Documents and Settings\Alan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer provided by Alan Erickson
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mWindow Title = Microsoft Internet Explorer provided by Alan Erickson
uInternet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB2.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DeskshopBrowserHelper Class: {8db3d69d-da5e-4165-b781-72a761790672} - c:\windows\system32\BhoDshop.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB2.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {06FE5D04-8F11-11d2-804F-00105A133818} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Regrun2] c:\progra~1\greatis\regrun~1\WatchDog.exe
uRun: [Registry] "c:\program files\greatis\regrunsuite\lsoon.exe" -1 30 "c:\program files\greatis\regrunsuite\rescue.exe" /a "c:\backreg\rstore.ini"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [Dit] Dit.exe
mRun: [ICSDCLT] c:\windows\system32\rundll32.exe c:\windows\system32\icsdclt.dll,ICSClient
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [TPP Auto Loader] c:\windows\TPPALDR.EXE
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageworkstation\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageworkstation\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [HPWireless] "c:\program files\hp wireless adapter\HPWLAN.exe"
mRun: [RegRun WinBait] c:\windows\winbait.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [Panda Security Toolbar Antiphishing] "c:\documents and settings\all users\application data\panda security toolbar antiphishing\panda2_0dn.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\efax 4.4.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\lock.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\connec~1.lnk - c:\program files\hp wireless printer adapter\ConnectMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &NeoTrace It! - c:\progra~1\neotra~2\NTXcontext.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\flashs~1\save.htm
IE: &Search - ?p=GRman000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: AltaVista Home - http://jump.altavista.com/avie5/home
IE: AltaVista Search This Term - http://jump.altavista.com/avie5/search
IE: AltaVista Translate Selection - http://jump.altavista.com/avie5/babelfish
IE: AltaVista Translate this Web Page - http://jump.altavista.com/avie5/babelfish
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: AV Search This Term -
IE: AV Translate Selection -
IE: AV Translate this Web Page -
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Files by HiDownload - c:\progra~1\hidown~1\HDGetAll.htm
IE: Download by HiDownload - c:\progra~1\hidown~1\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Save F&lash with FlashCapture - c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home
IE: {06FE5D01-8F11-11d2-804F-00105A133818}\ExpView
IE: {06FE5D01-8F11-11d2-804F-00105A133818}\RecentDocs
IE: {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch
IE: {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch
IE: {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish
IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm
IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - c:\progra~1\hidown~1\hidownload.exe
IE: {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - c:\progra~1\discover\soan\SOAN.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {06FE5D01-8F11-11d2-804F-00105A133818} - {06FE5D04-8F11-11d2-804F-00105A133818}
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bibb.com\bibbmail
Trusted Zone: kcpl.com\mail
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Blackjack - hxxp://download.games.yahoo.com/games/clients/y/jt0_x.cab
DPF: Yahoo! Dominoes - hxxp://download2.games.yahoo.com/games/clients/y/dot9_x.cab
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file://h:\setup\RiffLick.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134610111671
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134610072468
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.winkflash.com/photo/loaders/ImageUploader3.cab
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.144.30/DGTx.CAB
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://trueswitch.com/sbc/TrueInstallSBC.exe
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: OGPDFLoader.dll c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellObj Class: {f552dde6-2090-4bf4-b924-6141e87789a5} - c:\program files\greatis\regrunsuite\RRShell.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.100 HP5180

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alan\applic~1\mozilla\firefox\profiles\ugdaj4rt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.wedgwoodinternationalseminar.org/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\ugdaj4rt.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency.dll
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\ugdaj4rt.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\ugdaj4rt.default\extensions\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}\components\dtTransparency3.6.dll
FF - component: c:\documents and settings\alan\application data\mozilla\firefox\profiles\ugdaj4rt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\panda security\panda id protect\firefox\components\FFKeypad.dll
FF - plugin: c:\documents and settings\alan\application data\mozilla\firefox\profiles\ugdaj4rt.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\alan\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\alan\local settings\application data\spoon\3.24.0.1\npMozillaSpoonPlugin.dll
FF - plugin: c:\drive_d\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\drive_d\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\drive_d\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\drive_d\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\drive_d\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\drive_d\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\drive_d\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\panda security\panda id protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: NetExport: netexport@getfirebug.com - %profile%\extensions\netexport@getfirebug.com
FF - Ext: Firecookie: firecookie@janodvarko.cz - %profile%\extensions\firecookie@janodvarko.cz
FF - Ext: FireRainbow: firerainbow@hildebrand.cz - %profile%\extensions\firerainbow@hildebrand.cz
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}

============= SERVICES / DRIVERS ===============

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138801]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46800]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-12-15 3744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 HPEAPPkt;Realtek EAPPkt Protocol(HP);c:\windows\system32\drivers\HPEAPPkt.sys [2008-11-12 68864]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-12-15 3904]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
R2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [2006-12-30 27200]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2008-7-14 10752]
R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2008-7-14 37120]
R3 RTLWUSB;Wireless Adapter;c:\windows\system32\drivers\HPL8187.SYS [2008-11-12 189440]
S0 baobb;baobb;c:\windows\system32\drivers\olbjekxr.sys --> c:\windows\system32\drivers\olbjekxr.sys [?]
S2 Ca536av;Digital Camera(Video) Device;c:\windows\system32\drivers\ca536av.sys --> c:\windows\system32\drivers\Ca536av.sys [?]
S2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\fighters\spamfighter\sfus.exe" service --> c:\program files\fighters\spamfighter\sfus.exe [?]
S2 Suite Service;Suite Service;c:\program files\fighters\fightersuiteservice.exe --> c:\program files\fighters\FighterSuiteService.exe [?]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\AmdTools.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-7 20608]
S3 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\program files\matco\BuzzSawService.exe [2006-4-25 323584]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-4-19 186016]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2005-4-19 83616]
S3 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-4-19 177824]
S3 FreeProxy;Free Proxy Service;c:\program files\hand-crafted software\freeproxy\freeproxy.exe -{beginfreeproxyservice} -c"c:\program files\hand-crafted software\freeproxy\default.cfg" --> c:\program files\hand-crafted software\freeproxy\freeproxy.exe -{beginfreeproxyservice} -cc:\program files\hand-crafted software\freeproxy\Default.cfg [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-7-4 30192]
S3 gupdate1ca0b4d9155ce6c;Google Update Service (gupdate1ca0b4d9155ce6c);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [2008-7-14 11648]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2006-9-4 49399]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-8-28 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-28 42512]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2008-12-4 30946]
S3 PermissionTVDownloadManager;PermissionTV Download Manager Service;c:\progra~1\permis~1\bin\dm.exe [2007-9-20 213053]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2008-12-4 25773]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2007-8-22 189312]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-12-14 819352]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-12-5 290816]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
txtfile=c:\windows\NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-02-07 02:07:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\InstallMate
2011-01-15 17:13:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-15 17:13:08 -------- d-----w- c:\docume~1\alan\applic~1\SUPERAntiSpyware.com
2011-01-15 17:12:56 -------- d-----w- c:\program files\SUPERAntiSpyware

==================== Find3M ====================

2011-02-04 15:27:30 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-04 15:27:30 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-04 00:21:02 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-02 00:45:40 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-17 00:39:53 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 18:21:15 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 03:50:33 471552 ----a-w- c:\windows\system32\Smab.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2006-02-15 18:19:06 774144 ----a-w- c:\program files\RngInterstitial.dll
2004-07-30 14:56:22 90112 ----a-w- c:\program files\common files\PCSBclean.exe
2004-07-26 20:30:14 291840 ----a-w- c:\program files\common files\PCSBoff.exe
2001-10-05 16:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31744 --sha-r- c:\windows\system32\msfDX.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: NVIDIA__ rev. -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B376EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x87246872; SUB DWORD [EBP-0x4], 0x8724612e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B463AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B5103D8]
[0x8B4314E8] -> IRP_MJ_CREATE -> 0x8B376EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\0000009f -> \??\SCSI#Disk____NVIDIA__STRIPE___931.52G#1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 21:48:06.59 ===============


GMER:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-06 21:58:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000009b NVIDIA__ rev.
Running: gmer.exe; Driver: C:\DOCUME~1\Alan\LOCALS~1\Temp\kgrcykod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB4765620]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6DFE380, 0x566445, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 05760001
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[996] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71A10F5A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[996] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719E0F5A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[996] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[996] WS2_32.dll!send 71AB4C27 6 Bytes JMP 719B0F5A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[996] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71920F5A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[996] WS2_32.dll!recv 71AB676F 6 Bytes JMP 71980F5A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[996] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71950F5A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[996] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 718F0F5A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\nvraid -> DriverStartIo \Device\Scsi\nvraid0 8B376AEA

AttachedDevice \FileSystem\Fastfat \Fat PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Device\0000009f -> \??\SCSI#Disk____NVIDIA__STRIPE___931.52G#1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xE4 0xBC 0xB3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2E 0x27 0x0F 0x15 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x47 0x15 0xD7 0x7A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xE4 0xBC 0xB3 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2E 0x27 0x0F 0x15 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x47 0x15 0xD7 0x7A ...
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{741D3BDB-A6E1-4F37-B9F3-E1B0AFE23A0A}?Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}?Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}?Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 4
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@LLInterface
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@IpConfig Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@LLInterface
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@IpConfig Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{2A59D3FE-D793-44F8-BFD0-2FB7366529F7}@LLInterface
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{2A59D3FE-D793-44F8-BFD0-2FB7366529F7}@IpConfig Tcpip\Parameters\Interfaces\{2A59D3FE-D793-44F8-BFD0-2FB7366529F7}?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{777D785D-75E7-4DBC-9135-07FE35D2C812}@LLInterface ARP1394
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{777D785D-75E7-4DBC-9135-07FE35D2C812}@IpConfig Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{C82C7617-F068-4353-B1CE-0BC8E38C1C59}@LLInterface
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{C82C7617-F068-4353-B1CE-0BC8E38C1C59}@IpConfig Tcpip\Parameters\Interfaces\{C82C7617-F068-4353-B1CE-0BC8E38C1C59}?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@LLInterface
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@IpConfig Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@LLInterface
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Adapters\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@IpConfig Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@NTEContextList
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@DhcpIPAddress 0.0.0.0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@DhcpSubnetMask 0.0.0.0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@Domain
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@NameServer
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@RegistrationEnabled 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0820DCFE-0966-4E89-9786-1030C8FF8E9C}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@NameServer
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@Domain
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{0F4CE670-1555-4848-8AE1-F8C3B55D36D6}@NTEContextList 0x00000004?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@NameServer
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@Domain
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@NTEContextList 0x00000003?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@DhcpServer 192.168.11.1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@Lease 3596400
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@LeaseObtainedTime 1216699142
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@T1 1218497342
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@T2 1219845992
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@LeaseTerminatesTime 1220295542
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@IPAutoconfigurationAddress 0.0.0.0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@IPAutoconfigurationMask 255.255.0.0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@IPAutoconfigurationSeed 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@AddressType 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@DhcpIPAddress 192.168.11.5
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@DhcpSubnetMask 255.255.255.0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@DhcpNameServer 68.94.156.1 68.94.157.1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@DhcpDefaultGateway 192.168.11.1?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{152D4AD6-97DF-4678-A4CF-BCE0F42B03C1}@DhcpSubnetMaskOpt 255.255.255.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@NTEContextList
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@DhcpIPAddress 0.0.0.0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@DhcpSubnetMask 0.0.0.0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@Domain
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@NameServer
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@RegistrationEnabled 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@DhcpDomain bibb.net
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@DhcpNameServer 10.10.7.20 10.10.7.35
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{575CB419-EF02-4BD4-B455-4052F82C07C7}@DhcpSubnetMaskOpt 255.255.240.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{741D3BDB-A6E1-4F37-B9F3-E1B0AFE23A0A}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{741D3BDB-A6E1-4F37-B9F3-E1B0AFE23A0A}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{741D3BDB-A6E1-4F37-B9F3-E1B0AFE23A0A}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{741D3BDB-A6E1-4F37-B9F3-E1B0AFE23A0A}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{741D3BDB-A6E1-4F37-B9F3-E1B0AFE23A0A}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{741D3BDB-A6E1-4F37-B9F3-E1B0AFE23A0A}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{741D3BDB-A6E1-4F37-B9F3-E1B0AFE23A0A}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@NameServer
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@Domain
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{777D785D-75E7-4DBC-9135-07FE35D2C812}@MTU 1492
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@NTEContextList
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@DhcpIPAddress 0.0.0.0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@DhcpSubnetMask 0.0.0.0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@Domain
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@NameServer
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@RegistrationEnabled 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{B211579B-B6BD-4ACD-B823-4036BAC1AFBC}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@IPAddress 192.168.173.2?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@SubnetMask 255.255.255.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@DefaultGateway ?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@NameServer
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@Domain
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{D54FBB47-5204-4E2B-A5B6-9B284A9EE1D8}@NTEContextList 0x00000004?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@NameServer
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@Domain
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet007\Services\Tcpip\Parameters\Interfaces\{EDC755A2-1D0B-4629-8AD7-44C3B6A2E599}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xE4 0xBC 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2E 0x27 0x0F 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x47 0x15 0xD7 0x7A ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4614654033 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21156560652 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21156560651 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@5006264560 0xDC 0x00 0x93 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21622213151 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21625441441 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@5416121200 0x30 0x00 0x30 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@22050555326 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@330242136 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4614654032 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21152640332 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21152640330 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21155111530 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21153332363 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@22051250360 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@22052334452 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@330634200 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@5200222604 0x36 0x00 0x39 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@34260066665 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21153332361 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4622661460 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21155503561 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@25043143522 0x57 0x00 0x49 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4621212323 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@12040463104 0x36 0x00 0x37 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4616433160 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21153332362 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@325100641 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@22320503426 0x36 0x00 0x35 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21155503560 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@16042244505 0x41 0x00 0x63 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@326550105 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21162032150 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4614654034 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21154416455 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4621212322 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4621604354 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4616041126 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4623353521 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4621604355 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21621521120 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@324405610 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21154416454 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@322234412 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4612512536 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21156165622 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21156165621 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4620520262 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@324013546 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21154024423 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21150466134 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@25566413650
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21161340116 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4624045552 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21622605212 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21151161165 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@22051642421 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4615346065 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4621212324 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4620520263 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21152640331 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@20432634130 0x31 0x00 0x31 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4620125232 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4616041125 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21156560653 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4624045553 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21623300243 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@321542351 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@16503125454 0x31 0x00 0x34 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4621604353 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21154024424 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@325463002 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4615346064 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@4620125231 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF
Reg HKLM\SOFTWARE\Microsoft\Windows\Armjisoft\LPDF@21155111526 0x30 0x00 0x30 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040710900063D11C8EF10054038389C\Usage@HandWritingFiles 1044798385
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 500
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 71
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD6E5452-8CC9-4D45-A19B-BEAAED3250ED}

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:10 AM

Posted 09 February 2011 - 03:08 PM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 agerickson

agerickson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 09 February 2011 - 10:57 PM

OTL logfile created on: 02/09/11 9:35:52 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Alan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 380.05 Gb Free Space | 40.80% Space Free | Partition Type: NTFS
Drive M: | 465.76 Gb Total Space | 131.72 Gb Free Space | 28.28% Space Free | Partition Type: NTFS

Computer Name: ERICKSON_PUTER | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/09 21:33:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
PRC - [2011/02/07 03:29:02 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/01/13 09:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/16 18:35:40 | 000,423,232 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2010/12/16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/12/08 13:14:34 | 000,223,400 | ---- | M] (Panda Security) -- C:\Documents and Settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe
PRC - [2010/11/17 12:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/15 03:02:45 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/08/24 00:37:02 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2010/07/02 12:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2009/08/28 16:47:56 | 000,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe
PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/28 16:42:12 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/07/14 14:30:00 | 000,356,864 | ---- | M] (Greatis Software) -- C:\Program Files\Greatis\RegRunSuite\WatchDog.exe
PRC - [2008/04/13 18:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/08 00:26:42 | 000,228,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vsjitdebugger.exe
PRC - [2007/07/17 04:00:00 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/10/23 10:16:56 | 001,122,304 | ---- | M] () -- C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe
PRC - [2006/10/04 22:51:06 | 000,618,496 | ---- | M] (3G Corp.) -- C:\Program Files\HP Wireless Adapter\HPWLan.exe
PRC - [2006/09/17 09:32:16 | 001,352,704 | ---- | M] (Kana Solution) -- C:\Program Files\DynDNS Updater\DynDNS.exe
PRC - [2006/07/21 08:03:00 | 001,106,528 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
PRC - [2006/07/20 23:15:32 | 001,848,155 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
PRC - [2006/07/20 23:13:48 | 000,126,976 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/07/20 23:13:42 | 000,204,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/05/13 17:11:14 | 000,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2003/05/19 17:39:16 | 000,081,920 | ---- | M] () -- C:\WINDOWS\Dit.exe
PRC - [2003/03/20 15:47:08 | 000,061,440 | ---- | M] () -- C:\WINDOWS\DitExp.exe
PRC - [2001/10/05 10:54:28 | 000,118,784 | ---- | M] (In-System Design, Inc.) -- C:\WINDOWS\tppaldr.exe
PRC - [1999/09/30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (SafeList) ==========

MOD - [2011/02/09 21:33:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
MOD - [2010/12/08 13:14:36 | 000,383,656 | ---- | M] (Panda Security) -- C:\Documents and Settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/03/26 12:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Suite Service)
SRV - File not found [Auto | Stopped] -- -- (SPAMfighter Update Service)
SRV - File not found [Auto | Stopped] -- -- (ioloDMV)
SRV - File not found [Auto | Stopped] -- -- (Basics Service)
SRV - [2010/12/16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/24 00:37:02 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/07/26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/07/22 20:48:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/25 09:32:58 | 000,314,584 | R--- | M] (cFos Software GmbH) [On_Demand | Stopped] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2008/04/13 18:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/09/20 10:28:34 | 000,213,053 | ---- | M] (PermissionTV) [On_Demand | Stopped] -- C:\Program Files\PermissionTV\bin\dm.exe -- (PermissionTVDownloadManager)
SRV - [2007/06/28 18:01:48 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/02/04 18:11:18 | 000,356,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hand-Crafted Software\FreeProxy\FreeProxy.exe -- (FreeProxy)
SRV - [2006/11/01 00:04:02 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2006/10/14 19:21:04 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2006/09/17 09:32:16 | 001,352,704 | ---- | M] (Kana Solution) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynDNS.exe -- (DynDNS_Updater_Service)
SRV - [2006/07/20 23:13:42 | 000,204,800 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/04/25 14:35:58 | 000,323,584 | ---- | M] (SpyderComm, Inc.) [On_Demand | Stopped] -- C:\Program Files\MATCO\BuzzSawService.exe -- (Buzzsaw_Defragmentation)
SRV - [2006/04/13 08:33:24 | 000,237,568 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MATCO\DirmsService.exe -- (DirMS_Defragmentation)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/27 14:55:28 | 000,177,824 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/12/27 14:55:20 | 000,083,616 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/12/27 14:55:04 | 000,186,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/12/14 21:21:21 | 000,819,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/07/27 11:53:00 | 000,536,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver)
SRV - [2005/05/13 17:11:14 | 000,869,888 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/05/13 17:11:14 | 000,869,888 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/11/22 17:04:14 | 001,273,856 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/08/30 23:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2003/05/19 15:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
SRV - [2002/10/21 15:54:18 | 000,081,920 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2010/12/16 18:12:59 | 000,113,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2010/12/16 18:12:51 | 000,111,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2010/12/16 18:12:42 | 000,130,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2010/12/16 18:12:34 | 000,097,352 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/12/16 18:12:26 | 000,141,768 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2010/07/03 19:47:35 | 000,025,773 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/03 16:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/28 16:48:00 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/16 22:44:01 | 000,200,704 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2009/02/02 09:38:08 | 000,030,946 | ---- | M] (Greatis Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2008/12/17 00:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 00:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 23:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/16 23:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/19 10:49:37 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/19 10:49:36 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/07 01:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/06/25 09:33:02 | 000,732,376 | R--- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/28 18:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/04/12 14:24:26 | 000,388,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/04/12 14:24:26 | 000,032,288 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/04/12 14:24:17 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/03/08 13:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/02/08 19:44:22 | 000,026,944 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/02/08 19:44:00 | 000,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/12/26 13:58:02 | 000,189,312 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2006/12/20 07:40:20 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/11/29 00:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/08/16 19:03:14 | 000,010,752 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [2006/08/16 19:03:06 | 000,011,648 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnucmp.sys -- (HPNUCMP)
DRV - [2006/08/16 19:03:00 | 000,037,120 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhub.sys -- (HPNUHUB)
DRV - [2006/08/15 11:10:02 | 000,189,440 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPL8187.SYS -- (RTLWUSB)
DRV - [2006/05/12 13:31:12 | 000,068,864 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HPEAPPkt.sys -- (HPEAPPkt) Realtek EAPPkt Protocol(HP)
DRV - [2006/03/01 09:24:16 | 000,290,816 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006/03/01 09:24:16 | 000,290,816 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN)
DRV - [2005/12/14 21:21:21 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/12/01 12:14:20 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/09 17:22:32 | 000,039,936 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2005/11/07 16:50:20 | 000,049,399 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2005/08/18 10:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/07/27 12:40:08 | 000,027,200 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RTWTKRNL.sys -- (RTWTKRNL)
DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005/05/17 15:45:12 | 000,076,288 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2005/05/17 15:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/05/17 15:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/05/13 17:03:52 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/05/13 17:03:30 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/05/13 09:03:25 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/04/06 01:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/06 01:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/11/22 17:08:54 | 000,046,800 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount)
DRV - [2004/11/22 16:51:58 | 000,138,801 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/30 23:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2004/07/26 12:36:08 | 000,316,192 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2004/03/05 17:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 17:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2004/01/14 10:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.SYS -- (ZDPNDIS5)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/31 12:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/04/19 01:14:32 | 000,009,280 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\DRIVE_D\Program Files\SiSoftware\SiSoft Sandra 2001te Standard\SANDRA.sys -- (SANDRA)
DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,AutoRefreshLocalPages = yes
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = [binary data]
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.wedgwoodinternationalseminar.org/"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: firerainbow@hildebrand.cz:1.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: netexport@getfirebug.com:0.8b10
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.1
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:1.0
FF - prefs.js..extensions.enabledItems: widgetruntime@surfsecret.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.8
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localho,t,127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/05/23 23:02:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\widgetruntime@surfsecret.com: C:\Program Files\Panda Security\Panda ID Protect\Firefox [2010/07/07 16:27:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/02 20:44:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/02 20:44:59 | 000,000,000 | ---D | M]

[2009/09/26 10:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Extensions
[2011/02/08 11:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions
[2010/05/06 16:26:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/08 11:46:56 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/09/02 19:28:34 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010/07/07 16:27:14 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/01/20 10:55:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/20 10:55:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/07/31 17:31:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/20 10:55:37 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/01/20 10:55:51 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\firebug@software.joehewitt.com
[2010/11/11 14:39:07 | 000,000,000 | ---D | M] (Firecookie) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\firecookie@janodvarko.cz
[2010/11/11 14:39:07 | 000,000,000 | ---D | M] (FireRainbow) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\firerainbow@hildebrand.cz
[2010/09/01 07:48:43 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\inspector@mozilla.org
[2011/02/03 16:34:13 | 000,000,000 | ---D | M] (NetExport) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\netexport@getfirebug.com
[2010/09/01 07:48:43 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/10/28 10:56:26 | 000,000,000 | ---D | M] (YSlow) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\yslow@yahoo-inc.com
[2011/02/08 11:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 14:46:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/20 10:51:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/05/23 23:02:45 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/03/15 20:57:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/07 16:27:21 | 000,000,000 | ---D | M] (Panda Identity Protect) -- C:\PROGRAM FILES\PANDA SECURITY\PANDA ID PROTECT\FIREFOX
[2007/06/21 17:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 17:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 17:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/21 17:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/06/21 17:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/10/22 14:59:28 | 000,411,538 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.100 HP5180
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 14220 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DeskshopBrowserHelper Class) - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HPWireless] C:\Program Files\HP Wireless Adapter\HPWLAN.exe (3G Corp.)
O4 - HKLM..\Run: [ICSDCLT] C:\WINDOWS\System32\icsdclt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [Panda Security Toolbar Antiphishing] C:\Documents and Settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RegRun WinBait] C:\WINDOWS\WinBait.exe ()
O4 - HKLM..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe (In-System Design, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [Registry] C:\Program Files\Greatis\RegRunSuite\lsoon.exe (Greatis Software)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [Regrun2] C:\Program Files\Greatis\RegRunSuite\WatchDog.exe (Greatis Software)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [SetDefaultMIDI] File not found
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\connection manager.lnk = C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 02 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FC FF 03 [binary data]
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\Program Files\Flash Saver\save.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm ()
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Save F&lash with FlashCapture - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra Button: MicroPortal - {06FE5D01-8F11-11d2-804F-00105A133818} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra Button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : AltaVista &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (HiDownload Software)
O9 - Extra Button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Discover\SOAN\SOAN.exe (Orbiscom Ltd. All rights reserved.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..Trusted Domains: bibb.com ([bibbmail] http in Trusted sites)
O15 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..Trusted Domains: kcpl.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} file://H:\setup\RiffLick.cab (WaveTab Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134610111671 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134610072468 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.winkflash.com/photo/loaders/ImageUploader3.cab (Aurigma Image Uploader 3.0 Control)
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} http://www.programchecker.com/dll/nixon.cab (Zenturi Active Programs Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/games/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} http://66.98.144.30/DGTx.CAB (DGTx.uc1)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://trueswitch.com/sbc/TrueInstallSBC.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Blackjack http://download.games.yahoo.com/games/clients/y/jt0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Dominoes http://download2.games.yahoo.com/games/clients/y/dot9_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (OGPDFLoader.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:1 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop WallPaper: C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O29 - HKLM SecurityProviders - (rpasspc.dll) - C:\WINDOWS\System32\RPASSPC.dll (CompuServe Inc.)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/13 16:07:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/21 22:01:36 | 000,000,063 | ---- | M] () - M:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1d766426-178c-11df-a3fc-00170896bae9}\Shell\AutoRun\command - "" = L:\autorun.bat
O33 - MountPoints2\{91345189-8785-11de-b4b8-00170896bae9}\Shell\AutoRun\command - "" = K:\autorun.bat
O33 - MountPoints2\{b80879f6-6382-11da-9850-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b80879f6-6382-11da-9850-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b80879f6-6382-11da-9850-806d6172696f}\Shell\AutoRun\command - "" = I:\TS-H552C.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/09 21:33:23 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2011/02/08 09:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2011/02/08 09:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
[2011/02/08 09:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/02/07 18:08:01 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/02/07 16:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2011/02/07 16:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/02/06 08:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2011/01/26 19:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2011/01/15 11:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/15 11:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
[2011/01/15 11:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/15 11:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/12 03:01:13 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/11/28 12:59:33 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Alan\Application Data\tsdnwin.dll
[2007/04/09 08:06:06 | 000,021,866 | ---- | C] (In-System Design, Inc.) -- C:\Program Files\Common Files\tppupd2k.dll
[2007/04/02 07:00:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Alan\Application Data\pcouffin.sys
[2006/02/15 12:19:41 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1039 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Alan\Application Data\*.tmp files -> C:\Documents and Settings\Alan\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/09 21:45:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2730970711-1940038648-3843556251-1005UA.job
[2011/02/09 21:33:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2011/02/09 21:25:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 21:24:29 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/02/09 21:23:47 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/09 21:23:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/09 21:23:26 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/02/09 21:23:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/09 21:22:52 | 3220,746,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/09 21:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/09 20:32:48 | 000,000,076 | ---- | M] () -- C:\WINDOWS\lsoon.ini
[2011/02/09 19:56:36 | 000,137,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/02/09 19:56:31 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/02/09 18:45:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2730970711-1940038648-3843556251-1005Core.job
[2011/02/08 17:57:09 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/02/07 18:08:01 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/02/07 17:55:11 | 000,896,514 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\census.cache
[2011/02/07 17:52:57 | 000,432,248 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\ars.cache
[2011/02/07 17:15:49 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\housecall.guid.cache
[2011/02/07 13:45:18 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\error.bat
[2011/02/06 21:38:58 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\dds.scr
[2011/02/06 21:30:43 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Alan\defogger_reenable
[2011/02/06 15:59:21 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2011/02/06 08:52:42 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/02/05 19:05:57 | 000,000,430 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/02/04 10:22:28 | 001,701,059 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\AGIA US FIRE INS COMPANY CLAIM FORM 081607 modified AGE.pdf
[2011/02/02 21:44:52 | 000,309,720 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070480.jpg
[2011/02/02 12:51:20 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/01/31 10:44:44 | 003,328,344 | ---- | M] () -- C:\Church.QDF
[2011/01/31 10:44:44 | 000,388,731 | ---- | M] () -- C:\Church.IDX
[2011/01/31 10:44:44 | 000,025,600 | ---- | M] () -- C:\Church.QEL
[2011/01/29 10:52:10 | 000,040,557 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 3.pdf
[2011/01/29 10:47:12 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Shortcut to co #2.pdf.lnk
[2011/01/26 19:55:21 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/01/26 19:55:00 | 004,251,204 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\FileZilla_3.3.5.1_win32-setup.exe
[2011/01/26 09:58:58 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\gcada images.doc
[2011/01/24 21:11:51 | 000,674,304 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\GCADA Tutorial.doc
[2011/01/24 15:26:33 | 001,472,051 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070475.jpg
[2011/01/24 15:26:12 | 001,470,228 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070474.jpg
[2011/01/24 15:25:54 | 001,505,854 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070477.jpg
[2011/01/24 15:25:13 | 001,438,777 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070476.jpg
[2011/01/23 20:05:27 | 000,011,963 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\test.skp
[2011/01/22 19:59:37 | 000,674,304 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Welcome the the new GCADA website for old and new members.doc
[2011/01/20 10:50:13 | 000,069,095 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\WIS newsletter copy.jpg
[2011/01/20 10:49:58 | 000,433,296 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\WIS newsletter.psd
[2011/01/18 21:55:30 | 000,003,687 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\1st day vase copy.gif
[2011/01/18 21:55:30 | 000,003,674 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\1st day vase copy.gif
[2011/01/15 18:55:39 | 001,431,616 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Roger.zip
[2011/01/15 11:13:00 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/14 16:48:22 | 000,047,353 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 2a.pdf
[2011/01/14 11:50:17 | 000,042,029 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 2.pdf
[2011/01/12 03:10:26 | 000,000,174 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/11 16:49:13 | 000,877,974 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\scan0002.bmp
[2011/01/11 15:47:49 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\tyco claim.doc
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1039 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Alan\Application Data\*.tmp files -> C:\Documents and Settings\Alan\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2018/08/01 18:57:33 | 000,000,111 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\sys50492.bin
[2011/02/07 17:55:11 | 000,896,514 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\census.cache
[2011/02/07 17:52:57 | 000,432,248 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\ars.cache
[2011/02/07 17:15:49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\housecall.guid.cache
[2011/02/07 13:45:18 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\error.bat
[2011/02/06 21:38:56 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\dds.scr
[2011/02/06 21:30:25 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Alan\defogger_reenable
[2011/02/06 08:52:42 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/02/05 19:06:47 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Shortcut to Malwarebytes' Anti-Malware.lnk
[2011/02/02 21:44:52 | 000,309,720 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070480.jpg
[2011/01/29 10:47:11 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Shortcut to co #2.pdf.lnk
[2011/01/29 10:46:26 | 000,040,557 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 3.pdf
[2011/01/26 19:55:21 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/01/26 19:54:47 | 004,251,204 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\FileZilla_3.3.5.1_win32-setup.exe
[2011/01/26 09:08:32 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\gcada images.doc
[2011/01/24 19:46:37 | 000,674,304 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\GCADA Tutorial.doc
[2011/01/24 15:26:32 | 001,472,051 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070475.jpg
[2011/01/24 15:26:12 | 001,470,228 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070474.jpg
[2011/01/24 15:25:54 | 001,505,854 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070477.jpg
[2011/01/24 15:25:13 | 001,438,777 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070476.jpg
[2011/01/23 20:05:27 | 000,011,963 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\test.skp
[2011/01/22 17:37:43 | 000,674,304 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Welcome the the new GCADA website for old and new members.doc
[2011/01/20 10:50:09 | 000,069,095 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\WIS newsletter copy.jpg
[2011/01/20 10:49:58 | 000,433,296 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\WIS newsletter.psd
[2011/01/18 21:55:21 | 000,003,687 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\1st day vase copy.gif
[2011/01/18 21:55:21 | 000,003,674 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\1st day vase copy.gif
[2011/01/15 18:54:00 | 001,431,616 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Roger.zip
[2011/01/15 11:13:00 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/14 16:48:22 | 000,047,353 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 2a.pdf
[2011/01/14 11:15:50 | 000,042,029 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 2.pdf
[2011/01/11 16:49:13 | 000,877,974 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\scan0002.bmp
[2011/01/11 14:52:43 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\tyco claim.doc
[2010/12/17 21:44:40 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/03 11:43:18 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2010/10/30 14:05:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/10/23 19:43:13 | 000,000,745 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/10/23 07:12:02 | 000,000,167 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/08/15 06:43:20 | 001,156,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 17:11:08 | 000,068,272 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\PandaIDProtectHelp.chm
[2010/06/22 08:59:38 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/14 08:13:00 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/28 08:32:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/11/28 12:57:34 | 000,000,466 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\SamsungLiveUpdateConfig.ini
[2009/10/31 14:42:14 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ShLog.txt
[2009/08/29 07:45:29 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/08/29 07:45:24 | 000,020,023 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/29 07:45:23 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/07 20:31:48 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/04 08:26:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/01/25 22:44:43 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2009/01/10 00:41:41 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\d3d9caps.dat
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/16 11:19:36 | 000,291,840 | ---- | C] () -- C:\Program Files\Common Files\PCSBoff.exe
[2008/12/16 11:19:36 | 000,090,112 | ---- | C] () -- C:\Program Files\Common Files\PCSBclean.exe
[2008/12/08 09:31:51 | 000,003,910 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ShLog.txt
[2008/12/04 22:34:05 | 000,000,076 | ---- | C] () -- C:\WINDOWS\lsoon.ini
[2008/12/04 18:20:14 | 006,905,598 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\ShLog.txt
[2008/11/18 21:42:25 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\ConverterEngLog.log
[2008/11/18 21:33:40 | 000,427,488 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\ReplayConverterLog.log
[2008/11/03 20:35:48 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/11/01 12:17:30 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/08/28 21:45:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/28 21:44:50 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005432_.tmp.dll
[2008/08/28 21:44:47 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005400_.tmp.dll
[2008/05/31 20:44:43 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/03/17 20:22:11 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/03/01 22:19:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/12 21:42:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/01/10 17:09:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/01/10 17:02:23 | 000,050,805 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/07 10:07:40 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/11/29 18:10:34 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/14 22:25:23 | 000,685,849 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\unins000.exe
[2007/10/14 22:25:23 | 000,030,480 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\unins000.dat
[2007/09/24 23:02:14 | 000,000,268 | ---- | C] () -- C:\WINDOWS\resfen5.ini
[2007/08/24 08:55:08 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/22 07:38:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/08/17 10:58:39 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/08/17 10:58:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/08/17 10:58:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/08/17 10:58:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/08/17 10:58:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/08/17 10:58:31 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/08/17 10:58:30 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI
[2007/08/17 10:58:08 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/08/17 10:57:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll
[2007/08/12 20:55:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\BW7Dir.ini
[2007/08/12 20:50:42 | 000,013,855 | ---- | C] () -- C:\WINDOWS\bw700.ini
[2007/08/12 20:48:46 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2007/08/12 20:48:46 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\patchw.dll
[2007/08/12 20:48:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\bwntsend.dll
[2007/08/12 20:48:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bwnthook.dll
[2007/08/12 20:48:45 | 001,982,464 | ---- | C] () -- C:\WINDOWS\System32\bwbits70.dll
[2007/07/14 18:32:21 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/07/14 18:32:21 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/07/14 18:32:21 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/07/14 18:32:21 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/06/28 18:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/05/28 09:57:55 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/05/13 06:45:33 | 000,000,441 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/02 09:34:17 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\FixVTS.ini
[2007/04/02 07:01:11 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\pcouffin.log
[2007/04/02 07:00:51 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\ezpinst.exe
[2007/04/02 07:00:51 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\pcouffin.cat
[2007/04/02 07:00:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\pcouffin.inf
[2007/03/09 01:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 03:14:48 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/08 22:17:02 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\FreeProxyDLL392.dll
[2007/01/29 08:43:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2007/01/17 08:29:48 | 000,000,154 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2007/01/08 17:18:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/12/30 21:52:23 | 000,027,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTWTKRNL.sys
[2006/12/30 21:51:01 | 000,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/12/16 22:28:27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/12/15 11:19:58 | 000,000,587 | ---- | C] () -- C:\WINDOWS\lname.ini
[2006/12/15 11:19:58 | 000,000,121 | ---- | C] () -- C:\WINDOWS\iii.ini
[2006/12/15 11:19:56 | 000,000,466 | ---- | C] () -- C:\WINDOWS\iiiweb97.ini
[2006/12/14 22:53:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Isdbg.ini
[2006/12/14 22:35:07 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/11/19 22:36:00 | 001,015,808 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/11/19 22:36:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll
[2006/11/19 22:35:59 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/11/19 22:35:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/11/19 22:35:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/11/19 22:35:59 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2006/11/19 22:35:58 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/11/15 22:58:47 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\.googlewebacchosts
[2006/11/07 23:32:14 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2006/10/12 09:32:50 | 000,000,417 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\AutoGK.ini
[2006/09/26 21:10:04 | 000,823,296 | ---- | C] () -- C:\WINDOWS\npdbplug.dll
[2006/09/09 21:03:17 | 000,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2006/09/09 21:03:17 | 000,040,712 | ---- | C] () -- C:\WINDOWS\System32\agcrypto.dll
[2006/08/11 08:33:42 | 001,370,242 | ---- | C] () -- C:\WINDOWS\System32\OGKernel.dll
[2006/08/10 14:08:58 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\$_hpcst$.hpc
[2006/07/04 17:24:50 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/17 09:36:46 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2006/05/10 14:32:22 | 000,000,315 | ---- | C] () -- C:\WINDOWS\QFP.INI
[2006/05/09 20:11:11 | 000,000,196 | RH-- | C] () -- C:\WINDOWS\KFSecure.dll
[2006/05/09 20:11:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\KSecure.dll
[2006/05/06 20:01:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2006/04/07 17:55:15 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\gc.dll
[2006/03/31 09:54:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/30 23:48:51 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/03/30 23:31:19 | 000,000,111 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/03/05 16:35:21 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/27 07:48:36 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/27 07:30:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/21 22:11:14 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/01/28 17:24:27 | 000,000,152 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/28 16:54:19 | 000,000,090 | ---- | C] () -- C:\WINDOWS\Taxact03.ini
[2006/01/28 16:53:21 | 000,000,090 | ---- | C] () -- C:\WINDOWS\Taxact04.ini
[2006/01/14 23:18:21 | 000,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2006/01/14 17:38:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/05 22:01:40 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2006/01/05 21:41:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/01/03 21:56:19 | 000,000,111 | ---- | C] () -- C:\WINDOWS\NVMonitor.INI
[2006/01/01 20:20:26 | 000,000,110 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2006/01/01 14:05:24 | 000,002,136 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2005/12/30 20:03:00 | 001,732,608 | R--- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2005/12/27 23:00:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/12/27 22:57:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2005/12/19 21:30:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\FC32.INI
[2005/12/18 20:03:06 | 000,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
[2005/12/18 19:42:25 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/12/18 14:45:33 | 000,000,962 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/12/18 14:45:33 | 000,000,074 | ---- | C] () -- C:\WINDOWS\calera.ini
[2005/12/17 14:26:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\fusioncache.dat
[2005/12/15 00:51:37 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/12/14 19:15:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cs3inst.ini
[2005/12/14 18:50:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/13 23:20:51 | 000,000,149 | ---- | C] () -- C:\WINDOWS\MPCWIN98.INI
[2005/12/13 23:19:05 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/12/13 22:12:41 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/12/13 16:48:21 | 000,000,102 | ---- | C] () -- C:\WINDOWS\cserve.ini
[2005/12/12 23:29:53 | 000,004,967 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/08 21:07:00 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\lfpcd14N.dll
[2005/12/08 20:34:40 | 000,040,512 | ---- | C] () -- C:\WINDOWS\System32\VUINS16.DLL
[2005/12/07 22:20:28 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\FASTWiz.html
[2005/12/04 21:12:32 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\FASTWiz.log
[2005/12/02 17:43:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/02 17:39:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/10 13:53:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/23 02:55:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2005/09/13 20:59:52 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/09/13 16:10:24 | 000,000,897 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/13 15:55:58 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/09/13 15:53:20 | 000,001,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/13 09:01:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/28 16:24:44 | 000,007,136 | ---- | C] () -- C:\WINDOWS\System32\Adist4.dll
[2005/08/28 16:24:37 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/08/24 22:35:05 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2005/08/01 23:35:56 | 000,000,982 | ---- | C] () -- C:\WINDOWS\CDPLAY.INI
[2005/07/17 23:11:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\MkeDscChg.dll
[2005/07/17 20:30:56 | 000,176,128 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2005/07/17 20:30:56 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2005/07/17 20:13:44 | 000,008,192 | ---- | C] () -- C:\WINDOWS\storpg98.dll
[2005/07/07 14:53:18 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/02/11 22:08:00 | 000,843,776 | R--- | C] () -- C:\WINDOWS\System32\lteay14n.dll
[2005/02/11 22:08:00 | 000,688,128 | R--- | C] () -- C:\WINDOWS\System32\ltcry14n.dll
[2005/02/11 22:08:00 | 000,144,384 | R--- | C] () -- C:\WINDOWS\System32\lttls14n.dll
[2004/07/20 22:41:45 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2004/07/20 22:41:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll
[2004/07/20 22:41:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll
[2004/07/20 22:41:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll
[2004/07/05 14:25:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll
[2003/03/13 18:50:18 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\wimadll.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 11:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/02/27 07:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 07:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 07:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/09/22 23:40:31 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\HPFPNP.DLL
[2001/09/16 17:22:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\dvzxlt.ini
[2001/08/09 21:34:14 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\PDDLLW32.DLL
[2001/08/09 21:34:13 | 000,455,168 | ---- | C] () -- C:\WINDOWS\System32\redllw32.dll
[2001/07/24 22:19:56 | 000,001,443 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2001/07/24 22:19:56 | 000,000,643 | ---- | C] () -- C:\WINDOWS\WAVPLAY.INI
[2001/07/24 22:19:56 | 000,000,599 | ---- | C] () -- C:\WINDOWS\MIDIPLAY.INI
[2001/07/24 22:19:56 | 000,000,133 | ---- | C] () -- C:\WINDOWS\POWERBAR.INI
[2001/07/24 22:15:56 | 000,000,428 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2001/07/22 14:59:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HPOPNP.DLL
[2001/07/21 11:30:44 | 000,000,410 | ---- | C] () -- C:\WINDOWS\AUDIOVIW.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/04/24 00:45:37 | 000,002,717 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/04/21 17:05:30 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL
[2001/04/21 17:02:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OEMREG.DLL
[2001/04/21 16:56:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL
[2001/04/21 16:56:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2001/04/21 16:55:50 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL
[2001/04/21 16:53:23 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL
[2001/01/27 14:13:18 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2001/01/27 14:13:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2001/01/25 21:58:05 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[2001/01/24 21:38:25 | 000,001,544 | ---- | C] () -- C:\WINDOWS\Mpcwin00.ini
[2000/11/05 23:52:44 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2000/10/23 20:50:08 | 000,002,417 | ---- | C] () -- C:\WINDOWS\Mng6.ini
[2000/10/23 20:49:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\SA4_WKSP.INI
[2000/10/23 20:49:27 | 000,000,033 | ---- | C] () -- C:\WINDOWS\SA4_DRAW.INI
[2000/10/23 18:12:34 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\std-2.1-vc5.0-mt.dll
[2000/10/20 22:15:42 | 000,003,356 | ---- | C] () -- C:\WINDOWS\SA8.ini
[2000/10/20 22:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DeLGPS.ini
[2000/09/27 08:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\SharpenDIB.dll
[2000/09/27 08:09:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\AutoFinish.dll
[2000/09/04 20:56:07 | 000,250,880 | ---- | C] () -- C:\WINDOWS\System32\NViewLib.dll
[2000/07/23 22:40:41 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_UNODBC.dll
[2000/07/23 22:39:51 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2000/07/23 22:39:50 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2000/07/23 22:39:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2000/07/23 22:39:50 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2000/07/23 22:39:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BCARDS.INI
[2000/07/23 22:39:11 | 000,000,109 | ---- | C] () -- C:\WINDOWS\ttinstal.ini
[2000/07/23 22:38:55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\ftpclient.dll
[2000/07/23 22:38:54 | 000,318,976 | ---- | C] () -- C:\WINDOWS\System32\Peer.dll
[2000/07/23 22:38:54 | 000,045,952 | ---- | C] () -- C:\WINDOWS\System32\LTVDD62W.DRV
[2000/07/23 22:38:54 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\Peer_Res.dll
[2000/07/23 22:38:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFWMF62N.DLL
[2000/07/23 22:38:54 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWPG62N.DLL
[2000/07/23 22:38:54 | 000,003,200 | ---- | C] () -- C:\WINDOWS\System32\LTTHK62W.DLL
[2000/07/23 22:38:53 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\LTTWN62N.DLL
[2000/07/23 22:38:53 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX62N.DLL
[2000/07/23 22:38:53 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFPCT62N.DLL
[2000/07/23 22:38:53 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA62N.DLL
[2000/07/23 22:38:53 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\LFPCD62N.DLL
[2000/07/23 22:38:52 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\LFFAX62N.DLL
[2000/07/23 22:38:52 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP62N.DLL
[2000/07/23 22:38:52 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\LFTIF62N.DLL
[2000/07/23 22:38:52 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2000/07/23 22:38:52 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP62N.DLL
[2000/03/24 23:52:04 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2000/02/23 22:41:38 | 000,002,128 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2000/02/03 20:55:44 | 000,001,836 | ---- | C] () -- C:\WINDOWS\MPCWIN99.INI
[2000/01/10 08:53:31 | 000,036,800 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\Comma Separated Values (Windows).ADR
[2000/01/10 08:48:22 | 000,036,798 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\Tab Separated Values (Windows).ADR
[1999/12/22 01:01:20 | 000,132,096 | ---- | C] () -- C:\WINDOWS\System32\PDFwin32.dll
[1999/12/22 01:01:20 | 000,064,688 | ---- | C] () -- C:\WINDOWS\System32\Pdfwlib.dll
[1999/12/04 15:20:34 | 000,000,706 | ---- | C] () -- C:\WINDOWS\tpr.ini
[1999/12/04 13:46:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\LGICC.DLL
[1999/10/21 23:18:46 | 000,000,227 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[1999/10/21 23:17:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini
[1999/09/09 22:38:36 | 000,002,208 | ---- | C] () -- C:\WINDOWS\Mng5.ini
[1999/08/08 23:11:52 | 000,002,801 | ---- | C] () -- C:\WINDOWS\SA6.ini
[1999/08/08 22:42:11 | 000,287,232 | R--- | C] () -- C:\WINDOWS\System32\PPRO200.DLL
[1999/08/08 22:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[1999/08/08 22:06:57 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\Fprun300.dll
[1999/08/08 22:06:56 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\Leaddib.drv
[1999/07/26 23:35:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\BLADEENC.DLL
[1999/07/05 04:00:00 | 000,074,729 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/05/01 08:58:02 | 000,000,606 | ---- | C] () -- C:\WINDOWS\SA3.INI
[1999/04/09 18:11:00 | 001,143,552 | ---- | C] () -- C:\WINDOWS\System32\hpftrl06.dll
[1999/04/09 18:11:00 | 000,133,760 | ---- | C] () -- C:\WINDOWS\System32\hpfdat06.dll
[1999/04/09 18:10:59 | 000,033,568 | ---- | C] () -- C:\WINDOWS\System32\hpfp9806.dll
[1999/03/21 13:35:01 | 000,001,579 | ---- | C] () -- C:\WINDOWS\MNG2.INI
[1999/01/25 07:43:02 | 000,048,235 | ---- | C] () -- C:\WINDOWS\System32\MSDNTB.DLL
[1998/12/27 21:47:59 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\mvcl13n.dll
[1998/12/26 22:40:30 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\Thumb.dll
[1998/11/18 14:09:16 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wb32lib5.dll
[1998/11/18 14:09:16 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wb32lib4.dll
[1998/09/21 21:45:03 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System32\SETUPKIT.DLL
[1998/09/04 22:56:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vkcustom.ini
[1998/09/04 22:56:42 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\VkUninst.dll
[1998/09/04 22:56:25 | 000,403,456 | ---- | C] () -- C:\WINDOWS\System32\CCTN240C.DLL
[1998/09/04 22:56:24 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\SH33W32.DLL
[1998/07/23 20:34:41 | 000,445,952 | ---- | C] () -- C:\WINDOWS\System32\repodbc.dll
[1998/07/23 20:34:41 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\REPRC.DLL
[1998/07/18 16:39:14 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[1998/06/28 21:49:08 | 000,001,129 | ---- | C] () -- C:\WINDOWS\wb98.ini
[1998/06/28 21:49:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\zdbui.ini
[1998/06/27 20:47:34 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\SWFF3250.DLL
[1998/06/25 22:34:46 | 000,000,223 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[1998/06/22 18:28:53 | 000,049,616 | ---- | C] () -- C:\WINDOWS\System32\JCB.DLL
[1998/06/22 18:28:53 | 000,048,088 | ---- | C] () -- C:\WINDOWS\System32\DSCVR.DLL
[1998/06/22 18:28:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FDECTSP.DLL
[1998/06/22 18:28:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\VDOPLSTR.DLL
[1998/06/21 22:20:36 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\S3DTKW.DLL
[1998/06/21 19:28:36 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\RASCHK32.DLL
[1998/06/21 19:28:36 | 000,013,420 | ---- | C] () -- C:\WINDOWS\System32\RASCHK16.DLL
[1998/06/21 19:28:34 | 000,080,624 | ---- | C] () -- C:\WINDOWS\System32\SH31W32.DLL
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\reputil.dll
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1998/03/19 15:13:20 | 000,019,776 | ---- | C] () -- C:\WINDOWS\System32\VMP_MM.DLL
[1998/03/19 15:13:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VCTL.INI
[1997/12/15 08:43:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/14 12:11:34 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\tsd2.dll
[1997/06/18 00:00:00 | 001,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/11/13 00:00:00 | 003,661,072 | ---- | C] () -- C:\WINDOWS\System32\MSO97RT.DLL
[1996/08/24 11:11:10 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\PRODINV.DLL
[1979/12/31 22:32:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1979/12/31 21:47:38 | 000,000,771 | ---- | C] () -- C:\WINDOWS\LXcache.ini
[1979/12/31 21:35:52 | 000,014,348 | ---- | C] () -- C:\WINDOWS\System32\ODIDLL16.DLL
[1979/12/31 21:14:16 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\inv16.dll
[1979/12/31 20:28:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\PTISTP.DLL
[1979/12/31 17:56:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[1979/12/31 17:56:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[1979/12/31 17:56:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[1979/12/31 17:56:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[1979/12/31 10:58:19 | 000,008,182 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\dw.log

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\termsrv.dll:SummaryInformation
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFDCA54
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA7184B8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:527DAC91
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >


OTL Extras logfile created on: 02/09/11 9:35:52 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Alan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 380.05 Gb Free Space | 40.80% Space Free | Partition Type: NTFS
Drive M: | 465.76 Gb Total Space | 131.72 Gb Free Space | 28.28% Space Free | Partition Type: NTFS

Computer Name: ERICKSON_PUTER | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- C:\WINDOWS\system32\RUNDLL32.EXE desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Explore_with_FileBoss] -- "C:\Program Files\FileBoss\FILEBOSS.EXE" /nosplash /o "%1" (The Utility Factory)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"80:TCP" = 80:TCP:*:Enabled:Web Server
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"8767:UDP" = 8767:UDP:*:Enabled:Teamspeak - ET
"25429:TCP" = 25429:TCP:*:Enabled:UTor
"27961:UDP" = 27961:UDP:*:Enabled:ET2
"27961:TCP" = 27961:TCP:*:Enabled:ET2-1
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPAGER.EXE" = C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\yserver.exe" = C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\MSI\i-Speeder\i-Speeder.exe" = C:\Program Files\MSI\i-Speeder\i-Speeder.exe:*:Disabled:i-Speeder -- (Micro-Star International Co.,Ltd.)
"C:\DRIVE_D\Program Files\Napster\napster.exe" = C:\DRIVE_D\Program Files\Napster\napster.exe:*:Disabled:BETA 10.3 Napster Client Application -- (Napster Inc. (www.napster.com))
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Downloads\utorrent.exe" = C:\Downloads\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe:*:Enabled:ETDED -- ()
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS0E8C\setup\HPZnet01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS0E8C\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS0E8C\setup\hponicifs01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS0E8C\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS5574\setup\HPZnet01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS5574\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS5574\setup\hponicifs01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS5574\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS415C\setup\HPZnet01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS415C\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS415C\setup\hponicifs01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS415C\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS4243\setup\HPZnet01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS4243\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS4243\setup\hponicifs01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS4243\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS27E1\setup\HPZnet01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS27E1\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS27E1\setup\hponicifs01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS27E1\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS0EB7\setup\HPZnet01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS0EB7\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS0EB7\setup\hponicifs01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS0EB7\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS2291\setup\HPZnet01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS2291\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS2291\setup\hponicifs01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS2291\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS7C09\setup\HPZnet01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS7C09\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS7C09\setup\hponicifs01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS7C09\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS6597\setup\HPZnet01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS6597\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Alan\Local Settings\Temp\7zS6597\setup\hponicifs01.exe" = C:\Documents and Settings\Alan\Local Settings\Temp\7zS6597\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\TightVNC\tvnserver.exe" = C:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server -- (GlavSoft LLC.)
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- (TightVNC Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004F0409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1 Runtime
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0212ECEC-2FEC-4C26-924E-6B3F92D569FF}" = AccusizeSetup
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.0.7.1
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B4B16C4-A553-4B42-9B75-CD67346444D0}" = XSDesigner V2
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"{11CD5162-A4B2-11D5-B4F3-FFFFFF000000}" = BSTime
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13CA4073-A66B-4F07-9491-B933018E63D2}_is1" = Moyea SWF to Video Converter Pro version 2.4.1.9
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184D95BE-B66A-4534-97E6-4C6A44032C6E}" = CoffeeCup Flash Form Builder
"{20EADC60-7AA6-49ED-8E5F-D8FBC0C677B9}" = CoffeeCup Live Chat
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235D8A8E-2F97-11D6-A551-0090278A1BB8}" = Visual FoxPro 8.0 Baseline - English
"{235D8A94-2F97-11D6-A551-0090278A1BB8}" = Visual FoxPro 8.0 Professional - English
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{239AB56F-C2CB-4DF5-B935-7D739623D56F}" = CoffeeCup Flash Password Wizard
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2545228C-6A70-4A01-B936-6DA77984D298}" = Acronis True Image Workstation
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B8AEEF8-8104-45E3-9A5C-521E8E6A6490}" = Bridge Baron 17
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000 SR-1
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2F30A886-DC9F-4C4D-8CE5-124388C82943}" = Microsoft Network Guide
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4915A273-16A5-42E7-B258-65BD92862D2E}_is1" = Genie Backup Manager Pro 8.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}" = Hallmark Card Studio 2007 Deluxe
"{5F02B41E-F3CD-4806-B90D-ED69BA29FECB}" = WORDsearch Fonts
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.0 PRO
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64678DB1-3475-4674-80AD-4C07C4295A9B}_is1" = FLV to AVI 1.2
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65980EBF-C4B5-4555-823A-94DB7F709E53}" = Secure Online Account Numbers
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6BDE68AC-E1A3-4591-8E37-C95BF278EDF5}" = VetPacsLite 2006
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7029D123-6CF0-4414-A3B2-4B3B99B21E59}" = e-Sword
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{741849D8-E8D9-49CF-B373-0D7507ED0A56}" = Event Planner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FFEC889-BACE-4EE5-BC92-968FBE547AC4}" = Singing Coach
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81CFDC81-A76D-4098-A8A8-D2BC21340D51}" = Bible Mapper 3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
"{871EFABF-ED09-42A0-8C4C-000000000003}" = Omar Sharif Bridge II
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{888B3583-C689-44FD-9573-DAB8B7F8A0AA}" = MapSource - MetroGuide USA
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8B0A877E-5ADB-44FE-8EA8-82D1B59386A5}" = TodayAgenda
"{8BA676DE-6239-4D76-941A-C7B9A1501735}" = CoffeeCup RSS News Flash
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90500409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{942E0955-C67C-474C-8D4E-63C23E93C13A}" = BibleWorks 7
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94FB0978-D094-40C7-91D7-834D39220D4A}" = Crystal Reports XI Release 2
"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}" = Google Gears
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9877BCD9-6698-4951-AE19-D5F398D83D5A}" = Dassault Systemes Software Prerequisites x86
"{991C5595-5151-4D70-B6CC-90633AC69076}" = HP Wireless Printer Adapter
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B9D800B-98E6-4755-A49F-956693818721}" = Panasonic USB Storage Driver
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}" = AvantGo Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC9354BD-AAC0-41A4-B4EB-55AF30B6E068}" = World Clock Sync
"{ADF98CF7-1458-412F-976F-BF761A26F2A0}" = Alohabob PC Relocator Ultra Control
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B15F6758-D185-4377-9F3A-7B30B03E9A97}" = MSI DigiCell
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4572608-DFF7-4E77-A8DD-D814DB87787A}" = CoffeeCup Flash Button Factory
"{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
"{B550D1C2-13FE-4F1E-AEAB-9AF26CF3506D}" = Buzzsaw-S
"{B5C24E20-E776-4E5C-8EAD-CA5B7B895848}" = Hallmark Card Studio 2 Standard
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks 2005 Premier
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BEB3C5A8-CC2C-422E-A14A-3074AC17ED81}" = CoffeeCup Flash Website Search
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}" = Garmin USB Drivers
"{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6E44C01-0DF8-465D-A6C0-F8B1159CBBB1}" = Garmin Communicator Plugin
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA20D7B8-BA4F-466A-8402-579DAAB350E0}" = PHM Pocket PC PowerToys
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CAC69CB7-BC77-48C4-8C50-BF8C08A7BB2A}" = ChromeMailer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC964932-75AE-4C79-8EBF-865C799C3D35}" = Network Magic
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE428642-5112-49AC-B08F-D87DA8392FD2}" = Garmin MapSource
"{D0A79B0C-1099-4361-84E2-CF8122114D29}" = MegaPing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = HP Wireless Adapter
"{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}" = EPSON PhotoCenter
"{D2D94FFA-1CB5-488F-85CA-1A1D94CFFCC3}" = Virtual Earth - 3DVIA (Technology Preview)
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E138D4AD-B18B-455C-ABB5-567D44DB6A24}" = RESFEN 5.0
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E258A840-7E9A-443A-B156-67102C48BF17}" = TPP Storage Driver Installation
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E7139249-8631-4E4E-ADDE-DBBF2D770E0F}" = PC Backup Lite
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Multi-Card Reader/Writer
"{EA4E8AB8-B48F-467B-A202-10AD74EE97FB}" = Brother HL-2070N
"{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F}" = Free JavaScript Editor 4.7
"{EC90EAE9-0E03-44A1-BF36-0B670B8B8E19}" = CoffeeCup Direct FTP
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{ED386A62-2BA2-4544-A723-5DFFDC283F6A}" = Mobipocket Reader 6.0
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EECDDEA0-DB76-4488-8E52-0EF1DF63700A}" = Microsoft IntelliPoint 5.4
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F079BE74-5545-4C5F-B947-708A6F194645}" = VisualRoute 2010
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2A69CA0-8BBF-4404-BA68-DB79A3548E34}" = PCStitch 7
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F3EC0C60-5B0F-4EBC-A1CC-83B4554EA248}" = Microangelo Toolset 6
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6A6517B-F80D-4A48-B1E7-984B84A06E50}" = Serato Scratch LIVE by Rane
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F81B7B81-6458-4A38-A261-BC163E16EB8B}" = DirMS-S
"{F84DCD57-20AB-4E22-8892-2F88FAF76702}" = Google Web Accelerator
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"1999 TurboTax Deluxe" = 1999 TurboTax Deluxe
"2000 TurboTax Deluxe" = 2000 TurboTax Deluxe
"4264EB8698BC18BF27D0CE835379C57124AD2B98" = Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (02/08/2007 4.1.7039.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"77DC33BA594917395D7B0FB0ECCE284BF207C1F7" = Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (02/08/2007 4.1.7039.0)
"AAA Map'n'Go 5.0" = AAA Map'n'Go 5.0
"AAA Map'n'Go 5.0 Extractor" = AAA Map'n'Go 5.0 Extractor
"AAA Map'n'Go 6.0" = AAA Map'n'Go 6.0
"AAA Map'n'Go 6.0 Extractor" = AAA Map'n'Go 6.0 Extractor
"AAC" = AAC
"AC3" = AC3
"Active@ Partition Recovery Enterprise" = Active@ Partition Recovery Enterprise
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.1 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"Amazon Kindle For PC" = Amazon Kindle For PC
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.6
"Applet Navigation Factory" = Applet Navigation Factory
"ArcSoft Camera Studio" = ArcSoft Camera Studio
"Artisteer 2" = Artisteer 2
"Ask Toolbar_is1" = Ask Toolbar
"ASPS 2.0" = ASPS 2.0
"Audacity_is1" = Audacity 1.2.6
"AudioStation2" = Voyetra AudioStation2
"Autodesk MapGuide Viewer ActiveX Control" = Autodesk MapGuide Viewer ActiveX Control
"AutoGK" = Auto Gordian Knot 2.27
"AveryWiz10" = Avery Wizard 1.0
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Azureus" = Azureus
"Babylon" = Babylon
"BatteryStatus (Chi-Tai Dang)" = BatteryStatus (Chi-Tai Dang)
"BatteryStatus Advanced (Chi-Tai Dang)" = BatteryStatus Advanced (Chi-Tai Dang)
"BCD98" = Britannica CD 98
"Beagle Software ClockWatch Support Files" = Beagle Software ClockWatch Support Files
"Bible Explorer Bible Downloadable Edition" = Bible Explorer Bible Downloadable Edition
"Bink and Smacker" = Bink and Smacker
"Bogglev1" = Boggle
"Bookshelf98" = Microsoft Bookshelf 1998 (Remove ONLY)
"Canon Web Publisher" = Canon Web Publisher
"CD / DVD Spindle Search Plugin" = CD / DVD Spindle Search Plugin 1.2.2
"CDPhotoDeinstKey" = ColorDesk Photo
"Celestia_is1" = Celestia 1.4.0
"cFosSpeed" = cFosSpeed v4.22
"cGPSmapper Free_is1" = cGPSmapper Free 0092
"CheckIt Diagnostics" = CheckIt Diagnostics
"Click'N Design 3D" = Click'N Design 3D
"Click'N Design 3D Textures" = Click'N Design 3D Textures
"ClipCache" = ClipCache
"COA2" = COA2
"CoffeeCup Flash Blogger - Registered" = CoffeeCup Flash Blogger - Registered
"CoffeeCup Flash Form Builder - Registered" = CoffeeCup Flash Form Builder - Registered
"CoffeeCup Flash Photo Gallery - Registered" = CoffeeCup Flash Photo Gallery - Registered
"CoffeeCup GIF Animator" = CoffeeCup GIF Animator
"CoffeeCup Google SiteMapper" = CoffeeCup Google SiteMapper
"CoffeeCup HTML Editor 2006" = CoffeeCup HTML Editor 2006
"CoffeeCup Image Mapper" = CoffeeCup Image Mapper
"CoffeeCup MP3 Rip & Burn_is1" = CoffeeCup MP3 Rip & Burn
"CoffeeCup PC TuneUp Pro" = CoffeeCup PC TuneUp Pro
"CoffeeCup PixConverter" = CoffeeCup PixConverter
"CoffeeCup StyleSheet Maker" = CoffeeCup StyleSheet Maker
"CoffeeCup VisualSite Designer" = CoffeeCup VisualSite Designer
"CoffeeCup Web JukeBox - Registered" = CoffeeCup Web JukeBox - Registered
"CoffeeCup WebCam 3.5" = CoffeeCup WebCam 3.5
"ColorStoreDeInstallKey" = ColorStore
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cookie Editor_is1" = Cookie Editor 1.9.1.469
"CookieCop" = CookieCop
"Core Center" = Core Center
"CreataCard Special Edition - Canon 2" = CreataCard Special Edition - Canon 2
"CS30DeinstKey" = CompuServe 4.0.2
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DAO 3.5" = DAO 3.5
"Data Access Objects (DAO)" = Data Access Objects (DAO) 3.0
"DataDisc 98.2" = DataDisc 98.2
"DesignEssentialsDeInstall" = Design Essentials
"Diamond CD Installer" = Diamond CD Installer
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"Digital Media Converter_is1" = Digital Media Converter 2.7
"DiscPlay 4" = DiscPlay 4
"Down2Home" = Down2Home
"Download Manager" = Download Manager 2.3.6
"Drive Image" = Drive Image
"DriveCopy 2.0" = DriveCopy 2.00
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.5.0
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"DVDFab 7_is1" = DVDFab 7.0.6.7 (30/05/2010)
"DVDFab Platinum_is1" = DVDFab Platinum 3.0.8.6
"DynDNS Updater_is1" = DynDNS Updater 3.1
"E.M. Magic Swf2Avi 2008_is1" = E.M. Magic Swf2Avi 2008 build 5.2.10.115
"Easy BridgeDeinstall" = Easy Bridge
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 1.5.1
"Easy Save Flash 1.41" = Easy Save Flash 1.41
"Easycab v9.0_is1" = Easycab v9.0
"EasyHex Hex Editor_is1" = EasyHex Hex Editor 1.13
"EPOC Connect" = EPOC Connect
"Excel Key" = Excel Key 7.5 Demo
"Family Tree Maker" = Family Tree Maker 6.0
"FavOrg" = FavOrg
"FE-SizerVersion3.0" = FE-Sizer Version 3.0
"ffdshow_is1" = ffdshow v1.1.3476 [2010-06-15]
"FFMPEG" = FFMPEG
"FileBoss_is1" = FileBoss 1.700
"FileTip" = FileTip
"FileZilla Client" = FileZilla Client 3.3.5.1
"FL 2001 Registration" = FL 2001 Registration
"Flash Saver" = Flash Saver
"FlashCapture" = FlashCapture v2.1.0.1163
"FreeEDGAR" = FreeEDGAR
"FreeProxy/FreeWeb_is1" = FreeProxy version 3.92
"FrRefEng" = French Spelling Settings
"Gallery Remote" = Gallery Remote
"GameTracker Lite" = GameTracker Lite
"GetASFStream" = GetASFStream
"GoodMEM" = GoodMEM
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GRE POWERPREP" = GRE POWERPREP
"Hamachi" = Hamachi 1.0.3.0
"HCC Lite" = HCC Lite
"HiDownload" = HiDownload
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HTMLKit_is1" = HTML-Kit
"HVAC-Calc" = HVAC-Calc
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.6.1 Q16_is1" = ImageMagick 6.6.1-5 Q16 (2010-05-01)
"ImgBurn" = ImgBurn (Remove Only)
"InCD!UninstallKey" = InCD
"InfoView" = InfoView
"InstallShield for Microsoft Visual C++ 6" = InstallShield for Microsoft Visual C++ 6
"InstallShield_{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{7FFEC889-BACE-4EE5-BC92-968FBE547AC4}" = Singing Coach
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{ADF98CF7-1458-412F-976F-BF761A26F2A0}" = Alohabob PC Relocator Ultra Control
"InstallShield_{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB
"InstallShield_{E7139249-8631-4E4E-ADDE-DBBF2D770E0F}" = PC Backup Lite
"IntelliCAD 98" = IntelliCAD 98
"Intellisync for Jump!" = Intellisync for Jump!
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"ISA Clip Symbols" = ISA Clip Symbols
"IsoBuster_is1" = IsoBuster 2.5
"i-Speeder" = i-Speeder
"Jeff Gordon® XS Racing ™" = Jeff Gordon® XS Racing ™
"JRE 1.1" = Java Runtime Environment 1.1
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LaunchPad 1.6" = LaunchPad 1.6
"LHTTSENG" = L&H TTS3000 British English
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Locked Programs" = Locked Programs
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MadOnion.com/3DMark2000" = MadOnion.com/3DMark2000
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR14SP3" = MATLAB 7.1
"Matrikon OPC Server for Genie" = Matrikon OPC Server for Genie
"McGraw-Hill Dictionary of Engineering" = McGraw-Hill Dictionary of Engineering (remove only)
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Interactive Training" =
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"MidContinent PL Player_is1" = PermissionTV MidContinent PL Player 3.15
"Money2006a" = MSN Money Investment Toolbox
"MooreGames" = MooreGames
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MRW!UninstallKey" = InCD Reader
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"MSI Live Update 3" = MSI Live Update 3
"Music Catalogue Master" = Music Catalogue Master
"Music Label 98" = Music Label 98
"MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"MyChurch Administrator" = MyChurch Administrator
"MyChurch Viewer" = MyChurch Viewer
"Napster v2.0 BETA 10.3" = Napster v2.0 BETA 10.3
"Napster v2.0 BETA 6" = Napster v2.0 BETA 6
"National Fire Protection Association NECH 1999" = National Fire Protection Association NECH 1999
"NeoTrace Express 3.25" = NeoTrace Express 3.25
"NeoTrace Pro 3.25" = NeoTrace Pro 3.25
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = Nero Digital
"NetAlyzer_is1" = NetAlyzer 0.3
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"Notepad++" = Notepad++
"NoteWorthy Composer" = NoteWorthy Composer
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NXPowerLite 2.3.1" = NXPowerLite 2.3.1 (All Users)
"ohmyGolf" = ohmyGolf
"OneTouch Version 3.0" = OneTouch Version 3.0
"OpenDNS Updater" = OpenDNS Updater 2.2
"Orionic" = Orionic
"OziExplorer 3.95_is1" = OziExplorer 3.95
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Identity Protect" = Panda Identity Protect 3.0.45
"panda2_0dn" = Panda Security Toolbar URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"PaperPort 7.02" = PaperPort 7.02
"PC Magazine's Top 100s as Internet Explorer Favorites_is1" = PC Magazine's Top 100s as Internet Explorer Favorites
"PC Study Bible" = PC Study Bible (remove only)
"PCHealth" =
"PCMagazineBackIssueDBUninstallKey" = PC Magazine Back Issue DB
"PCMagazineUninstallKey" = PC Magazine Extra
"PCSleek Free Error Cleaner_is1" = PCSleek Free Error Cleaner 2.05
"PDAmill Number Cruncher for PocketPC" = PDAmill Number Cruncher for PocketPC
"PE Builder_is1" = PE Builder 3.1.10a
"PerformanceTest_is1" = PerformanceTest v5.0
"PermissionTV Download Manager_is1" = PermissionTV Download Manager
"Personal Ancestral File® Version 4.0" = Personal Ancestral File® Version 4.0
"PhotoRescue PC_is1" = PhotoRescue PC v3.1.3.10708
"Picasa 3" = Picasa 3
"PictureGear 4.1Lite" = PictureGear 4.1Lite
"Ping Plotter" = Ping Plotter
"Popfix" = Popfix
"PowerISO" = PowerISO
"PrintKey2000" = PrintKey2000
"Privoxy" = Privoxy (remove only)
"PTS- AudioCD MP3-Studio" = PTS-AudioCD MP3-Studio
"Punch! Home Design - Platinum" = Punch! Home Design - Platinum
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"QuickSite Family Edition" = QuickSite Family Edition
"QuicktimePluginDeinstallKey" = Quicktime Browser Plug-In
"RAISE ABECAD Clipboard" = RAISE ABECAD Clipboard
"RealTimeWindowsTarget" = Real-Time Windows Target
"RegCure" = RegCure 1.5.0.1
"Registry Mechanic_is1" = Registry Mechanic 5.2
"RegRun Security Suite_is1" = RegRun Security Suite Platinum
"Replay Converter 3" = Replay Converter 3
"Replay_AV_807" = Replay AV 8
"Replay_Converter_1" = Replay Converter 2.8
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"RPADeinstKey" = Virtual Key
"Sa3DeinstKey" = Street Atlas USA
"san_std_un" = SiSoft Sandra 2001te Standard
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"SBC Yahoo! DSL Activation" = SBC Yahoo! DSL Activation
"science" = Science Smart
"SecureDoc" = SecureDoc
"Serif 100,000 Deluxe Graphics Pack" = Serif 100,000 Deluxe Graphics Pack
"Shockmachine" = Shockmachine
"SKTools Lite" = SKTools Lite
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SnadBoy's Revelation" = SnadBoy's Revelation
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"SoftICE" = NuMega SoftICE
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST5UNST #1" = SEACalc
"ST6UNST #1" = Flow Consultant
"StampPDF2.7" = StampPDF2.7
"Startup Cop" = Startup Cop
"State CD Installer" = State CD Installer
"Stock Analyzer" = Stock Analyzer
"Stock Analyzer_is1" = Stock Analyzer Version 4.0d
"StockAV3" = Stock Analyzer
"Street Atlas USA 6.0" = Street Atlas USA 6.0
"Street Atlas USA 8.0" = Street Atlas USA 8.0
"SUPER ©" = SUPER © Version 2007.bld.22 (Mar 14, 2007)
"SymSetup.{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks 2005 Premier (Symantec Corporation)
"SyncIT" = SyncIT Bookmark Synchronizer
"SystemRequirementsLab" = System Requirements Lab
"TapIsland" = TapIsland
"TaxACT 2003" = TaxACT 2003
"TaxACT 2004" = TaxACT 2004
"TaxACT 2005" = TaxACT 2005
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Kansas" = TaxACT 2008 Kansas
"TaxACT 2008 Missouri" = TaxACT 2008 Missouri
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Missouri" = TaxACT 2009 Missouri
"TaxACT Kansas 2003" = TaxACT Kansas 2003
"TaxACT Kansas 2004" = TaxACT Kansas 2004
"TaxACT Kansas 2005" = TaxACT Kansas 2005
"TaxACT Kansas 2006" = TaxACT Kansas 2006
"TaxACT Kansas 2007" = TaxACT Kansas 2007
"TaxACT Missouri 2003" = TaxACT Missouri 2003
"TaxACT Missouri 2004" = TaxACT Missouri 2004
"TaxACT Missouri 2005" = TaxACT Missouri 2005
"TaxACT Missouri 2006" = TaxACT Missouri 2006
"TaxACT Missouri 2007" = TaxACT Missouri 2007
"TCPMP" = TCPMP
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Texas Hold'em Video Poker_is1" = VPHoldem version 1.0.103
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"TightVNC" = TightVNC 2.0.2
"TomeRaider3" = TomeRaider3
"TomeRaider3_is1" = TomeRaider3 v3.3.5
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"TPP200" = USB Storage Adapter V2 (TPP)
"TPP300" = USB Storage Adapter V3 (TPP)
"TPP725" = USB Storage Adapter (TPP)
"TripMaker" = Rand McNally TripMaker SE 1999
"TTInstallerDeinstKey" = TrueType Font Installer
"Tweak UI 2.10" = Tweak UI
"Ulead Photo Express JR 3.0" = Ulead Photo Express 3.0
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Unlocker" = Unlocker 1.8.7
"unMapngo2" = AAA Map'n'Go 2.0
"USA TODAY MileTracker" = USA TODAY MileTracker
"USB Memory Stick Reader V1.02" = Lexar USB Memory Stick Reader
"Verity Publications" = Verity Publishing Products
"VideoCacheView" = VideoCacheView
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual FoxPro 8.0 Professional - English" = Microsoft Visual FoxPro 8.0 Professional - English
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualRoute Lite Edition" = VisualRoute Lite Edition
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VobSub" = VobSub v2.23 (Remove Only)
"VuePrint" = VuePrint
"Vuze" = Vuze
"W3e 2000" = W3e 2000
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebAnswer" = Back-Issue Database
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WebRecordDeinstallKey" = Canon WebRecord
"WebWasher" = WebWasher
"What's Running_is1" = What's Running 2.2
"WIC" = Windows Imaging Component
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"WinBatch" = WinBatch
"WinBench 98" = WinBench 98
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows Registry Guide_is1" = Windows Registry Guide 2003
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.1
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wireshark" = Wireshark 0.99.6a
"WMFDist11" = Windows Media Format 11 runtime
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"WORDsearch Fonts" = WORDsearch Fonts
"WordSmt" = Word Smart
"xampp" = XAMPP 1.7.1
"XLViewer97" = Microsoft Excel Viewer 97
"XSForms LT" = XSForms LT
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ExeIco" = ExeIco (remove only)
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Spoon Sandbox Manager 3.24" = Spoon Sandbox Manager 3.24

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/07/11 6:13:27 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application hpqste08.exe, version 70.0.170.0, faulting module
unknown, version 0.0.0.0, fault address 0x008dc0da.

Error - 02/07/11 6:57:53 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 02/07/11 10:14:14 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 02/07/11 10:26:56 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 02/07/11 10:34:44 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 02/08/11 11:14:55 AM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 02/08/11 11:28:08 AM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 02/09/11 10:33:02 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 02/09/11 11:25:03 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 02/09/11 11:25:58 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 02/09/11 11:23:26 PM | Computer Name = ERICKSON_PUTER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 02/09/11 11:23:26 PM | Computer Name = ERICKSON_PUTER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 02/09/11 11:23:26 PM | Computer Name = ERICKSON_PUTER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 02/09/11 11:23:26 PM | Computer Name = ERICKSON_PUTER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 02/09/11 11:23:26 PM | Computer Name = ERICKSON_PUTER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 02/09/11 11:23:27 PM | Computer Name = ERICKSON_PUTER | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 02/09/11 11:24:05 PM | Computer Name = ERICKSON_PUTER | Source = Service Control Manager | ID = 7000
Description = The Digital Camera(Video) Device service failed to start due to the
following error: %%2

Error - 02/09/11 11:24:05 PM | Computer Name = ERICKSON_PUTER | Source = Service Control Manager | ID = 7000
Description = The Suite Service service failed to start due to the following error:
%%2

Error - 02/09/11 11:25:28 PM | Computer Name = ERICKSON_PUTER | Source = Service Control Manager | ID = 7022
Description = The Panda Cloud Antivirus Service service hung on starting.

Error - 02/09/11 11:25:50 PM | Computer Name = ERICKSON_PUTER | Source = Service Control Manager | ID = 7000
Description = The SjyPkt service failed to start due to the following error: %%2


< End of report >

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:10 AM

Posted 10 February 2011 - 11:55 AM

Hi-

Thanks for the logs. It took awhile to get thru them, but you definitely have some infections and one was a backdoor trojan. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleanup -

First, please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your reply, please copy in the TDSSKiller and the ComboFix reports. Also, let me know how your computer is doing now.
Shannon

#5 agerickson

agerickson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 10 February 2011 - 05:51 PM

ComboFix 11-02-09.05 - Alan 02/10/11 16:16:42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2489 [GMT -6:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alan\Application Data\Desktopicon
c:\documents and settings\Alan\Application Data\Desktopicon\config.ini
c:\documents and settings\Alan\Recent\Chiefs Game.lnk (invalid)
C:\ipconfig.txt
C:\readme.txt
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\Temp
c:\windows\MailSwitch.ocx
c:\windows\patch.exe
c:\windows\ST6UNST.000
c:\windows\system32\_005389_.tmp.dll
c:\windows\system32\_005390_.tmp.dll
c:\windows\system32\_005391_.tmp.dll
c:\windows\system32\_005392_.tmp.dll
c:\windows\system32\_005398_.tmp.dll
c:\windows\system32\_005399_.tmp.dll
c:\windows\system32\_005400_.tmp.dll
c:\windows\system32\_005401_.tmp.dll
c:\windows\system32\_005402_.tmp.dll
c:\windows\system32\_005403_.tmp.dll
c:\windows\system32\_005404_.tmp.dll
c:\windows\system32\_005405_.tmp.dll
c:\windows\system32\_005406_.tmp.dll
c:\windows\system32\_005407_.tmp.dll
c:\windows\system32\_005408_.tmp.dll
c:\windows\system32\_005409_.tmp.dll
c:\windows\system32\_005410_.tmp.dll
c:\windows\system32\_005411_.tmp.dll
c:\windows\system32\_005412_.tmp.dll
c:\windows\system32\_005413_.tmp.dll
c:\windows\system32\_005414_.tmp.dll
c:\windows\system32\_005415_.tmp.dll
c:\windows\system32\_005416_.tmp.dll
c:\windows\system32\_005417_.tmp.dll
c:\windows\system32\_005418_.tmp.dll
c:\windows\system32\_005419_.tmp.dll
c:\windows\system32\_005420_.tmp.dll
c:\windows\system32\_005421_.tmp.dll
c:\windows\system32\_005422_.tmp.dll
c:\windows\system32\_005423_.tmp.dll
c:\windows\system32\_005424_.tmp.dll
c:\windows\system32\_005425_.tmp.dll
c:\windows\system32\_005426_.tmp.dll
c:\windows\system32\_005427_.tmp.dll
c:\windows\system32\_005428_.tmp.dll
c:\windows\system32\_005429_.tmp.dll
c:\windows\system32\_005430_.tmp.dll
c:\windows\system32\_005431_.tmp.dll
c:\windows\system32\_005432_.tmp.dll
c:\windows\system32\_005433_.tmp.dll
c:\windows\system32\_005434_.tmp.dll
c:\windows\system32\_005435_.tmp.dll
c:\windows\system32\_005436_.tmp.dll
c:\windows\system32\_005437_.tmp.dll
c:\windows\system32\_005438_.tmp.dll
c:\windows\system32\_005439_.tmp.dll
c:\windows\system32\_005440_.tmp.dll
c:\windows\system32\_005441_.tmp.dll
c:\windows\system32\_005442_.tmp.dll
c:\windows\system32\_005443_.tmp.dll
c:\windows\system32\_005444_.tmp.dll
c:\windows\system32\_005446_.tmp.dll
c:\windows\system32\_005447_.tmp.dll
c:\windows\system32\_005448_.tmp.dll
c:\windows\system32\_005449_.tmp.dll
c:\windows\system32\_005450_.tmp.dll
c:\windows\system32\_005452_.tmp.dll
c:\windows\system32\_005453_.tmp.dll
c:\windows\system32\_005454_.tmp.dll
c:\windows\system32\_005455_.tmp.dll
c:\windows\system32\_005456_.tmp.dll
c:\windows\system32\_005457_.tmp.dll
c:\windows\system32\_005458_.tmp.dll
c:\windows\system32\_005459_.tmp.dll
c:\windows\system32\_005460_.tmp.dll
c:\windows\system32\_005462_.tmp.dll
c:\windows\system32\_005463_.tmp.dll
c:\windows\system32\_005464_.tmp.dll
c:\windows\system32\_005465_.tmp.dll
c:\windows\system32\_005467_.tmp.dll
c:\windows\system32\_005468_.tmp.dll
c:\windows\system32\_005469_.tmp.dll
c:\windows\system32\_005470_.tmp.dll
c:\windows\system32\_005472_.tmp.dll
c:\windows\system32\_005473_.tmp.dll
c:\windows\system32\_005474_.tmp.dll
c:\windows\system32\_005475_.tmp.dll
c:\windows\system32\_005476_.tmp.dll
c:\windows\system32\_005478_.tmp.dll
c:\windows\system32\_005479_.tmp.dll
c:\windows\system32\_005480_.tmp.dll
c:\windows\system32\_005481_.tmp.dll
c:\windows\system32\_005482_.tmp.dll
c:\windows\system32\_005483_.tmp.dll
c:\windows\system32\_005484_.tmp.dll
c:\windows\system32\_005485_.tmp.dll
c:\windows\system32\_005486_.tmp.dll
c:\windows\system32\_005487_.tmp.dll
c:\windows\system32\_005488_.tmp.dll
c:\windows\system32\_005489_.tmp.dll
c:\windows\system32\_005490_.tmp.dll
c:\windows\system32\_005491_.tmp.dll
c:\windows\system32\_005492_.tmp.dll
c:\windows\system32\_005493_.tmp.dll
c:\windows\system32\_005495_.tmp.dll
c:\windows\system32\_005496_.tmp.dll
c:\windows\system32\_005497_.tmp.dll
c:\windows\system32\_005498_.tmp.dll
c:\windows\system32\_005500_.tmp.dll
c:\windows\system32\_005501_.tmp.dll
c:\windows\system32\_005502_.tmp.dll
c:\windows\system32\_005503_.tmp.dll
c:\windows\system32\_005505_.tmp.dll
c:\windows\system32\_005506_.tmp.dll
c:\windows\system32\_005507_.tmp.dll
c:\windows\system32\_005508_.tmp.dll
c:\windows\system32\_005509_.tmp.dll
c:\windows\system32\_005511_.tmp.dll
c:\windows\system32\_005512_.tmp.dll
c:\windows\system32\_005513_.tmp.dll
c:\windows\system32\_005514_.tmp.dll
c:\windows\system32\_005515_.tmp.dll
c:\windows\system32\_005516_.tmp.dll
c:\windows\system32\_005517_.tmp.dll
c:\windows\system32\_005518_.tmp.dll
c:\windows\system32\_005520_.tmp.dll
c:\windows\system32\_005521_.tmp.dll
c:\windows\system32\_005522_.tmp.dll
c:\windows\system32\_005523_.tmp.dll
c:\windows\system32\_005524_.tmp.dll
c:\windows\system32\_005526_.tmp.dll
c:\windows\system32\_005527_.tmp.dll
c:\windows\system32\_005531_.tmp.dll
c:\windows\system32\_005532_.tmp.dll
c:\windows\system32\_005534_.tmp.dll
c:\windows\system32\_005535_.tmp.dll
c:\windows\system32\_005536_.tmp.dll
c:\windows\system32\_005537_.tmp.dll
c:\windows\system32\_005539_.tmp.dll
c:\windows\system32\_005541_.tmp.dll
c:\windows\system32\_005542_.tmp.dll
c:\windows\system32\_005545_.tmp.dll
c:\windows\system32\_005546_.tmp.dll
c:\windows\system32\_005547_.tmp.dll
c:\windows\system32\_005548_.tmp.dll
c:\windows\system32\_005549_.tmp.dll
c:\windows\system32\_005554_.tmp.dll
c:\windows\system32\_005556_.tmp.dll
c:\windows\system32\_005557_.tmp.dll
c:\windows\system32\Data
c:\windows\system32\devmgr32.dll
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\Smab.dll
c:\windows\system32\spool\prtprocs\w32x86\Ppbiproc.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\wl.exe
c:\windows\wiaserviv.log
c:\windows\XSxS
M:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.

2011-02-08 15:45 . 2011-02-08 15:45 -------- d-----w- c:\program files\Magical Jelly Bean
2011-02-08 00:08 . 2011-02-08 00:08 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-02-07 22:15 . 2011-02-07 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-15 17:13 . 2011-01-15 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-15 17:13 . 2011-01-15 17:13 -------- d-----w- c:\documents and settings\Alan\Application Data\SUPERAntiSpyware.com
2011-01-15 17:12 . 2011-02-08 02:14 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 01:56 . 2007-08-24 14:55 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-10 01:56 . 2009-06-30 13:08 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-10 01:56 . 2007-11-29 19:55 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-08 23:57 . 2007-11-29 19:55 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-07 21:41 . 2009-01-29 04:22 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2011-01-21 14:44 . 2008-08-29 03:45 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-08-29 03:45 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-02 00:45 . 2007-08-24 14:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-31 13:10 . 2009-01-29 04:22 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-08-29 03:45 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 00:09 . 2010-08-15 03:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-08-15 03:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2005-09-13 21:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2005-09-13 21:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2005-09-13 21:53 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2009-01-29 04:22 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-08-29 03:47 385024 ----a-w- c:\windows\system32\html.iec
2010-12-17 00:39 . 2010-12-17 00:39 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl
2010-12-17 00:12 . 2010-12-17 00:12 113096 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2010-12-17 00:12 . 2010-12-17 00:12 111944 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2010-12-17 00:12 . 2010-12-17 00:12 130376 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2010-12-17 00:12 . 2010-12-17 00:12 97352 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2010-12-17 00:12 . 2010-12-17 00:12 141768 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2010-12-09 15:15 . 2009-01-29 04:22 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2009-01-29 04:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2009-01-29 04:22 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2009-01-29 04:22 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 18:21 . 2010-11-24 18:21 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-18 18:12 . 2008-08-29 03:45 81920 ----a-w- c:\windows\system32\isign32.dll
2006-02-15 18:19 . 2006-02-15 18:19 774144 ----a-w- c:\program files\RngInterstitial.dll
2004-07-30 14:56 . 2008-12-16 17:19 90112 ----a-w- c:\program files\Common Files\PCSBclean.exe
2004-07-26 20:30 . 2008-12-16 17:19 291840 ----a-w- c:\program files\Common Files\PCSBoff.exe
2001-10-05 16:53 . 2007-04-09 14:06 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll
2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2010-08-24 06:37 . 2009-12-05 19:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31744 --sha-r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-11-02 14:03 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-11-02 86696]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB2.dll" [2010-10-18 3908192]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-17 00:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-17 00:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-15 1961984]
"Regrun2"="c:\progra~1\Greatis\REGRUN~1\WatchDog.exe" [2008-07-14 356864]
"Registry"="c:\program files\Greatis\RegRunSuite\lsoon.exe" [2008-07-14 390656]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2005-11-09 69632]
"Dit"="Dit.exe" [2003-05-19 81920]
"ICSDCLT"="c:\windows\system32\icsdclt.dll" [2001-08-18 130560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2001-10-05 118784]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2006-07-21 1106528]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageWorkstation\TimounterMonitor.exe" [2006-07-21 1848155]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-07-21 126976]
"HPWireless"="c:\program files\HP Wireless Adapter\HPWLAN.exe" [2006-10-05 618496]
"RegRun WinBait"="c:\windows\winbait.exe" [2000-12-13 16384]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2009-07-16 692340]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"Panda Security Toolbar Antiphishing"="c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-12-08 223400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-24 30192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-17 423232]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2010-11-17 329096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Alan\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-8-28 625952]
lock.lnk - c:\windows\system32\rundll32.exe [2008-8-28 33280]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2005-3-24 869376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
connection manager.lnk - c:\program files\HP Wireless Printer Adapter\ConnectMgr.exe [2008-11-12 1122304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\program files\Greatis\RegRunSuite\RRShell.dll" [2004-11-02 368711]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^Gmail.url]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\Gmail.url
backup=c:\windows\pss\Gmail.urlStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^Norton Disk Doctor.LNK]
backup=c:\windows\pss\Norton Disk Doctor.LNKStartup
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\Norton Disk Doctor.LNK

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^Outlook Express.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\Outlook Express.lnk
backup=c:\windows\pss\Outlook Express.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^Tubes.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\Tubes.lnk
backup=c:\windows\pss\Tubes.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^WinTidy.lnk]
backup=c:\windows\pss\WinTidy.lnkStartup
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\WinTidy.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Alan^Start Menu^Programs^Startup^ZDWlan.lnk]
path=c:\documents and settings\Alan\Start Menu\Programs\Startup\ZDWlan.lnk
backup=c:\windows\pss\ZDWlan.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk
backup=c:\windows\pss\CoreCenter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DigiCell.lnk]
backup=c:\windows\pss\DigiCell.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Down2Home.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Down2Home.lnk
backup=c:\windows\pss\Down2Home.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk
backup=c:\windows\pss\Event Planner Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureDoc.lnk]
backup=c:\windows\pss\SecureDoc.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SecureDoc.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWlan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ZDWlan.lnk
backup=c:\windows\pss\ZDWlan.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
2006-03-20 19:43 331776 ----a-w- c:\program files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2008-09-01 18:59 3563232 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2005-12-27 20:54 48800 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
2008-06-25 15:32 867544 ----a-r- c:\program files\cFosSpeed\cfosspeed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameTracker]
2009-04-29 16:50 2719232 ----a-w- c:\program files\GameTracker\GTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-26 21:13 1207080 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2007-03-05 21:57 1103480 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2006-11-01 06:04 321088 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
2004-11-22 23:20 1126400 ----a-w- c:\program files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2002-05-28 14:16 86016 ----a-w- c:\program files\Visioneer OneTouch\OneTouchMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Updater]
2009-11-16 19:58 839168 ----a-w- c:\program files\OpenDNS Updater\OpenDNSUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenBillminder]
2007-05-07 19:17 25128 ----a-w- c:\program files\quickenw\billmind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\drive_d\Program Files\quicktime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure Online Account Numbers]
2007-02-02 23:11 233472 ----a-w- c:\progra~1\Discover\SOAN\SOAN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 10:42 577536 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-17 10:00 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2003-07-11 19:51 57344 ----a-w- c:\program files\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
2005-04-23 01:49 397312 ----a-w- c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Norton Ghost"=2 (0x2)
"GBPoll"=2 (0x2)
"matlabserver"=2 (0x2)
"BITS"=3 (0x3)
"SSDPSRV"=3 (0x3)
"SolutoService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CyberMedia Agent"="c:\program files\CYBERMEDIA\CMAGENT.EXE" /SU
"RealTray"=
"SoundMan"=SOUNDMAN.EXE
"POINTER"=c:\drive_d\Program Files\Microsoft Hardware\Mouse\point32.exe
"Auto EPSON Stylus CX3800 Series on ERICKSON_PUTER (from ERICKSON-LAPTOP)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P72 "Auto EPSON Stylus CX3800 Series on ERICKSON_PUTER (from ERICKSON-LAPTOP)" /O5 "TS001" /M "Stylus CX3800"
"EPSON Stylus CX3800 Series (Copy 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P35 "EPSON Stylus CX3800 Series (Copy 1)" /O6 "USB001" /M "Stylus CX3800"
"EPSON Stylus CX3800 Series on Erickson_Puter (from CKE_NOTEBOOK)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P64 "EPSON Stylus CX3800 Series on Erickson_Puter (from CKE_NOTEBOOK)" /O5 "TS001" /M "Stylus CX3800"
"EPSON Stylus CX3800 Series on Erickson_puter (from CKE8861CNT)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P62 "EPSON Stylus CX3800 Series on Erickson_puter (from CKE8861CNT)" /O5 "TS005" /M "Stylus CX3800"
"EPSON Stylus CX3800 Series on ERICKSON_PUTER (from ERICKSON-LAPTOP)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P67 "EPSON Stylus CX3800 Series on ERICKSON_PUTER (from ERICKSON-LAPTOP)" /O5 "TS005" /M "Stylus CX3800"
"EPSON Stylus CX3800 Series on Erickson_puter (from PC0769)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P58 "EPSON Stylus CX3800 Series on Erickson_puter (from PC0769)" /O5 "TS010" /M "Stylus CX3800"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"<NO NAME>"=
"SMSystemAnalyzer"="c:\program files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"=
"c:\\DRIVE_D\\Program Files\\Napster\\napster.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Alan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDP:DHCP Discovery Service
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"8767:UDP"= 8767:UDP:Teamspeak - ET
"25429:TCP"= 25429:TCP:UTor
"27961:UDP"= 27961:UDP:ET2
"27961:TCP"= 27961:TCP:ET2-1
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [07/29/04 3:33 AM 138801]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [07/29/04 4:13 AM 46800]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/10 6:12 PM 130376]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [02/17/10 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/10/10 12:41 PM 67656]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [12/15/05 10:57 PM 3744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/08 4:42 PM 156968]
R2 HPEAPPkt;Realtek EAPPkt Protocol(HP);c:\windows\system32\drivers\HPEAPPkt.sys [11/12/08 10:05 PM 68864]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [12/15/05 10:57 PM 3904]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [12/16/10 6:19 PM 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/10 6:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/10 6:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/10 6:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/10 6:12 PM 113096]
R2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [12/30/06 9:52 PM 27200]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [07/08/10 7:28 AM 815704]
R3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [07/14/08 6:36 PM 11648]
R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [07/14/08 6:36 PM 10752]
R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [07/14/08 6:36 PM 37120]
R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [12/04/08 6:20 PM 30946]
R3 RTLWUSB;Wireless Adapter;c:\windows\system32\drivers\HPL8187.SYS [11/12/08 10:05 PM 189440]
S0 baobb;baobb;c:\windows\system32\drivers\olbjekxr.sys --> c:\windows\system32\drivers\olbjekxr.sys [?]
S2 Ca536av;Digital Camera(Video) Device;c:\windows\system32\Drivers\Ca536av.sys --> c:\windows\system32\Drivers\Ca536av.sys [?]
S2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\Fighters\SPAMfighter\sfus.exe" service --> c:\program files\Fighters\SPAMfighter\sfus.exe [?]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe --> c:\program files\Fighters\FighterSuiteService.exe [?]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]
S3 Buzzsaw_Defragmentation;Buzzsaw_Defragmentation;c:\program files\MATCO\BuzzSawService.exe [04/25/06 2:35 PM 323584]
S3 FreeProxy;Free Proxy Service;c:\program files\Hand-Crafted Software\FreeProxy\FreeProxy.exe -{BeginFreeProxyService} -C"c:\program files\Hand-Crafted Software\FreeProxy\Default.cfg" --> c:\program files\Hand-Crafted Software\FreeProxy\FreeProxy.exe -{BeginFreeProxyService} -Cc:\program files\Hand-Crafted Software\FreeProxy\Default.cfg [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/04/06 5:17 PM 30192]
S3 gupdate1ca0b4d9155ce6c;Google Update Service (gupdate1ca0b4d9155ce6c);c:\program files\Google\Update\GoogleUpdate.exe [07/22/09 10:25 PM 133104]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [09/04/06 8:40 PM 49399]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [08/28/08 9:45 PM 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/28/07 6:01 PM 42512]
S3 PermissionTVDownloadManager;PermissionTV Download Manager Service;c:\progra~1\PERMIS~1\bin\dm.exe [09/20/07 10:27 AM 213053]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [12/04/08 6:20 PM 25773]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [08/22/07 12:01 PM 189312]
S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [12/05/05 8:24 PM 290816]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/20/06 7:40 AM 639224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 04:23]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 04:24]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 04:24]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730970711-1940038648-3843556251-1005Core.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 01:17]

2011-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730970711-1940038648-3843556251-1005UA.job
- c:\documents and settings\Alan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 01:17]

2011-02-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2008-12-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2006-02-15 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 18:48]

2006-02-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-13 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
mWindow Title = Microsoft Internet Explorer provided by Alan Erickson
uInternet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~2\NTXcontext.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: AltaVista Home - http://jump.altavista.com/avie5/home
IE: AltaVista Search This Term - http://jump.altavista.com/avie5/search
IE: AltaVista Translate Selection - http://jump.altavista.com/avie5/babelfish
IE: AltaVista Translate this Web Page - http://jump.altavista.com/avie5/babelfish
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: AV Search This Term -
IE: AV Translate Selection -
IE: AV Translate this Web Page -
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All Files by HiDownload - c:\progra~1\HIDOWN~1\HDGetAll.htm
IE: Download by HiDownload - c:\progra~1\HIDOWN~1\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Save F&lash with FlashCapture - c:\program files\FlashCapture\fciext.dll/FCIEXT.htm
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: {{06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home
IE: {{06FE5D01-8F11-11d2-804F-00105A133818}\ExpView
IE: {{06FE5D01-8F11-11d2-804F-00105A133818}\RecentDocs
IE: {{06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch
IE: {{06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch
IE: {{06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish
IE: {{06FE5D01-8F11-11d2-804F-00105A133818} - {06FE5D04-8F11-11d2-804F-00105A133818} -
Trusted Zone: bibb.com\bibbmail
Trusted Zone: kcpl.com\mail
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file://h:\setup\RiffLick.cab
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.144.30/DGTx.CAB
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.wedgwoodinternationalseminar.org/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Panda Identity Protect: widgetruntime@surfsecret.com - c:\program files\Panda Security\Panda ID Protect\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: NetExport: netexport@getfirebug.com - %profile%\extensions\netexport@getfirebug.com
FF - Ext: Firecookie: firecookie@janodvarko.cz - %profile%\extensions\firecookie@janodvarko.cz
FF - Ext: FireRainbow: firerainbow@hildebrand.cz - %profile%\extensions\firerainbow@hildebrand.cz
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - %profile%\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: DOM Inspector: inspector@mozilla.org - %profile%\extensions\inspector@mozilla.org
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
txtfile=c:\windows\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-SetDefaultMIDI - MIDIDef.exe
HKLM-Run-nwiz - nwiz.exe
SafeBoot-klmdb.sys
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-CaAvTray - c:\program files\Yahoo!\Antivirus\CAVTray.exe
MSConfigStartUp-CAVRID - c:\program files\Yahoo!\Antivirus\CAVRID.exe
MSConfigStartUp-EPSON Stylus CX3800 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MyWebSearch\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SetDefaultMIDI - MIDIDef.exe
MSConfigStartUp-SMSystemAnalyzer - c:\program files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
MSConfigStartUp-ThreatFire - c:\program files\ThreatFire\TFTray.exe
MSConfigStartUp-Twain - c:\documents and settings\Alan\Application Data\Twain\Twain.exe
MSConfigStartUp-WhenUSearch - c:\program files\DAEMON Tools SearchBar\Search.exe
MSConfigStartUp-WhenUSearchWHSE - c:\program files\DAEMON Tools SearchBar\whse.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-1999 TurboTax Deluxe - c:\tax99\TaxUnst.EXE
AddRemove-2000 TurboTax Deluxe - c:\drive_d\Tax00\TaxUnst.EXE
AddRemove-BatteryStatus Advanced (Chi-Tai Dang) - c:\program files\Microsoft ActiveSync\BatteryStatus Advanced (Chi-Tai Dang)\Uninstall.exe
AddRemove-Bogglev1 - c:\windows\DeIsL1.isu
AddRemove-DriveCopy 2.0 - c:\windows\POWERQ~1\DeIsL1.isu
AddRemove-Intellisync for Jump! - c:\program files\Jump Networks
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-PCMagazineUninstallKey - c:\progra~1\INTERN~1\DeIsL4.isu
AddRemove-QuicktimePluginDeinstallKey - c:\program files\Internet Explorer\plugins\npqtw\DeIsL1.isu
AddRemove-RealTimeWindowsTarget - c:\windows\rtwintgt -uninstall
AddRemove-State CD Installer - c:\tax99\TaxUnst.EXE
AddRemove-VideoCacheView - c:\windows\zipinst.exe
AddRemove-{F3EC0C60-5B0F-4EBC-A1CC-83B4554EA248} - c:\program files\InstallShield Installation Information\{F3EC0C60-5B0F-4EBC-A1CC-83B4554EA248}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 16:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2730970711-1940038648-3843556251-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD6E5452-8CC9-4D45-A19B-BEAAED3250ED}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\DynDNS Updater\DynDNS.exe
c:\windows\Dit.exe
c:\windows\DitExp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-02-10 16:48:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-10 22:48

Pre-Run: 411,385,556,992 bytes free
Post-Run: 434,685,812,736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - F73B74C6F8EC87FFDCB24DA824204AF1

2011/02/10 15:52:28.0843 5600 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/10 15:52:28.0968 5600 ================================================================================
2011/02/10 15:52:28.0968 5600 SystemInfo:
2011/02/10 15:52:28.0968 5600
2011/02/10 15:52:28.0968 5600 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/10 15:52:28.0968 5600 Product type: Workstation
2011/02/10 15:52:28.0968 5600 ComputerName: ERICKSON_PUTER
2011/02/10 15:52:28.0968 5600 UserName: Alan
2011/02/10 15:52:28.0968 5600 Windows directory: C:\WINDOWS
2011/02/10 15:52:28.0968 5600 System windows directory: C:\WINDOWS
2011/02/10 15:52:28.0968 5600 Processor architecture: Intel x86
2011/02/10 15:52:28.0968 5600 Number of processors: 1
2011/02/10 15:52:28.0968 5600 Page size: 0x1000
2011/02/10 15:52:28.0968 5600 Boot type: Normal boot
2011/02/10 15:52:28.0968 5600 ================================================================================
2011/02/10 15:52:29.0437 5600 Initialize success
2011/02/10 15:52:51.0125 0880 ================================================================================
2011/02/10 15:52:51.0125 0880 Scan started
2011/02/10 15:52:51.0125 0880 Mode: Manual;
2011/02/10 15:52:51.0125 0880 ================================================================================
2011/02/10 15:52:56.0000 0880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/10 15:52:57.0421 0880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/10 15:52:58.0937 0880 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/02/10 15:53:01.0984 0880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/10 15:53:03.0437 0880 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/10 15:53:04.0812 0880 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/10 15:53:10.0875 0880 ALCXWDM (f3e15607ba53249c765e36388b332c2f) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/02/10 15:53:14.0078 0880 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/02/10 15:53:15.0484 0880 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2011/02/10 15:53:19.0828 0880 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
2011/02/10 15:53:21.0234 0880 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/10 15:53:26.0281 0880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/10 15:53:27.0093 0880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/02/10 15:53:29.0765 0880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/10 15:53:31.0140 0880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/10 15:53:32.0765 0880 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
2011/02/10 15:53:34.0296 0880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/10 15:53:35.0640 0880 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\WINDOWS\system32\Drivers\BRGSp50.sys
2011/02/10 15:53:37.0000 0880 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/02/10 15:53:45.0546 0880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/10 15:53:46.0875 0880 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/10 15:53:49.0687 0880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/10 15:53:51.0093 0880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/10 15:53:52.0156 0880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/10 15:53:53.0406 0880 cFosSpeed (1a0f3a897e91e5b3c01e4a9204e425a0) C:\WINDOWS\system32\DRIVERS\cfosspeed.sys
2011/02/10 15:54:00.0312 0880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/10 15:54:01.0812 0880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/10 15:54:03.0218 0880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/10 15:54:04.0687 0880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/10 15:54:06.0046 0880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/10 15:54:07.0843 0880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/10 15:54:09.0359 0880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/10 15:54:10.0796 0880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/10 15:54:12.0281 0880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/10 15:54:13.0718 0880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/10 15:54:15.0187 0880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/10 15:54:16.0593 0880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/10 15:54:17.0968 0880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/10 15:54:19.0796 0880 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/10 15:54:21.0296 0880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/10 15:54:22.0671 0880 grmnusb (46947a84ebf10593be0612949603e724) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/02/10 15:54:24.0062 0880 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/02/10 15:54:25.0562 0880 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/10 15:54:27.0203 0880 HPEAPPkt (4ba96e24c86aa9114862a4185dfef090) C:\WINDOWS\system32\DRIVERS\HPEAPPkt.sys
2011/02/10 15:54:30.0062 0880 HPNUCMP (5471c1805743af7472315c5b74e0a8fd) C:\WINDOWS\system32\DRIVERS\hpnucmp.sys
2011/02/10 15:54:31.0531 0880 hpnuhst (1b45936db5de6aff8df799fbca5d6c3b) C:\WINDOWS\system32\DRIVERS\hpnuhst.sys
2011/02/10 15:54:33.0031 0880 HPNUHUB (23085d01756ba266cccfce57b8d68887) C:\WINDOWS\system32\DRIVERS\hpnuhub.sys
2011/02/10 15:54:34.0390 0880 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/10 15:54:36.0031 0880 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/10 15:54:37.0453 0880 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/10 15:54:38.0843 0880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/10 15:54:45.0937 0880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/10 15:54:49.0484 0880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/10 15:54:52.0296 0880 InCDfs (379748c22736ce97247feb4b311e7de5) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/02/10 15:54:53.0968 0880 InCDPass (cdc98d9ff11dc8a88d99370f0786005e) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/02/10 15:54:57.0140 0880 InCDrec (20cbcb4ce7f23df4e8ad09b8f31a4b78) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/02/10 15:55:00.0218 0880 incdrm (79774f35ddf9107f05c8021bb2242798) C:\WINDOWS\system32\drivers\incdrm.sys
2011/02/10 15:55:09.0250 0880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/10 15:55:11.0000 0880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/10 15:55:13.0000 0880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/10 15:55:14.0437 0880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/10 15:55:16.0531 0880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/10 15:55:17.0984 0880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/10 15:55:19.0453 0880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/10 15:55:20.0921 0880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/10 15:55:23.0031 0880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/10 15:55:25.0562 0880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/10 15:55:28.0796 0880 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/02/10 15:55:30.0468 0880 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2011/02/10 15:55:32.0156 0880 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/02/10 15:55:33.0656 0880 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/02/10 15:55:35.0156 0880 mamotou (406ea3b1bd43a2c14eeee06c49df0d5d) C:\WINDOWS\system32\DRIVERS\mamotou.sys
2011/02/10 15:55:35.0406 0880 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
2011/02/10 15:55:37.0093 0880 MaVctrl (1b467fb39d6ee0e7f1970eee5fc07121) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/02/10 15:55:38.0656 0880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/10 15:55:40.0218 0880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/10 15:55:41.0968 0880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/10 15:55:43.0593 0880 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/10 15:55:45.0062 0880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/10 15:55:47.0156 0880 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/02/10 15:55:47.0234 0880 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/02/10 15:55:48.0781 0880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/10 15:55:50.0359 0880 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/10 15:55:52.0125 0880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/10 15:55:53.0796 0880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/10 15:55:55.0484 0880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/10 15:55:57.0187 0880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/10 15:55:58.0718 0880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/10 15:56:00.0234 0880 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/10 15:56:01.0765 0880 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/10 15:56:03.0265 0880 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/10 15:56:04.0734 0880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/10 15:56:06.0203 0880 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/10 15:56:07.0703 0880 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/10 15:56:09.0281 0880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/10 15:56:10.0875 0880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/10 15:56:12.0406 0880 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/10 15:56:13.0906 0880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/10 15:56:16.0343 0880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/10 15:56:17.0796 0880 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/10 15:56:19.0531 0880 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/02/10 15:56:21.0828 0880 NPF (243126da7ba441d7c7c3262dcf435a9c) C:\WINDOWS\system32\drivers\npf.sys
2011/02/10 15:56:23.0562 0880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/10 15:56:25.0562 0880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/10 15:56:27.0125 0880 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/02/10 15:56:28.0890 0880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/10 15:56:30.0906 0880 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/10 15:56:32.0765 0880 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/02/10 15:56:35.0031 0880 nvatabus (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\drivers\nvatabus.sys
2011/02/10 15:56:36.0781 0880 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/02/10 15:56:39.0734 0880 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/02/10 15:56:41.0640 0880 nvraid (9c8a8e00648eaf7a1d794f7cfb25a6b4) C:\WINDOWS\system32\drivers\nvraid.sys
2011/02/10 15:56:43.0093 0880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/10 15:56:44.0781 0880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/10 15:56:47.0156 0880 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/10 15:56:48.0734 0880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/10 15:56:50.0296 0880 Partizan (2a3a0696a4d9011165fbd7b9de0112a7) C:\WINDOWS\system32\drivers\Partizan.sys
2011/02/10 15:56:51.0687 0880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/10 15:56:53.0078 0880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/10 15:56:54.0515 0880 PCASp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/02/10 15:56:55.0953 0880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/10 15:57:00.0281 0880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/10 15:57:01.0734 0880 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/10 15:57:09.0093 0880 pepifilter (4349c7dc0c982cffc11946fff20f8524) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/02/10 15:57:13.0484 0880 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2011/02/10 15:57:15.0187 0880 PID_PEPI (4fc23dae30ef4f6a2952cd93104909e7) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/02/10 15:57:16.0671 0880 pnarp (98da00160e8f1c988488dfb6924e8b11) C:\WINDOWS\system32\DRIVERS\pnarp.sys
2011/02/10 15:57:18.0218 0880 Point32 (f754b09a839719575328f707693a919d) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/02/10 15:57:19.0640 0880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/10 15:57:21.0125 0880 PQIMount (52d60eb121b01c6c2ff7f4c6ad123105) C:\WINDOWS\system32\drivers\PQIMount.sys
2011/02/10 15:57:22.0593 0880 PQV2i (be254a867101a7f347c31d2f89325ab2) C:\WINDOWS\system32\drivers\PQV2i.sys
2011/02/10 15:57:24.0125 0880 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/10 15:57:25.0843 0880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/10 15:57:27.0390 0880 PSINAflt (fdc5fbcc24fff63b0dc8057f77224bdc) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2011/02/10 15:57:28.0843 0880 PSINFile (21340bae4746bb87685eb7b0340e37f4) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2011/02/10 15:57:30.0421 0880 PSINKNC (043bb8afcb1fad95046f4cc9374fddf3) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2011/02/10 15:57:31.0968 0880 PSINProc (a821bb25b89ced1999eaf40feb9e3fec) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2011/02/10 15:57:33.0468 0880 PSINProt (fdb3745e5458ef8e1a39edd65c0d4dec) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2011/02/10 15:57:34.0968 0880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/10 15:57:36.0546 0880 purendis (22badb3e8a930440b5cbea11f94022f0) C:\WINDOWS\system32\DRIVERS\purendis.sys
2011/02/10 15:57:37.0968 0880 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/10 15:57:46.0765 0880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/10 15:57:48.0640 0880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/10 15:57:50.0265 0880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/10 15:57:51.0781 0880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/10 15:57:53.0562 0880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/10 15:57:55.0078 0880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/10 15:57:56.0531 0880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/10 15:57:58.0093 0880 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/10 15:57:59.0515 0880 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/10 15:58:00.0968 0880 RegGuard (7634b1f964f8d5c12d3a2d0b8c458568) C:\WINDOWS\system32\Drivers\regguard.sys
2011/02/10 15:58:02.0453 0880 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/10 15:58:04.0046 0880 RTL8187B (0ad58b970b61112d4637e299e8a19137) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
2011/02/10 15:58:05.0546 0880 RTLWUSB (56e405e01a179f53ec43bf60c0e27dfa) C:\WINDOWS\system32\DRIVERS\hpl8187.sys
2011/02/10 15:58:07.0015 0880 RTWTKRNL (d0f3d90486c3e97d88bf2f41374408cb) C:\WINDOWS\system32\drivers\RTWTKRNL.sys
2011/02/10 15:58:07.0281 0880 RushTopDevice (b624ea745672855ba187f3286f6f7a1f) C:\Program Files\MSI\Core Center\RushTop.sys
2011/02/10 15:58:07.0390 0880 SANDRA (26a853d50c6763d1a32c72f3dc6f9cc5) C:\DRIVE_D\Program Files\SiSoftware\SiSoft Sandra 2001te Standard\sandra.sys
2011/02/10 15:58:07.0484 0880 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/10 15:58:07.0531 0880 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/10 15:58:09.0046 0880 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/02/10 15:58:10.0515 0880 SDdriver (074da08e844ded21731c38e8395ebd3b) C:\WINDOWS\system32\Drivers\sddriver.sys
2011/02/10 15:58:11.0875 0880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/10 15:58:13.0500 0880 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/10 15:58:15.0015 0880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/10 15:58:16.0484 0880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/10 15:58:20.0656 0880 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/10 15:58:22.0062 0880 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/02/10 15:58:24.0890 0880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/10 15:58:26.0406 0880 sptd (73205bd9a388639c210636793fe3fd61) C:\WINDOWS\System32\Drivers\sptd.sys
2011/02/10 15:58:27.0859 0880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/10 15:58:29.0281 0880 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/10 15:58:30.0796 0880 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/02/10 15:58:32.0250 0880 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/10 15:58:33.0609 0880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/10 15:58:35.0000 0880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/10 15:58:38.0078 0880 SymEvent (1e55d29e0793cba72634087f814091c0) C:\Program Files\Symantec\SYMEVENT.SYS
2011/02/10 15:58:39.0437 0880 symlcbrd (6596892dd5abbe48f5876a551867a166) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/02/10 15:58:43.0437 0880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/10 15:58:44.0796 0880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/10 15:58:46.0437 0880 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/02/10 15:58:47.0812 0880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/10 15:58:49.0187 0880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/10 15:58:50.0500 0880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/10 15:58:51.0937 0880 tifsfilter (fd03a8ff9d4573246bd8e6d5371969e4) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/02/10 15:58:53.0265 0880 timounter (8061ee6fe61a27d6024da5e2d06a0418) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/02/10 15:58:55.0953 0880 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/02/10 15:58:57.0500 0880 UdfReadr (ac93dd5792310b57b03816d7f8d957fc) C:\WINDOWS\system32\drivers\UdfReadr.sys
2011/02/10 15:58:58.0890 0880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/10 15:59:00.0484 0880 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/02/10 15:59:01.0937 0880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/10 15:59:03.0328 0880 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/10 15:59:04.0687 0880 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/10 15:59:07.0593 0880 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/10 15:59:09.0015 0880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/10 15:59:10.0390 0880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/10 15:59:11.0812 0880 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/10 15:59:13.0328 0880 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/10 15:59:14.0734 0880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/10 15:59:16.0093 0880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/10 15:59:17.0468 0880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/10 15:59:20.0343 0880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/10 15:59:21.0781 0880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/10 15:59:23.0187 0880 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/02/10 15:59:24.0609 0880 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/10 15:59:27.0468 0880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/10 15:59:28.0859 0880 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
2011/02/10 15:59:30.0250 0880 WinDriver6 (22db0dcb37e73195d9fe43b2480b884f) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/02/10 15:59:31.0656 0880 WLAN(WLAN) (57f493c8dfe794d9f771d399baece278) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2011/02/10 15:59:33.0078 0880 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/10 15:59:34.0625 0880 ZD1211U(ZyDAS) (57f493c8dfe794d9f771d399baece278) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2011/02/10 15:59:35.0906 0880 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
2011/02/10 15:59:37.0390 0880 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/02/10 15:59:37.0703 0880 ================================================================================
2011/02/10 15:59:37.0703 0880 Scan finished
2011/02/10 15:59:37.0703 0880 ================================================================================
2011/02/10 15:59:52.0781 6060 Deinitialize success

#6 agerickson

agerickson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 10 February 2011 - 10:10 PM

My computer still has the service host error.

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:10 AM

Posted 11 February 2011 - 10:41 AM

Hi-

It looks like service host problem might be with ntdll.dll.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :file
    C:\WINDOWS\system32\ntdll.dll
    :filefind
    ntdll.*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Shannon

#8 agerickson

agerickson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 11 February 2011 - 02:00 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 12:47 on 11/02/2011 by Alan
Administrator - Elevation successful

========== file ==========

C:\WINDOWS\system32\ntdll.dll - File found and opened.
MD5: F8F0D25CA553E39DDE485D8FC7FCCE89
Created at 04:22 on 29/01/2009
Modified at 15:15 on 09/12/2010
Size: 718336 bytes
Attributes: --a----
FileDescription: NT Layer DLL
FileVersion: 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)
ProductVersion: 5.1.2600.6055
OriginalFilename: ntdll.dll
InternalName: ntdll.dll
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

========== filefind ==========

Searching for "ntdll.*"
C:\cmdcons\SYSTEM32\NTDLL.DLL --a---- 708096 bytes [06:56 04/08/2004] [06:56 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\pebuilder3110a\BartPE\i386\system32\ntdll.dll --a---- 708096 bytes [21:52 13/09/2005] [12:00 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\Program Files\Debugging Tools for Windows (x86)\DownstreamStore\ntdll.dll\4D00F27Db2000\ntdll.dll --a---- 718336 bytes [05:12 11/02/2011] [09:06 21/12/2010] F8F0D25CA553E39DDE485D8FC7FCCE89
C:\Program Files\Debugging Tools for Windows (x86)\DownstreamStore\ntdll.pdb\CEFC0863B1F84130A11E0F54180CD21A2\ntdll.pdb --a---- 1117184 bytes [05:12 11/02/2011] [09:05 21/12/2010] 00C89F90F9D0FAEEE7513C3A0200B2AF
C:\Program Files\MATLAB71\sys\lcc\lib\ntdll.lib --a---- 583520 bytes [03:10 31/12/2006] [22:39 03/11/1998] 6E562D8BEC495D24EBE90AACA4024147
C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntdll.dll --a---- 718336 bytes [23:58 09/02/2011] [15:15 09/12/2010] 15CE4DBC22FAB90B3CA5352AF1FFF81C
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntdll.dll --a---- 715264 bytes [20:29 14/04/2009] [10:56 09/02/2009] B0913005EE3FC15D7F72472D0B8A30EB
C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll -----c- 708096 bytes [16:54 29/01/2009] [12:00 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\WINDOWS\$NtUninstallKB2393802$\ntdll.dll -----c- 714752 bytes [09:01 10/02/2011] [12:10 09/02/2009] 911DDF2E16761643A47225F654D811E5
C:\WINDOWS\$NtUninstallKB956572$\ntdll.dll -----c- 706048 bytes [08:07 15/04/2009] [00:11 14/04/2008] 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F
C:\WINDOWS\i386\NTDLL.DLL --a---- 708096 bytes [21:52 13/09/2005] [12:00 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\WINDOWS\i386\SYSTEM32\NTDLL.DLL --a---- 708096 bytes [21:52 13/09/2005] [12:00 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\WINDOWS\repair\ntdll.ASR --a---- 708096 bytes [02:48 05/12/2005] [01:31 13/12/2005] BB5CBFFC096497506167BCE1D9690EF2
C:\WINDOWS\ServicePackFiles\i386\ntdll.dll ------- 706048 bytes [21:53 27/08/2008] [00:11 14/04/2008] 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F
C:\WINDOWS\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3GDR\ntdll.dll --a---- 718336 bytes [23:58 09/02/2011] [15:15 09/12/2010] F8F0D25CA553E39DDE485D8FC7FCCE89
C:\WINDOWS\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\SP3QFE\ntdll.dll --a---- 718336 bytes [23:58 09/02/2011] [15:15 09/12/2010] 15CE4DBC22FAB90B3CA5352AF1FFF81C
C:\WINDOWS\system32\ntdll.dll --a---- 718336 bytes [04:22 29/01/2009] [15:15 09/12/2010] F8F0D25CA553E39DDE485D8FC7FCCE89
C:\WINDOWS\system32\dllcache\ntdll.dll --a--c- 718336 bytes [04:22 29/01/2009] [15:15 09/12/2010] F8F0D25CA553E39DDE485D8FC7FCCE89

-= EOF =-

#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:10 AM

Posted 11 February 2011 - 04:16 PM

Hi-

Let's try MBAM and get a new OTL scan listing.

Please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Then, do a new OTL scan.
  • Double click on the Posted Image icon on your desktop.
  • In the Extra Registry Box, check Use SafeList.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your reply, copy in the MBAM report and the two OTL scan reports. Let me know how the computer is doing.
Shannon

#10 agerickson

agerickson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 12 February 2011 - 06:17 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5748

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/12/11 4:43:15 PM
mbam-log-2011-02-12 (16-43-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 823837
Time elapsed: 3 hour(s), 44 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{cf4da2c2-448c-4915-9f7e-496ec8dde005}\RP2231\A0498302.exe (HackTool.Snadboy) -> Quarantined and deleted successfully.

OTL logfile created on: 02/12/11 4:57:19 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Alan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 403.59 Gb Free Space | 43.33% Space Free | Partition Type: NTFS
Drive M: | 465.76 Gb Total Space | 131.71 Gb Free Space | 28.28% Space Free | Partition Type: NTFS

Computer Name: ERICKSON_PUTER | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/09 21:33:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
PRC - [2011/01/13 09:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/16 18:35:40 | 000,423,232 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2010/12/16 18:25:17 | 000,456,000 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
PRC - [2010/12/16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/12/08 13:14:34 | 000,223,400 | ---- | M] (Panda Security) -- C:\Documents and Settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe
PRC - [2010/11/17 12:22:57 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/15 03:02:45 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/08/24 00:37:02 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2010/07/02 12:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2009/08/28 16:47:56 | 000,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe
PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/28 16:42:12 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/07/14 14:30:00 | 000,356,864 | ---- | M] (Greatis Software) -- C:\Program Files\Greatis\RegRunSuite\WatchDog.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 18:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2007/07/17 04:00:00 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/10/23 10:16:56 | 001,122,304 | ---- | M] () -- C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe
PRC - [2006/10/04 22:51:06 | 000,618,496 | ---- | M] (3G Corp.) -- C:\Program Files\HP Wireless Adapter\HPWLan.exe
PRC - [2006/09/17 09:32:16 | 001,352,704 | ---- | M] (Kana Solution) -- C:\Program Files\DynDNS Updater\DynDNS.exe
PRC - [2006/07/21 08:03:00 | 001,106,528 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
PRC - [2006/07/20 23:15:32 | 001,848,155 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
PRC - [2006/07/20 23:13:48 | 000,126,976 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/07/20 23:13:42 | 000,204,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/05/13 17:11:14 | 000,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2003/05/19 17:39:16 | 000,081,920 | ---- | M] () -- C:\WINDOWS\Dit.exe
PRC - [2003/03/20 15:47:08 | 000,061,440 | ---- | M] () -- C:\WINDOWS\DitExp.exe
PRC - [2001/10/05 10:54:28 | 000,118,784 | ---- | M] (In-System Design, Inc.) -- C:\WINDOWS\tppaldr.exe
PRC - [1999/09/30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (SafeList) ==========

MOD - [2011/02/09 21:33:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
MOD - [2010/12/08 13:14:36 | 000,383,656 | ---- | M] (Panda Security) -- C:\Documents and Settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.dll
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/03/26 12:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Suite Service)
SRV - File not found [Auto | Stopped] -- -- (SPAMfighter Update Service)
SRV - File not found [Auto | Stopped] -- -- (ioloDMV)
SRV - File not found [Auto | Stopped] -- -- (Basics Service)
SRV - [2010/12/16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/24 00:37:02 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/07/26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/07/22 20:48:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/25 09:32:58 | 000,314,584 | R--- | M] (cFos Software GmbH) [On_Demand | Stopped] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2008/04/13 18:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/09/20 10:28:34 | 000,213,053 | ---- | M] (PermissionTV) [On_Demand | Stopped] -- C:\Program Files\PermissionTV\bin\dm.exe -- (PermissionTVDownloadManager)
SRV - [2007/06/28 18:01:48 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/02/04 18:11:18 | 000,356,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hand-Crafted Software\FreeProxy\FreeProxy.exe -- (FreeProxy)
SRV - [2006/11/01 00:04:02 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2006/10/14 19:21:04 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [Disabled | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2006/09/17 09:32:16 | 001,352,704 | ---- | M] (Kana Solution) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynDNS.exe -- (DynDNS_Updater_Service)
SRV - [2006/07/20 23:13:42 | 000,204,800 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/04/25 14:35:58 | 000,323,584 | ---- | M] (SpyderComm, Inc.) [On_Demand | Stopped] -- C:\Program Files\MATCO\BuzzSawService.exe -- (Buzzsaw_Defragmentation)
SRV - [2006/04/13 08:33:24 | 000,237,568 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MATCO\DirmsService.exe -- (DirMS_Defragmentation)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/27 14:55:28 | 000,177,824 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/12/27 14:55:20 | 000,083,616 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/12/27 14:55:04 | 000,186,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/12/14 21:21:21 | 000,819,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/07/27 11:53:00 | 000,536,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver)
SRV - [2005/05/13 17:11:14 | 000,869,888 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/05/13 17:11:14 | 000,869,888 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/11/22 17:04:14 | 001,273,856 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/08/30 23:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2003/05/19 15:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
SRV - [2002/10/21 15:54:18 | 000,081,920 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2010/12/16 18:12:59 | 000,113,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2010/12/16 18:12:51 | 000,111,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2010/12/16 18:12:42 | 000,130,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2010/12/16 18:12:34 | 000,097,352 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/12/16 18:12:26 | 000,141,768 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2010/07/03 19:47:35 | 000,025,773 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/03 16:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/28 16:48:00 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/16 22:44:01 | 000,200,704 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2009/02/02 09:38:08 | 000,030,946 | ---- | M] (Greatis Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2008/12/17 00:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 00:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 23:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/16 23:53:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/19 10:49:37 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/19 10:49:36 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/07 01:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/06/25 09:33:02 | 000,732,376 | R--- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/28 18:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/04/12 14:24:26 | 000,388,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/04/12 14:24:26 | 000,032,288 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/04/12 14:24:17 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/03/08 13:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/02/08 19:44:22 | 000,026,944 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/02/08 19:44:00 | 000,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/12/26 13:58:02 | 000,189,312 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2006/12/20 07:40:20 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/11/29 00:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/08/16 19:03:14 | 000,010,752 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhst.sys -- (hpnuhst)
DRV - [2006/08/16 19:03:06 | 000,011,648 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnucmp.sys -- (HPNUCMP)
DRV - [2006/08/16 19:03:00 | 000,037,120 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpnuhub.sys -- (HPNUHUB)
DRV - [2006/08/15 11:10:02 | 000,189,440 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPL8187.SYS -- (RTLWUSB)
DRV - [2006/05/12 13:31:12 | 000,068,864 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HPEAPPkt.sys -- (HPEAPPkt) Realtek EAPPkt Protocol(HP)
DRV - [2006/03/01 09:24:16 | 000,290,816 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006/03/01 09:24:16 | 000,290,816 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) XPC 802.11b/g Wireless Kit Driver(WLAN)
DRV - [2005/12/14 21:21:21 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/12/01 12:14:20 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/11/09 17:22:32 | 000,039,936 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2005/11/07 16:50:20 | 000,049,399 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2005/08/18 10:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/07/27 12:40:08 | 000,027,200 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RTWTKRNL.sys -- (RTWTKRNL)
DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005/05/17 15:45:12 | 000,076,288 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2005/05/17 15:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/05/17 15:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/05/13 17:03:52 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/05/13 17:03:30 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/05/13 09:03:25 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/04/06 01:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/06 01:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/11/22 17:08:54 | 000,046,800 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount)
DRV - [2004/11/22 16:51:58 | 000,138,801 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/30 23:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2004/07/26 12:36:08 | 000,316,192 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2004/03/05 17:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 17:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2004/01/14 10:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.SYS -- (ZDPNDIS5)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/31 12:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/04/19 01:14:32 | 000,009,280 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\DRIVE_D\Program Files\SiSoftware\SiSoft Sandra 2001te Standard\SANDRA.sys -- (SANDRA)
DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,AutoRefreshLocalPages = yes
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = [binary data]
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.wedgwoodinternationalseminar.org/"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: firerainbow@hildebrand.cz:1.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: netexport@getfirebug.com:0.8b10
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.1
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:1.0
FF - prefs.js..extensions.enabledItems: widgetruntime@surfsecret.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.8
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,localho,t,127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/05/23 23:02:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\widgetruntime@surfsecret.com: C:\Program Files\Panda Security\Panda ID Protect\Firefox [2010/07/07 16:27:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/02 20:44:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/02 20:44:59 | 000,000,000 | ---D | M]

[2009/09/26 10:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Extensions
[2011/02/08 11:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions
[2010/05/06 16:26:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/08 11:46:56 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/09/02 19:28:34 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010/07/07 16:27:14 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/01/20 10:55:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/20 10:55:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/07/31 17:31:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/20 10:55:37 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/01/20 10:55:51 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\firebug@software.joehewitt.com
[2010/11/11 14:39:07 | 000,000,000 | ---D | M] (Firecookie) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\firecookie@janodvarko.cz
[2010/11/11 14:39:07 | 000,000,000 | ---D | M] (FireRainbow) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\firerainbow@hildebrand.cz
[2010/09/01 07:48:43 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\inspector@mozilla.org
[2011/02/03 16:34:13 | 000,000,000 | ---D | M] (NetExport) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\netexport@getfirebug.com
[2010/09/01 07:48:43 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010/10/28 10:56:26 | 000,000,000 | ---D | M] (YSlow) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\ugdaj4rt.default\extensions\yslow@yahoo-inc.com
[2011/02/08 11:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 14:46:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/20 10:51:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/05/23 23:02:45 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/03/15 20:57:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/07 16:27:21 | 000,000,000 | ---D | M] (Panda Identity Protect) -- C:\PROGRAM FILES\PANDA SECURITY\PANDA ID PROTECT\FIREFOX
[2007/06/21 17:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 17:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 17:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/21 17:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/06/21 17:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2011/02/10 16:36:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DeskshopBrowserHelper Class) - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HPWireless] C:\Program Files\HP Wireless Adapter\HPWLAN.exe (3G Corp.)
O4 - HKLM..\Run: [ICSDCLT] C:\WINDOWS\System32\icsdclt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Panda Security Toolbar Antiphishing] C:\Documents and Settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RegRun WinBait] C:\WINDOWS\WinBait.exe ()
O4 - HKLM..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe (In-System Design, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [Registry] C:\Program Files\Greatis\RegRunSuite\lsoon.exe (Greatis Software)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [Regrun2] C:\Program Files\Greatis\RegRunSuite\WatchDog.exe (Greatis Software)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\connection manager.lnk = C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\Program Files\Flash Saver\save.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm ()
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Save F&lash with FlashCapture - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra Button: MicroPortal - {06FE5D01-8F11-11d2-804F-00105A133818} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra Button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : AltaVista &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (Dreamingsoft, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe (HiDownload Software)
O9 - Extra Button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Discover\SOAN\SOAN.exe (Orbiscom Ltd. All rights reserved.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..Trusted Domains: bibb.com ([bibbmail] http in Trusted sites)
O15 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..Trusted Domains: kcpl.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (SupportSoft SmartIssue)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} file://H:\setup\RiffLick.cab (WaveTab Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (MSN Money Charting)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134610111671 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134610072468 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.winkflash.com/photo/loaders/ImageUploader3.cab (Aurigma Image Uploader 3.0 Control)
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} http://www.programchecker.com/dll/nixon.cab (Zenturi Active Programs Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/games/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} http://66.98.144.30/DGTx.CAB (DGTx.uc1)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://trueswitch.com/sbc/TrueInstallSBC.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Blackjack http://download.games.yahoo.com/games/clients/y/jt0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Dominoes http://download2.games.yahoo.com/games/clients/y/dot9_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:1 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop WallPaper: C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O29 - HKLM SecurityProviders - (rpasspc.dll) - C:\WINDOWS\System32\RPASSPC.dll (CompuServe Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/13 16:07:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/10 16:40:21 | 000,000,063 | ---- | M] () - M:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 23:56:22 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/02/10 23:55:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2011/02/10 23:55:39 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2011/02/10 23:54:32 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2011/02/10 23:54:01 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2011/02/10 23:54:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/02/10 23:52:48 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2011/02/10 23:52:18 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/02/10 23:50:30 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2011/02/10 23:50:04 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2011/02/10 23:50:03 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2011/02/10 23:48:48 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2011/02/10 23:48:31 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2011/02/10 23:47:46 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/02/10 23:47:45 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/02/10 23:47:29 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/02/10 23:46:46 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2011/02/10 23:46:36 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2011/02/10 23:46:24 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2011/02/10 23:46:21 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2011/02/10 23:45:54 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2011/02/10 23:45:53 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2011/02/10 23:45:52 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2011/02/10 23:45:52 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2011/02/10 23:44:15 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2011/02/10 23:43:06 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2011/02/10 23:42:54 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2011/02/10 23:42:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2011/02/10 23:42:33 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2011/02/10 23:42:17 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2011/02/10 23:41:47 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2011/02/10 23:41:27 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/02/10 23:41:16 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/02/10 23:41:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/02/10 23:41:02 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/02/10 23:40:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2011/02/10 23:40:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/02/10 23:40:38 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2011/02/10 23:40:36 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2011/02/10 23:40:23 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2011/02/10 23:39:26 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2011/02/10 23:39:21 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2011/02/10 23:39:20 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011/02/10 23:38:02 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2011/02/10 23:37:57 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/02/10 23:37:51 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2011/02/10 23:37:50 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011/02/10 23:35:54 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/02/10 23:35:45 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2011/02/10 23:35:41 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2011/02/10 23:34:38 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/02/10 23:34:23 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2011/02/10 23:34:18 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2011/02/10 23:34:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2011/02/10 23:33:51 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2011/02/10 23:33:04 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/02/10 23:33:04 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/02/10 23:33:01 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011/02/10 23:32:55 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/02/10 23:32:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/02/10 23:32:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/02/10 23:32:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/02/10 23:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\My Documents\Symbols
[2011/02/10 22:47:50 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/02/10 22:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Debugging Tools for Windows (x86)
[2011/02/10 22:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2011/02/10 22:11:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\minidumpbackup
[2011/02/10 16:48:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/10 16:06:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/10 16:02:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/10 16:02:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/10 16:02:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/10 16:02:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/10 16:02:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/10 16:01:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/10 11:08:26 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Alan\Desktop\TDSSKiller.exe
[2011/02/09 21:33:23 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2011/02/08 09:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2011/02/08 09:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
[2011/02/08 09:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/02/07 18:08:01 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/02/07 16:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2011/02/07 16:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/02/06 08:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2011/01/26 19:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2011/01/15 11:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/15 11:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
[2011/01/15 11:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/15 11:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/28 12:59:33 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Alan\Application Data\tsdnwin.dll
[2007/04/09 08:06:06 | 000,021,866 | ---- | C] (In-System Design, Inc.) -- C:\Program Files\Common Files\tppupd2k.dll
[2007/04/02 07:00:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Alan\Application Data\pcouffin.sys
[2006/02/15 12:19:41 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1039 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Alan\Application Data\*.tmp files -> C:\Documents and Settings\Alan\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/12 17:07:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/12 17:00:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/02/12 16:54:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/12 16:53:40 | 000,000,076 | ---- | M] () -- C:\WINDOWS\lsoon.ini
[2011/02/12 16:53:00 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/02/12 16:52:30 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/02/12 16:52:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/12 16:51:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/12 16:51:24 | 3220,746,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/12 16:45:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2730970711-1940038648-3843556251-1005UA.job
[2011/02/11 18:45:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2730970711-1940038648-3843556251-1005Core.job
[2011/02/11 13:58:04 | 000,124,928 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\GVChurch2010.xls
[2011/02/11 12:47:16 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\SystemLook.exe
[2011/02/10 19:36:08 | 002,277,894 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Pages from 2004-2006.pdf
[2011/02/10 19:31:34 | 001,006,995 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Pages from 1991-1993.pdf
[2011/02/10 16:36:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/10 16:07:00 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/02/10 16:01:03 | 004,266,254 | R--- | M] () -- C:\Documents and Settings\Alan\Desktop\ComboFix.exe
[2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Alan\Desktop\TDSSKiller.exe
[2011/02/10 03:22:00 | 000,713,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 03:04:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/09 21:33:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
[2011/02/09 19:56:36 | 000,137,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/02/09 19:56:31 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011/02/08 17:57:09 | 000,268,952 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/02/07 18:08:01 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/02/07 17:55:11 | 000,896,514 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\census.cache
[2011/02/07 17:52:57 | 000,432,248 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\ars.cache
[2011/02/07 17:15:49 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\housecall.guid.cache
[2011/02/07 15:41:17 | 000,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termdd.sys
[2011/02/07 13:45:18 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\error.bat
[2011/02/06 21:38:58 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\dds.scr
[2011/02/06 21:30:43 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Alan\defogger_reenable
[2011/02/06 15:59:21 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/02/06 08:52:42 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/02/05 19:05:57 | 000,000,430 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/02/04 10:22:28 | 001,701,059 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\AGIA US FIRE INS COMPANY CLAIM FORM 081607 modified AGE.pdf
[2011/02/02 21:44:52 | 000,309,720 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070480.jpg
[2011/02/02 12:51:20 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/01/31 10:44:44 | 003,328,344 | ---- | M] () -- C:\Church.QDF
[2011/01/31 10:44:44 | 000,388,731 | ---- | M] () -- C:\Church.IDX
[2011/01/31 10:44:44 | 000,025,600 | ---- | M] () -- C:\Church.QEL
[2011/01/29 10:52:10 | 000,040,557 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 3.pdf
[2011/01/29 10:47:12 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Shortcut to co #2.pdf.lnk
[2011/01/26 19:55:21 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/01/26 19:55:00 | 004,251,204 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\FileZilla_3.3.5.1_win32-setup.exe
[2011/01/26 09:58:58 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\gcada images.doc
[2011/01/24 21:11:51 | 000,674,304 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\GCADA Tutorial.doc
[2011/01/24 15:26:33 | 001,472,051 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070475.jpg
[2011/01/24 15:26:12 | 001,470,228 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070474.jpg
[2011/01/24 15:25:54 | 001,505,854 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070477.jpg
[2011/01/24 15:25:13 | 001,438,777 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\P1070476.jpg
[2011/01/23 20:05:27 | 000,011,963 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\test.skp
[2011/01/22 19:59:37 | 000,674,304 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Welcome the the new GCADA website for old and new members.doc
[2011/01/21 08:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 08:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/20 10:50:13 | 000,069,095 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\WIS newsletter copy.jpg
[2011/01/20 10:49:58 | 000,433,296 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\WIS newsletter.psd
[2011/01/18 21:55:30 | 000,003,687 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\1st day vase copy.gif
[2011/01/18 21:55:30 | 000,003,674 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\1st day vase copy.gif
[2011/01/15 18:55:39 | 001,431,616 | ---- | M] () -- C:\Documents and Settings\Alan\Desktop\Roger.zip
[2011/01/15 11:13:00 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/14 16:48:22 | 000,047,353 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 2a.pdf
[2011/01/14 11:50:17 | 000,042,029 | ---- | M] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 2.pdf
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1039 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Alan\Application Data\*.tmp files -> C:\Documents and Settings\Alan\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2018/08/01 18:57:33 | 000,000,111 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\sys50492.bin
[2011/02/11 13:58:03 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\GVChurch2010.xls
[2011/02/11 12:47:26 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\SystemLook.exe
[2011/02/10 23:56:18 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/02/10 23:46:33 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/02/10 23:42:43 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/02/10 19:36:08 | 002,277,894 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Pages from 2004-2006.pdf
[2011/02/10 19:31:34 | 001,006,995 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Pages from 1991-1993.pdf
[2011/02/10 16:07:00 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/02/10 16:06:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/10 16:02:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/10 16:02:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/10 16:02:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/10 16:02:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/10 16:02:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/10 16:01:05 | 004,266,254 | R--- | C] () -- C:\Documents and Settings\Alan\Desktop\ComboFix.exe
[2011/02/07 17:55:11 | 000,896,514 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\census.cache
[2011/02/07 17:52:57 | 000,432,248 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\ars.cache
[2011/02/07 17:15:49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\housecall.guid.cache
[2011/02/07 13:45:18 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\error.bat
[2011/02/06 21:38:56 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\dds.scr
[2011/02/06 21:30:25 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Alan\defogger_reenable
[2011/02/06 08:52:42 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/02/05 19:06:47 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Shortcut to Malwarebytes' Anti-Malware.lnk
[2011/02/02 21:44:52 | 000,309,720 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070480.jpg
[2011/01/29 10:47:11 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Shortcut to co #2.pdf.lnk
[2011/01/29 10:46:26 | 000,040,557 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 3.pdf
[2011/01/26 19:55:21 | 000,001,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/01/26 19:54:47 | 004,251,204 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\FileZilla_3.3.5.1_win32-setup.exe
[2011/01/26 09:08:32 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\gcada images.doc
[2011/01/24 19:46:37 | 000,674,304 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\GCADA Tutorial.doc
[2011/01/24 15:26:32 | 001,472,051 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070475.jpg
[2011/01/24 15:26:12 | 001,470,228 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070474.jpg
[2011/01/24 15:25:54 | 001,505,854 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070477.jpg
[2011/01/24 15:25:13 | 001,438,777 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\P1070476.jpg
[2011/01/23 20:05:27 | 000,011,963 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\test.skp
[2011/01/22 17:37:43 | 000,674,304 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Welcome the the new GCADA website for old and new members.doc
[2011/01/20 10:50:09 | 000,069,095 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\WIS newsletter copy.jpg
[2011/01/20 10:49:58 | 000,433,296 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\WIS newsletter.psd
[2011/01/18 21:55:21 | 000,003,687 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\1st day vase copy.gif
[2011/01/18 21:55:21 | 000,003,674 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\1st day vase copy.gif
[2011/01/15 18:54:00 | 001,431,616 | ---- | C] () -- C:\Documents and Settings\Alan\Desktop\Roger.zip
[2011/01/15 11:13:00 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/14 16:48:22 | 000,047,353 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 2a.pdf
[2011/01/14 11:15:50 | 000,042,029 | ---- | C] () -- C:\Documents and Settings\Alan\My Documents\Skinner Release form 2.pdf
[2010/12/17 21:44:40 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/30 14:05:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/10/23 19:43:13 | 000,000,745 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/10/23 07:12:02 | 000,000,167 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/08/15 06:43:20 | 001,156,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 17:11:08 | 000,068,272 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\PandaIDProtectHelp.chm
[2010/06/22 08:59:38 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/14 08:13:00 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/28 08:32:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/11/28 12:57:34 | 000,000,466 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\SamsungLiveUpdateConfig.ini
[2009/10/31 14:42:14 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ShLog.txt
[2009/08/29 07:45:29 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/08/29 07:45:24 | 000,020,023 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/29 07:45:23 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/07 20:31:48 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/04 08:26:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/01/25 22:44:43 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2009/01/10 00:41:41 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\d3d9caps.dat
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/16 11:19:36 | 000,291,840 | ---- | C] () -- C:\Program Files\Common Files\PCSBoff.exe
[2008/12/16 11:19:36 | 000,090,112 | ---- | C] () -- C:\Program Files\Common Files\PCSBclean.exe
[2008/12/08 09:31:51 | 000,003,910 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ShLog.txt
[2008/12/04 22:34:05 | 000,000,076 | ---- | C] () -- C:\WINDOWS\lsoon.ini
[2008/12/04 18:20:14 | 006,982,359 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\ShLog.txt
[2008/11/18 21:42:25 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\ConverterEngLog.log
[2008/11/18 21:33:40 | 000,427,488 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\ReplayConverterLog.log
[2008/11/03 20:35:48 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/11/01 12:17:30 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/08/28 21:45:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/05/31 20:44:43 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/03/17 20:22:11 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/03/01 22:19:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/12 21:42:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/01/10 17:09:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/01/10 17:02:23 | 000,050,805 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/07 10:07:40 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/11/29 18:10:34 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/10/14 22:25:23 | 000,685,849 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\unins000.exe
[2007/10/14 22:25:23 | 000,030,480 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\unins000.dat
[2007/09/24 23:02:14 | 000,000,268 | ---- | C] () -- C:\WINDOWS\resfen5.ini
[2007/08/24 08:55:08 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/22 07:38:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/08/17 10:58:39 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/08/17 10:58:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/08/17 10:58:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/08/17 10:58:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/08/17 10:58:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/08/17 10:58:31 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/08/17 10:58:30 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI
[2007/08/17 10:58:08 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/08/17 10:57:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\PtrcENG.dll
[2007/08/12 20:55:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\BW7Dir.ini
[2007/08/12 20:50:42 | 000,013,855 | ---- | C] () -- C:\WINDOWS\bw700.ini
[2007/08/12 20:48:46 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2007/08/12 20:48:46 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\patchw.dll
[2007/08/12 20:48:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\bwntsend.dll
[2007/08/12 20:48:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bwnthook.dll
[2007/08/12 20:48:45 | 001,982,464 | ---- | C] () -- C:\WINDOWS\System32\bwbits70.dll
[2007/07/14 18:32:21 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/07/14 18:32:21 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/07/14 18:32:21 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/07/14 18:32:21 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/06/28 18:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/05/28 09:57:55 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/05/13 06:45:33 | 000,000,441 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/04/02 09:34:17 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\FixVTS.ini
[2007/04/02 07:01:11 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\pcouffin.log
[2007/04/02 07:00:51 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\ezpinst.exe
[2007/04/02 07:00:51 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\pcouffin.cat
[2007/04/02 07:00:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\pcouffin.inf
[2007/03/09 01:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 03:14:48 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/08 22:17:02 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\FreeProxyDLL392.dll
[2007/01/29 08:43:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2007/01/17 08:29:48 | 000,000,154 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2007/01/08 17:18:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\webica.ini
[2006/12/30 21:52:23 | 000,027,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTWTKRNL.sys
[2006/12/30 21:51:01 | 000,000,158 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/12/16 22:28:27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/12/15 11:19:58 | 000,000,587 | ---- | C] () -- C:\WINDOWS\lname.ini
[2006/12/15 11:19:58 | 000,000,121 | ---- | C] () -- C:\WINDOWS\iii.ini
[2006/12/15 11:19:56 | 000,000,466 | ---- | C] () -- C:\WINDOWS\iiiweb97.ini
[2006/12/14 22:53:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Isdbg.ini
[2006/12/14 22:35:07 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/11/19 22:36:00 | 001,015,808 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/11/19 22:36:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll
[2006/11/19 22:35:59 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/11/19 22:35:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2006/11/19 22:35:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/11/19 22:35:59 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2006/11/19 22:35:58 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/11/15 22:58:47 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\.googlewebacchosts
[2006/11/07 23:32:14 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2006/10/12 09:32:50 | 000,000,417 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\AutoGK.ini
[2006/09/26 21:10:04 | 000,823,296 | ---- | C] () -- C:\WINDOWS\npdbplug.dll
[2006/09/09 21:03:17 | 000,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2006/09/09 21:03:17 | 000,040,712 | ---- | C] () -- C:\WINDOWS\System32\agcrypto.dll
[2006/08/11 08:33:42 | 001,370,242 | ---- | C] () -- C:\WINDOWS\System32\OGKernel.dll
[2006/08/10 14:08:58 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\$_hpcst$.hpc
[2006/07/04 17:24:50 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/17 09:36:46 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2006/05/10 14:32:22 | 000,000,315 | ---- | C] () -- C:\WINDOWS\QFP.INI
[2006/05/09 20:11:11 | 000,000,196 | RH-- | C] () -- C:\WINDOWS\KFSecure.dll
[2006/05/09 20:11:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\KSecure.dll
[2006/05/06 20:01:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[2006/04/07 17:55:15 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\gc.dll
[2006/03/31 09:54:21 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/03/30 23:48:51 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/03/30 23:31:19 | 000,000,111 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/03/20 13:43:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/03/05 16:35:21 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/27 07:48:36 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/27 07:30:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/21 22:11:14 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/01/28 17:24:27 | 000,000,152 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/01/28 16:54:19 | 000,000,090 | ---- | C] () -- C:\WINDOWS\Taxact03.ini
[2006/01/28 16:53:21 | 000,000,090 | ---- | C] () -- C:\WINDOWS\Taxact04.ini
[2006/01/14 23:18:21 | 000,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2006/01/14 17:38:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/05 22:01:40 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2006/01/05 21:41:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/01/03 21:56:19 | 000,000,111 | ---- | C] () -- C:\WINDOWS\NVMonitor.INI
[2006/01/01 20:20:26 | 000,000,110 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2006/01/01 14:05:24 | 000,002,136 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2005/12/30 20:03:00 | 001,732,608 | R--- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2005/12/27 23:00:02 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/12/27 22:57:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2005/12/19 21:30:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\FC32.INI
[2005/12/18 20:03:06 | 000,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
[2005/12/18 19:42:25 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2005/12/18 14:45:33 | 000,000,962 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/12/18 14:45:33 | 000,000,074 | ---- | C] () -- C:\WINDOWS\calera.ini
[2005/12/17 14:26:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\fusioncache.dat
[2005/12/15 00:51:37 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/12/14 19:15:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\cs3inst.ini
[2005/12/14 18:50:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/13 23:20:51 | 000,000,149 | ---- | C] () -- C:\WINDOWS\MPCWIN98.INI
[2005/12/13 23:19:05 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/12/13 22:12:41 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/12/13 16:48:21 | 000,000,102 | ---- | C] () -- C:\WINDOWS\cserve.ini
[2005/12/12 23:29:53 | 000,004,967 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/08 21:07:00 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\lfpcd14N.dll
[2005/12/08 20:34:40 | 000,040,512 | ---- | C] () -- C:\WINDOWS\System32\VUINS16.DLL
[2005/12/07 22:20:28 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\FASTWiz.html
[2005/12/04 21:12:32 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Alan\Local Settings\Application Data\FASTWiz.log
[2005/12/02 17:43:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/02 17:39:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/10 13:53:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/23 02:55:56 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2005/09/13 20:59:52 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/09/13 16:10:24 | 000,000,897 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/13 15:55:58 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/09/13 15:53:20 | 000,001,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/09/13 09:01:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/28 16:24:44 | 000,007,136 | ---- | C] () -- C:\WINDOWS\System32\Adist4.dll
[2005/08/28 16:24:37 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2005/08/24 22:35:05 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2005/08/01 23:35:56 | 000,000,982 | ---- | C] () -- C:\WINDOWS\CDPLAY.INI
[2005/07/17 23:11:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\MkeDscChg.dll
[2005/07/17 20:30:56 | 000,176,128 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2005/07/17 20:30:56 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2005/07/17 20:13:44 | 000,008,192 | ---- | C] () -- C:\WINDOWS\storpg98.dll
[2005/07/07 14:53:18 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/02/11 22:08:00 | 000,843,776 | R--- | C] () -- C:\WINDOWS\System32\lteay14n.dll
[2005/02/11 22:08:00 | 000,688,128 | R--- | C] () -- C:\WINDOWS\System32\ltcry14n.dll
[2005/02/11 22:08:00 | 000,144,384 | R--- | C] () -- C:\WINDOWS\System32\lttls14n.dll
[2004/07/20 22:41:45 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2004/07/20 22:41:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll
[2004/07/20 22:41:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll
[2004/07/20 22:41:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll
[2004/07/05 14:25:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll
[2003/03/13 18:50:18 | 000,151,040 | ---- | C] () -- C:\WINDOWS\System32\wimadll.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 11:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/02/27 07:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 07:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 07:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/09/22 23:40:31 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\HPFPNP.DLL
[2001/09/16 17:22:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\dvzxlt.ini
[2001/08/09 21:34:14 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\PDDLLW32.DLL
[2001/08/09 21:34:13 | 000,455,168 | ---- | C] () -- C:\WINDOWS\System32\redllw32.dll
[2001/07/24 22:19:56 | 000,001,443 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2001/07/24 22:19:56 | 000,000,643 | ---- | C] () -- C:\WINDOWS\WAVPLAY.INI
[2001/07/24 22:19:56 | 000,000,599 | ---- | C] () -- C:\WINDOWS\MIDIPLAY.INI
[2001/07/24 22:19:56 | 000,000,133 | ---- | C] () -- C:\WINDOWS\POWERBAR.INI
[2001/07/24 22:15:56 | 000,000,428 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2001/07/22 14:59:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HPOPNP.DLL
[2001/07/21 11:30:44 | 000,000,410 | ---- | C] () -- C:\WINDOWS\AUDIOVIW.INI
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/04/24 00:45:37 | 000,002,717 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/04/21 17:05:30 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL
[2001/04/21 17:02:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\OEMREG.DLL
[2001/04/21 16:56:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL
[2001/04/21 16:56:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2001/04/21 16:55:50 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL
[2001/04/21 16:53:23 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL
[2001/01/27 14:13:18 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2001/01/27 14:13:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2001/01/25 21:58:05 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[2001/01/24 21:38:25 | 000,001,544 | ---- | C] () -- C:\WINDOWS\Mpcwin00.ini
[2000/11/05 23:52:44 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2000/10/23 20:50:08 | 000,002,417 | ---- | C] () -- C:\WINDOWS\Mng6.ini
[2000/10/23 20:49:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\SA4_WKSP.INI
[2000/10/23 20:49:27 | 000,000,033 | ---- | C] () -- C:\WINDOWS\SA4_DRAW.INI
[2000/10/23 18:12:34 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\std-2.1-vc5.0-mt.dll
[2000/10/20 22:15:42 | 000,003,356 | ---- | C] () -- C:\WINDOWS\SA8.ini
[2000/10/20 22:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DeLGPS.ini
[2000/09/27 08:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\SharpenDIB.dll
[2000/09/27 08:09:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\AutoFinish.dll
[2000/09/04 20:56:07 | 000,250,880 | ---- | C] () -- C:\WINDOWS\System32\NViewLib.dll
[2000/07/23 22:40:41 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_UNODBC.dll
[2000/07/23 22:39:51 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2000/07/23 22:39:50 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2000/07/23 22:39:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2000/07/23 22:39:50 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2000/07/23 22:39:27 | 000,000,038 | ---- | C] () -- C:\WINDOWS\BCARDS.INI
[2000/07/23 22:39:11 | 000,000,109 | ---- | C] () -- C:\WINDOWS\ttinstal.ini
[2000/07/23 22:38:55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\ftpclient.dll
[2000/07/23 22:38:54 | 000,318,976 | ---- | C] () -- C:\WINDOWS\System32\Peer.dll
[2000/07/23 22:38:54 | 000,045,952 | ---- | C] () -- C:\WINDOWS\System32\LTVDD62W.DRV
[2000/07/23 22:38:54 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\Peer_Res.dll
[2000/07/23 22:38:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFWMF62N.DLL
[2000/07/23 22:38:54 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWPG62N.DLL
[2000/07/23 22:38:54 | 000,003,200 | ---- | C] () -- C:\WINDOWS\System32\LTTHK62W.DLL
[2000/07/23 22:38:53 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\LTTWN62N.DLL
[2000/07/23 22:38:53 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX62N.DLL
[2000/07/23 22:38:53 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFPCT62N.DLL
[2000/07/23 22:38:53 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA62N.DLL
[2000/07/23 22:38:53 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\LFPCD62N.DLL
[2000/07/23 22:38:52 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\LFFAX62N.DLL
[2000/07/23 22:38:52 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP62N.DLL
[2000/07/23 22:38:52 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\LFTIF62N.DLL
[2000/07/23 22:38:52 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2000/07/23 22:38:52 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP62N.DLL
[2000/03/24 23:52:04 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2000/02/23 22:41:38 | 000,002,128 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2000/02/03 20:55:44 | 000,001,836 | ---- | C] () -- C:\WINDOWS\MPCWIN99.INI
[2000/01/10 08:53:31 | 000,036,800 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\Comma Separated Values (Windows).ADR
[2000/01/10 08:48:22 | 000,036,798 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\Tab Separated Values (Windows).ADR
[1999/12/22 01:01:20 | 000,132,096 | ---- | C] () -- C:\WINDOWS\System32\PDFwin32.dll
[1999/12/22 01:01:20 | 000,064,688 | ---- | C] () -- C:\WINDOWS\System32\Pdfwlib.dll
[1999/12/04 15:20:34 | 000,000,706 | ---- | C] () -- C:\WINDOWS\tpr.ini
[1999/12/04 13:46:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\LGICC.DLL
[1999/10/21 23:18:46 | 000,000,227 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[1999/10/21 23:17:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini
[1999/09/09 22:38:36 | 000,002,208 | ---- | C] () -- C:\WINDOWS\Mng5.ini
[1999/08/08 23:11:52 | 000,002,801 | ---- | C] () -- C:\WINDOWS\SA6.ini
[1999/08/08 22:42:11 | 000,287,232 | R--- | C] () -- C:\WINDOWS\System32\PPRO200.DLL
[1999/08/08 22:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[1999/08/08 22:06:57 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\Fprun300.dll
[1999/08/08 22:06:56 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\Leaddib.drv
[1999/07/26 23:35:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\BLADEENC.DLL
[1999/07/05 04:00:00 | 000,074,729 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/05/01 08:58:02 | 000,000,606 | ---- | C] () -- C:\WINDOWS\SA3.INI
[1999/04/09 18:11:00 | 001,143,552 | ---- | C] () -- C:\WINDOWS\System32\hpftrl06.dll
[1999/04/09 18:11:00 | 000,133,760 | ---- | C] () -- C:\WINDOWS\System32\hpfdat06.dll
[1999/04/09 18:10:59 | 000,033,568 | ---- | C] () -- C:\WINDOWS\System32\hpfp9806.dll
[1999/03/21 13:35:01 | 000,001,579 | ---- | C] () -- C:\WINDOWS\MNG2.INI
[1999/01/25 07:43:02 | 000,048,235 | ---- | C] () -- C:\WINDOWS\System32\MSDNTB.DLL
[1998/12/27 21:47:59 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\mvcl13n.dll
[1998/12/26 22:40:30 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\Thumb.dll
[1998/11/18 14:09:16 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wb32lib5.dll
[1998/11/18 14:09:16 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\wb32lib4.dll
[1998/09/21 21:45:03 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System32\SETUPKIT.DLL
[1998/09/04 22:56:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vkcustom.ini
[1998/09/04 22:56:42 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\VkUninst.dll
[1998/09/04 22:56:25 | 000,403,456 | ---- | C] () -- C:\WINDOWS\System32\CCTN240C.DLL
[1998/09/04 22:56:24 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\SH33W32.DLL
[1998/07/23 20:34:41 | 000,445,952 | ---- | C] () -- C:\WINDOWS\System32\repodbc.dll
[1998/07/23 20:34:41 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\REPRC.DLL
[1998/07/18 16:39:14 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\NMOCOD.DLL
[1998/06/28 21:49:08 | 000,001,129 | ---- | C] () -- C:\WINDOWS\wb98.ini
[1998/06/28 21:49:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\zdbui.ini
[1998/06/27 20:47:34 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\SWFF3250.DLL
[1998/06/25 22:34:46 | 000,000,223 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[1998/06/22 18:28:53 | 000,049,616 | ---- | C] () -- C:\WINDOWS\System32\JCB.DLL
[1998/06/22 18:28:53 | 000,048,088 | ---- | C] () -- C:\WINDOWS\System32\DSCVR.DLL
[1998/06/22 18:28:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FDECTSP.DLL
[1998/06/22 18:28:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\VDOPLSTR.DLL
[1998/06/21 22:20:36 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\S3DTKW.DLL
[1998/06/21 19:28:36 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\RASCHK32.DLL
[1998/06/21 19:28:36 | 000,013,420 | ---- | C] () -- C:\WINDOWS\System32\RASCHK16.DLL
[1998/06/21 19:28:34 | 000,080,624 | ---- | C] () -- C:\WINDOWS\System32\SH31W32.DLL
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\reputil.dll
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1998/03/19 15:13:20 | 000,019,776 | ---- | C] () -- C:\WINDOWS\System32\VMP_MM.DLL
[1998/03/19 15:13:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VCTL.INI
[1997/12/15 08:43:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/14 12:11:34 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\tsd2.dll
[1997/06/18 00:00:00 | 001,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/11/13 00:00:00 | 003,661,072 | ---- | C] () -- C:\WINDOWS\System32\MSO97RT.DLL
[1996/08/24 11:11:10 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\PRODINV.DLL
[1979/12/31 22:32:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1979/12/31 21:47:38 | 000,000,771 | ---- | C] () -- C:\WINDOWS\LXcache.ini
[1979/12/31 21:35:52 | 000,014,348 | ---- | C] () -- C:\WINDOWS\System32\ODIDLL16.DLL
[1979/12/31 21:14:16 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\inv16.dll
[1979/12/31 20:28:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\PTISTP.DLL
[1979/12/31 17:56:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[1979/12/31 17:56:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[1979/12/31 17:56:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[1979/12/31 17:56:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[1979/12/31 10:58:19 | 000,008,182 | ---- | C] () -- C:\Documents and Settings\Alan\Application Data\dw.log

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\termsrv.dll:SummaryInformation
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFDCA54
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA7184B8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:527DAC91
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >

OTL Extras logfile created on: 02/12/11 4:57:19 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Alan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 403.59 Gb Free Space | 43.33% Space Free | Partition Type: NTFS
Drive M: | 465.76 Gb Total Space | 131.71 Gb Free Space | 28.28% Space Free | Partition Type: NTFS

Computer Name: ERICKSON_PUTER | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Explore_with_FileBoss] -- "C:\Program Files\FileBoss\FILEBOSS.EXE" /nosplash /o "%1" (The Utility Factory)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"8767:UDP" = 8767:UDP:*:Enabled:Teamspeak - ET
"25429:TCP" = 25429:TCP:*:Enabled:UTor
"27961:UDP" = 27961:UDP:*:Enabled:ET2
"27961:TCP" = 27961:TCP:*:Enabled:ET2-1
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\yserver.exe" = C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\MSI\i-Speeder\i-Speeder.exe" = C:\Program Files\MSI\i-Speeder\i-Speeder.exe:*:Disabled:i-Speeder -- (Micro-Star International Co.,Ltd.)
"C:\DRIVE_D\Program Files\Napster\napster.exe" = C:\DRIVE_D\Program Files\Napster\napster.exe:*:Disabled:BETA 10.3 Napster Client Application -- (Napster Inc. (www.napster.com))
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"C:\Downloads\utorrent.exe" = C:\Downloads\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe:*:Enabled:ETDED -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\TightVNC\tvnserver.exe" = C:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server -- (GlavSoft LLC.)
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- (TightVNC Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004F0409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1 Runtime
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0212ECEC-2FEC-4C26-924E-6B3F92D569FF}" = AccusizeSetup
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.0.7.1
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B4B16C4-A553-4B42-9B75-CD67346444D0}" = XSDesigner V2
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"{11CD5162-A4B2-11D5-B4F3-FFFFFF000000}" = BSTime
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13CA4073-A66B-4F07-9491-B933018E63D2}_is1" = Moyea SWF to Video Converter Pro version 2.4.1.9
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184D95BE-B66A-4534-97E6-4C6A44032C6E}" = CoffeeCup Flash Form Builder
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{20EADC60-7AA6-49ED-8E5F-D8FBC0C677B9}" = CoffeeCup Live Chat
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235D8A8E-2F97-11D6-A551-0090278A1BB8}" = Visual FoxPro 8.0 Baseline - English
"{235D8A94-2F97-11D6-A551-0090278A1BB8}" = Visual FoxPro 8.0 Professional - English
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{239AB56F-C2CB-4DF5-B935-7D739623D56F}" = CoffeeCup Flash Password Wizard
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2545228C-6A70-4A01-B936-6DA77984D298}" = Acronis True Image Workstation
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 21
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B8AEEF8-8104-45E3-9A5C-521E8E6A6490}" = Bridge Baron 17
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000 SR-1
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2F30A886-DC9F-4C4D-8CE5-124388C82943}" = Microsoft Network Guide
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4915A273-16A5-42E7-B258-65BD92862D2E}_is1" = Genie Backup Manager Pro 8.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}" = Hallmark Card Studio 2007 Deluxe
"{5F02B41E-F3CD-4806-B90D-ED69BA29FECB}" = WORDsearch Fonts
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.0 PRO
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64678DB1-3475-4674-80AD-4C07C4295A9B}_is1" = FLV to AVI 1.2
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65980EBF-C4B5-4555-823A-94DB7F709E53}" = Secure Online Account Numbers
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6BDE68AC-E1A3-4591-8E37-C95BF278EDF5}" = VetPacsLite 2006
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7029D123-6CF0-4414-A3B2-4B3B99B21E59}" = e-Sword
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{741849D8-E8D9-49CF-B373-0D7507ED0A56}" = Event Planner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FFEC889-BACE-4EE5-BC92-968FBE547AC4}" = Singing Coach
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81CFDC81-A76D-4098-A8A8-D2BC21340D51}" = Bible Mapper 3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
"{871EFABF-ED09-42A0-8C4C-000000000003}" = Omar Sharif Bridge II
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{888B3583-C689-44FD-9573-DAB8B7F8A0AA}" = MapSource - MetroGuide USA
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8B0A877E-5ADB-44FE-8EA8-82D1B59386A5}" = TodayAgenda
"{8BA676DE-6239-4D76-941A-C7B9A1501735}" = CoffeeCup RSS News Flash
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90500409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{942E0955-C67C-474C-8D4E-63C23E93C13A}" = BibleWorks 7
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94FB0978-D094-40C7-91D7-834D39220D4A}" = Crystal Reports XI Release 2
"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}" = Google Gears
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9877BCD9-6698-4951-AE19-D5F398D83D5A}" = Dassault Systemes Software Prerequisites x86
"{991C5595-5151-4D70-B6CC-90633AC69076}" = HP Wireless Printer Adapter
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B9D800B-98E6-4755-A49F-956693818721}" = Panasonic USB Storage Driver
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}" = AvantGo Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC9354BD-AAC0-41A4-B4EB-55AF30B6E068}" = World Clock Sync
"{ADF98CF7-1458-412F-976F-BF761A26F2A0}" = Alohabob PC Relocator Ultra Control
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B15F6758-D185-4377-9F3A-7B30B03E9A97}" = MSI DigiCell
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4572608-DFF7-4E77-A8DD-D814DB87787A}" = CoffeeCup Flash Button Factory
"{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
"{B550D1C2-13FE-4F1E-AEAB-9AF26CF3506D}" = Buzzsaw-S
"{B5C24E20-E776-4E5C-8EAD-CA5B7B895848}" = Hallmark Card Studio 2 Standard
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks 2005 Premier
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BEB3C5A8-CC2C-422E-A14A-3074AC17ED81}" = CoffeeCup Flash Website Search
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}" = Garmin USB Drivers
"{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6E44C01-0DF8-465D-A6C0-F8B1159CBBB1}" = Garmin Communicator Plugin
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA20D7B8-BA4F-466A-8402-579DAAB350E0}" = PHM Pocket PC PowerToys
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CAC69CB7-BC77-48C4-8C50-BF8C08A7BB2A}" = ChromeMailer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC964932-75AE-4C79-8EBF-865C799C3D35}" = Network Magic
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE428642-5112-49AC-B08F-D87DA8392FD2}" = Garmin MapSource
"{D0A79B0C-1099-4361-84E2-CF8122114D29}" = MegaPing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = HP Wireless Adapter
"{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}" = EPSON PhotoCenter
"{D2D94FFA-1CB5-488F-85CA-1A1D94CFFCC3}" = Virtual Earth - 3DVIA (Technology Preview)
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E138D4AD-B18B-455C-ABB5-567D44DB6A24}" = RESFEN 5.0
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E258A840-7E9A-443A-B156-67102C48BF17}" = TPP Storage Driver Installation
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E7139249-8631-4E4E-ADDE-DBBF2D770E0F}" = PC Backup Lite
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Multi-Card Reader/Writer
"{EA4E8AB8-B48F-467B-A202-10AD74EE97FB}" = Brother HL-2070N
"{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F}" = Free JavaScript Editor 4.7
"{EC90EAE9-0E03-44A1-BF36-0B670B8B8E19}" = CoffeeCup Direct FTP
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{ED386A62-2BA2-4544-A723-5DFFDC283F6A}" = Mobipocket Reader 6.0
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EECDDEA0-DB76-4488-8E52-0EF1DF63700A}" = Microsoft IntelliPoint 5.4
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F079BE74-5545-4C5F-B947-708A6F194645}" = VisualRoute 2010
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2A69CA0-8BBF-4404-BA68-DB79A3548E34}" = PCStitch 7
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6A6517B-F80D-4A48-B1E7-984B84A06E50}" = Serato Scratch LIVE by Rane
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F81B7B81-6458-4A38-A261-BC163E16EB8B}" = DirMS-S
"{F84DCD57-20AB-4E22-8892-2F88FAF76702}" = Google Web Accelerator
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"4264EB8698BC18BF27D0CE835379C57124AD2B98" = Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (02/08/2007 4.1.7039.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"77DC33BA594917395D7B0FB0ECCE284BF207C1F7" = Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (02/08/2007 4.1.7039.0)
"AAA Map'n'Go 5.0" = AAA Map'n'Go 5.0
"AAA Map'n'Go 5.0 Extractor" = AAA Map'n'Go 5.0 Extractor
"AAA Map'n'Go 6.0" = AAA Map'n'Go 6.0
"AAA Map'n'Go 6.0 Extractor" = AAA Map'n'Go 6.0 Extractor
"AAC" = AAC
"AC3" = AC3
"Active@ Partition Recovery Enterprise" = Active@ Partition Recovery Enterprise
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.1 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"Amazon Kindle For PC" = Amazon Kindle For PC
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.6
"Applet Navigation Factory" = Applet Navigation Factory
"ArcSoft Camera Studio" = ArcSoft Camera Studio
"Artisteer 2" = Artisteer 2
"Ask Toolbar_is1" = Ask Toolbar
"ASPS 2.0" = ASPS 2.0
"Audacity_is1" = Audacity 1.2.6
"AudioStation2" = Voyetra AudioStation2
"Autodesk MapGuide Viewer ActiveX Control" = Autodesk MapGuide Viewer ActiveX Control
"AutoGK" = Auto Gordian Knot 2.27
"AveryWiz10" = Avery Wizard 1.0
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Azureus" = Azureus
"Babylon" = Babylon
"BatteryStatus (Chi-Tai Dang)" = BatteryStatus (Chi-Tai Dang)
"BCD98" = Britannica CD 98
"Beagle Software ClockWatch Support Files" = Beagle Software ClockWatch Support Files
"Bible Explorer Bible Downloadable Edition" = Bible Explorer Bible Downloadable Edition
"Bink and Smacker" = Bink and Smacker
"Bookshelf98" = Microsoft Bookshelf 1998 (Remove ONLY)
"Canon Web Publisher" = Canon Web Publisher
"CD / DVD Spindle Search Plugin" = CD / DVD Spindle Search Plugin 1.2.2
"CDPhotoDeinstKey" = ColorDesk Photo
"Celestia_is1" = Celestia 1.4.0
"cFosSpeed" = cFosSpeed v4.22
"cGPSmapper Free_is1" = cGPSmapper Free 0092
"CheckIt Diagnostics" = CheckIt Diagnostics
"Click'N Design 3D" = Click'N Design 3D
"Click'N Design 3D Textures" = Click'N Design 3D Textures
"ClipCache" = ClipCache
"COA2" = COA2
"CoffeeCup Flash Blogger - Registered" = CoffeeCup Flash Blogger - Registered
"CoffeeCup Flash Form Builder - Registered" = CoffeeCup Flash Form Builder - Registered
"CoffeeCup Flash Photo Gallery - Registered" = CoffeeCup Flash Photo Gallery - Registered
"CoffeeCup GIF Animator" = CoffeeCup GIF Animator
"CoffeeCup Google SiteMapper" = CoffeeCup Google SiteMapper
"CoffeeCup HTML Editor 2006" = CoffeeCup HTML Editor 2006
"CoffeeCup Image Mapper" = CoffeeCup Image Mapper
"CoffeeCup MP3 Rip & Burn_is1" = CoffeeCup MP3 Rip & Burn
"CoffeeCup PC TuneUp Pro" = CoffeeCup PC TuneUp Pro
"CoffeeCup PixConverter" = CoffeeCup PixConverter
"CoffeeCup StyleSheet Maker" = CoffeeCup StyleSheet Maker
"CoffeeCup VisualSite Designer" = CoffeeCup VisualSite Designer
"CoffeeCup Web JukeBox - Registered" = CoffeeCup Web JukeBox - Registered
"CoffeeCup WebCam 3.5" = CoffeeCup WebCam 3.5
"ColorStoreDeInstallKey" = ColorStore
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cookie Editor_is1" = Cookie Editor 1.9.1.469
"CookieCop" = CookieCop
"Core Center" = Core Center
"CreataCard Special Edition - Canon 2" = CreataCard Special Edition - Canon 2
"CS30DeinstKey" = CompuServe 4.0.2
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DAO 3.5" = DAO 3.5
"Data Access Objects (DAO)" = Data Access Objects (DAO) 3.0
"DataDisc 98.2" = DataDisc 98.2
"DesignEssentialsDeInstall" = Design Essentials
"Diamond CD Installer" = Diamond CD Installer
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"Digital Media Converter_is1" = Digital Media Converter 2.7
"DiscPlay 4" = DiscPlay 4
"Down2Home" = Down2Home
"Download Manager" = Download Manager 2.3.6
"Drive Image" = Drive Image
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.5.0
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"DVDFab 7_is1" = DVDFab 7.0.6.7 (30/05/2010)
"DVDFab Platinum_is1" = DVDFab Platinum 3.0.8.6
"DynDNS Updater_is1" = DynDNS Updater 3.1
"E.M. Magic Swf2Avi 2008_is1" = E.M. Magic Swf2Avi 2008 build 5.2.10.115
"Easy BridgeDeinstall" = Easy Bridge
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 1.5.1
"Easy Save Flash 1.41" = Easy Save Flash 1.41
"Easycab v9.0_is1" = Easycab v9.0
"EasyHex Hex Editor_is1" = EasyHex Hex Editor 1.13
"EPOC Connect" = EPOC Connect
"Excel Key" = Excel Key 7.5 Demo
"Family Tree Maker" = Family Tree Maker 6.0
"FavOrg" = FavOrg
"FE-SizerVersion3.0" = FE-Sizer Version 3.0
"ffdshow_is1" = ffdshow v1.1.3476 [2010-06-15]
"FFMPEG" = FFMPEG
"FileBoss_is1" = FileBoss 1.700
"FileTip" = FileTip
"FileZilla Client" = FileZilla Client 3.3.5.1
"FL 2001 Registration" = FL 2001 Registration
"Flash Saver" = Flash Saver
"FlashCapture" = FlashCapture v2.1.0.1163
"FreeEDGAR" = FreeEDGAR
"FreeProxy/FreeWeb_is1" = FreeProxy version 3.92
"FrRefEng" = French Spelling Settings
"Gallery Remote" = Gallery Remote
"GameTracker Lite" = GameTracker Lite
"GetASFStream" = GetASFStream
"GoodMEM" = GoodMEM
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GRE POWERPREP" = GRE POWERPREP
"Hamachi" = Hamachi 1.0.3.0
"HCC Lite" = HCC Lite
"HiDownload" = HiDownload
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HTMLKit_is1" = HTML-Kit
"HVAC-Calc" = HVAC-Calc
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.6.1 Q16_is1" = ImageMagick 6.6.1-5 Q16 (2010-05-01)
"ImgBurn" = ImgBurn (Remove Only)
"InCD!UninstallKey" = InCD
"InfoView" = InfoView
"InstallShield for Microsoft Visual C++ 6" = InstallShield for Microsoft Visual C++ 6
"InstallShield_{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{7FFEC889-BACE-4EE5-BC92-968FBE547AC4}" = Singing Coach
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{ADF98CF7-1458-412F-976F-BF761A26F2A0}" = Alohabob PC Relocator Ultra Control
"InstallShield_{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB
"InstallShield_{E7139249-8631-4E4E-ADDE-DBBF2D770E0F}" = PC Backup Lite
"IntelliCAD 98" = IntelliCAD 98
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"ISA Clip Symbols" = ISA Clip Symbols
"IsoBuster_is1" = IsoBuster 2.5
"i-Speeder" = i-Speeder
"Jeff Gordon® XS Racing ™" = Jeff Gordon® XS Racing ™
"JRE 1.1" = Java Runtime Environment 1.1
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LaunchPad 1.6" = LaunchPad 1.6
"LHTTSENG" = L&H TTS3000 British English
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Locked Programs" = Locked Programs
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MadOnion.com/3DMark2000" = MadOnion.com/3DMark2000
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR14SP3" = MATLAB 7.1
"Matrikon OPC Server for Genie" = Matrikon OPC Server for Genie
"McGraw-Hill Dictionary of Engineering" = McGraw-Hill Dictionary of Engineering (remove only)
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Interactive Training" =
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"MidContinent PL Player_is1" = PermissionTV MidContinent PL Player 3.15
"Money2006a" = MSN Money Investment Toolbox
"MooreGames" = MooreGames
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MRW!UninstallKey" = InCD Reader
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"MSI Live Update 3" = MSI Live Update 3
"Music Catalogue Master" = Music Catalogue Master
"Music Label 98" = Music Label 98
"MVApplication1" = SureThing CD Labeler - Stomper Edition 32 bit
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"MyChurch Administrator" = MyChurch Administrator
"MyChurch Viewer" = MyChurch Viewer
"Napster v2.0 BETA 10.3" = Napster v2.0 BETA 10.3
"Napster v2.0 BETA 6" = Napster v2.0 BETA 6
"National Fire Protection Association NECH 1999" = National Fire Protection Association NECH 1999
"NeoTrace Express 3.25" = NeoTrace Express 3.25
"NeoTrace Pro 3.25" = NeoTrace Pro 3.25
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = Nero Digital
"NetAlyzer_is1" = NetAlyzer 0.3
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"Notepad++" = Notepad++
"NoteWorthy Composer" = NoteWorthy Composer
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NXPowerLite 2.3.1" = NXPowerLite 2.3.1 (All Users)
"ohmyGolf" = ohmyGolf
"OneTouch Version 3.0" = OneTouch Version 3.0
"OpenDNS Updater" = OpenDNS Updater 2.2
"Orionic" = Orionic
"OziExplorer 3.95_is1" = OziExplorer 3.95
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Identity Protect" = Panda Identity Protect 3.0.45
"panda2_0dn" = Panda Security Toolbar URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"PaperPort 7.02" = PaperPort 7.02
"PC Magazine's Top 100s as Internet Explorer Favorites_is1" = PC Magazine's Top 100s as Internet Explorer Favorites
"PC Study Bible" = PC Study Bible (remove only)
"PCHealth" =
"PCMagazineBackIssueDBUninstallKey" = PC Magazine Back Issue DB
"PCSleek Free Error Cleaner_is1" = PCSleek Free Error Cleaner 2.05
"PDAmill Number Cruncher for PocketPC" = PDAmill Number Cruncher for PocketPC
"PE Builder_is1" = PE Builder 3.1.10a
"PerformanceTest_is1" = PerformanceTest v5.0
"PermissionTV Download Manager_is1" = PermissionTV Download Manager
"Personal Ancestral File® Version 4.0" = Personal Ancestral File® Version 4.0
"PhotoRescue PC_is1" = PhotoRescue PC v3.1.3.10708
"Picasa 3" = Picasa 3
"PictureGear 4.1Lite" = PictureGear 4.1Lite
"Ping Plotter" = Ping Plotter
"Popfix" = Popfix
"PowerISO" = PowerISO
"PrintKey2000" = PrintKey2000
"Privoxy" = Privoxy (remove only)
"PTS- AudioCD MP3-Studio" = PTS-AudioCD MP3-Studio
"Punch! Home Design - Platinum" = Punch! Home Design - Platinum
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"QuickSite Family Edition" = QuickSite Family Edition
"RAISE ABECAD Clipboard" = RAISE ABECAD Clipboard
"RegCure" = RegCure 1.5.0.1
"Registry Mechanic_is1" = Registry Mechanic 5.2
"RegRun Security Suite_is1" = RegRun Security Suite Platinum
"Replay Converter 3" = Replay Converter 3
"Replay_AV_807" = Replay AV 8
"Replay_Converter_1" = Replay Converter 2.8
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"RPADeinstKey" = Virtual Key
"Sa3DeinstKey" = Street Atlas USA
"san_std_un" = SiSoft Sandra 2001te Standard
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"SBC Yahoo! DSL Activation" = SBC Yahoo! DSL Activation
"science" = Science Smart
"SecureDoc" = SecureDoc
"Serif 100,000 Deluxe Graphics Pack" = Serif 100,000 Deluxe Graphics Pack
"Shockmachine" = Shockmachine
"SKTools Lite" = SKTools Lite
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SnadBoy's Revelation" = SnadBoy's Revelation
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"SoftICE" = NuMega SoftICE
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST5UNST #1" = SEACalc
"ST6UNST #1" = Flow Consultant
"StampPDF2.7" = StampPDF2.7
"Startup Cop" = Startup Cop
"Stock Analyzer" = Stock Analyzer
"Stock Analyzer_is1" = Stock Analyzer Version 4.0d
"StockAV3" = Stock Analyzer
"Street Atlas USA 6.0" = Street Atlas USA 6.0
"Street Atlas USA 8.0" = Street Atlas USA 8.0
"SUPER ©" = SUPER © Version 2007.bld.22 (Mar 14, 2007)
"SymSetup.{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks 2005 Premier (Symantec Corporation)
"SyncIT" = SyncIT Bookmark Synchronizer
"SystemRequirementsLab" = System Requirements Lab
"TapIsland" = TapIsland
"TaxACT 2003" = TaxACT 2003
"TaxACT 2004" = TaxACT 2004
"TaxACT 2005" = TaxACT 2005
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 Kansas" = TaxACT 2008 Kansas
"TaxACT 2008 Missouri" = TaxACT 2008 Missouri
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 Missouri" = TaxACT 2009 Missouri
"TaxACT Kansas 2003" = TaxACT Kansas 2003
"TaxACT Kansas 2004" = TaxACT Kansas 2004
"TaxACT Kansas 2005" = TaxACT Kansas 2005
"TaxACT Kansas 2006" = TaxACT Kansas 2006
"TaxACT Kansas 2007" = TaxACT Kansas 2007
"TaxACT Missouri 2003" = TaxACT Missouri 2003
"TaxACT Missouri 2004" = TaxACT Missouri 2004
"TaxACT Missouri 2005" = TaxACT Missouri 2005
"TaxACT Missouri 2006" = TaxACT Missouri 2006
"TaxACT Missouri 2007" = TaxACT Missouri 2007
"TCPMP" = TCPMP
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Texas Hold'em Video Poker_is1" = VPHoldem version 1.0.103
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"TightVNC" = TightVNC 2.0.2
"TomeRaider3" = TomeRaider3
"TomeRaider3_is1" = TomeRaider3 v3.3.5
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"TPP200" = USB Storage Adapter V2 (TPP)
"TPP300" = USB Storage Adapter V3 (TPP)
"TPP725" = USB Storage Adapter (TPP)
"TripMaker" = Rand McNally TripMaker SE 1999
"TTInstallerDeinstKey" = TrueType Font Installer
"Tweak UI 2.10" = Tweak UI
"Ulead Photo Express JR 3.0" = Ulead Photo Express 3.0
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Unlocker" = Unlocker 1.8.7
"unMapngo2" = AAA Map'n'Go 2.0
"USA TODAY MileTracker" = USA TODAY MileTracker
"USB Memory Stick Reader V1.02" = Lexar USB Memory Stick Reader
"Verity Publications" = Verity Publishing Products
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual FoxPro 8.0 Professional - English" = Microsoft Visual FoxPro 8.0 Professional - English
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualRoute Lite Edition" = VisualRoute Lite Edition
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VobSub" = VobSub v2.23 (Remove Only)
"VuePrint" = VuePrint
"Vuze" = Vuze
"W3e 2000" = W3e 2000
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebAnswer" = Back-Issue Database
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WebRecordDeinstallKey" = Canon WebRecord
"WebWasher" = WebWasher
"What's Running_is1" = What's Running 2.2
"WIC" = Windows Imaging Component
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"WinBatch" = WinBatch
"WinBench 98" = WinBench 98
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows Registry Guide_is1" = Windows Registry Guide 2003
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.1
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wireshark" = Wireshark 0.99.6a
"WMFDist11" = Windows Media Format 11 runtime
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"WORDsearch Fonts" = WORDsearch Fonts
"WordSmt" = Word Smart
"xampp" = XAMPP 1.7.1
"XLViewer97" = Microsoft Excel Viewer 97
"XSForms LT" = XSForms LT
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2730970711-1940038648-3843556251-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ExeIco" = ExeIco (remove only)
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Spoon Sandbox Manager 3.24" = Spoon Sandbox Manager 3.24

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/10/11 7:05:04 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 02/10/11 7:29:00 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 02/10/11 9:29:38 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application gswin32c.exe, version 0.0.0.0, faulting module
gsdll32.dll, version 0.0.0.0, fault address 0x0016c243.

Error - 02/11/11 12:24:27 AM | Computer Name = ERICKSON_PUTER | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [1936]. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 02/11/11 12:27:21 AM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 02/11/11 12:31:01 AM | Computer Name = ERICKSON_PUTER | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [1940]. Just-In-Time
debugging this exception failed with the following error: The remote procedure
call failed. Check the documentation index for 'Just-in-time debugging, errors' for
more information.

Error - 02/11/11 12:54:59 AM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 02/11/11 1:29:16 AM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 02/11/11 10:22:01 AM | Computer Name = ERICKSON_PUTER | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/12/11 6:53:36 PM | Computer Name = ERICKSON_PUTER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

[ System Events ]
Error - 02/12/11 6:45:33 PM | Computer Name = ERICKSON_PUTER | Source = PlugPlayManager | ID = 12
Description = The device 'HP_USB_Virtual_Driver' (USB\Vid_03f0&Pid_5711\MY74NH50QB04J7_HPNU)
disappeared from the system without first being prepared for removal.

Error - 02/12/11 6:45:33 PM | Computer Name = ERICKSON_PUTER | Source = PlugPlayManager | ID = 12
Description = The device 'HP Photosmart C4100 series (DOT4USB)' (USB\Vid_03f0&Pid_5711&MI_02\3&ec07cc9&2&0002)
disappeared from the system without first being prepared for removal.

Error - 02/12/11 6:45:33 PM | Computer Name = ERICKSON_PUTER | Source = PlugPlayManager | ID = 12
Description = The device 'USB Mass Storage Device' (USB\Vid_03f0&Pid_5711&MI_03\3&ec07cc9&2&0003)
disappeared from the system without first being prepared for removal.

Error - 02/12/11 6:45:33 PM | Computer Name = ERICKSON_PUTER | Source = PlugPlayManager | ID = 12
Description = The device 'HP Photosmart C4180 USB Device' (USBSTOR\Disk&Ven_HP&Prod_Photosmart_C4180&Rev_1.00\4&2e3d37ff&0&MY74NH50QB04J7&0)
disappeared from the system without first being prepared for removal.

Error - 02/12/11 6:45:33 PM | Computer Name = ERICKSON_PUTER | Source = PlugPlayManager | ID = 12
Description = The device 'Generic volume' (STORAGE\RemovableMedia\5&2d5762e&0&RM)
disappeared from the system without first being prepared for removal.

Error - 02/12/11 6:52:07 PM | Computer Name = ERICKSON_PUTER | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 02/12/11 6:52:41 PM | Computer Name = ERICKSON_PUTER | Source = Service Control Manager | ID = 7000
Description = The Digital Camera(Video) Device service failed to start due to the
following error: %%2

Error - 02/12/11 6:52:41 PM | Computer Name = ERICKSON_PUTER | Source = Service Control Manager | ID = 7000
Description = The Suite Service service failed to start due to the following error:
%%2

Error - 02/12/11 6:54:09 PM | Computer Name = ERICKSON_PUTER | Source = Service Control Manager | ID = 7022
Description = The Panda Cloud Antivirus Service service hung on starting.

Error - 02/12/11 6:54:44 PM | Computer Name = ERICKSON_PUTER | Source = Service Control Manager | ID = 7000
Description = The SjyPkt service failed to start due to the following error: %%2


< End of report >

Still the same problems

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:10 AM

Posted 13 February 2011 - 12:47 PM

Hi-

Let's do some more cleaning up and run another scan.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\S-1-5-21-2730970711-1940038648-3843556251-1005..\Run: [SetDefaultMIDI] File not found
O9 - Extra 'Tools' menuitem : &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra Button: MicroPortal - {06FE5D01-8F11-11d2-804F-00105A133818} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra Button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O9 - Extra 'Tools' menuitem : AltaVista &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - File not found
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://trueswitch.com/sbc/TrueInstallSBC.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Blackjack http://download.games.yahoo.com/games/clients/y/jt0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Dominoes http://download2.games.yahoo.com/games/clients/y/dot9_x.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (OGPDFLoader.dll) - File not found
O20 - AppInit_DLLs: (OGPDFLoader.dll) - File not found
:commands
[emptytemp]
[resethosts]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.

Next, please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.
In your reply, please copy in the OTL Fix report and the MBRCheck report.
Shannon

#12 agerickson

agerickson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 13 February 2011 - 04:40 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000017f5

Kernel Drivers (total 176):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB8328000 Partizan.sys
0xB7F68000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB7F10000 nvraid.sys
0xB80E8000 \WINDOWS\system32\drivers\CLASSPNP.SYS
0xB8330000 PartMgr.sys
0xB80F8000 VolSnap.sys
0xB7EF9000 nvatabus.sys
0xB7EE2000 nvata.sys
0xB8108000 disk.sys
0xB7EC2000 fltmgr.sys
0xB7EB0000 sr.sys
0xB7E9A000 PQV2i.sys
0xB8118000 PxHelp20.sys
0xB7E83000 KSecDD.sys
0xB7DF6000 Ntfs.sys
0xB7DC9000 NDIS.sys
0xB7D6A000 timntr.sys
0xB7D51000 snapman.sys
0xB7D37000 Mup.sys
0xB8158000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB7D0B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xB8168000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB8418000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB7C53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8448000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB787B000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB7857000 \SystemRoot\system32\drivers\portcls.sys
0xB8188000 \SystemRoot\system32\drivers\drmk.sys
0xB7834000 \SystemRoot\system32\drivers\ks.sys
0xB8198000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8480000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB7CDB000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB77F4000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB77C1000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xB6DFE000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6DEA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83C8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7CB7000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6DD6000 \SystemRoot\system32\DRIVERS\parport.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8408000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB6D1F000 \SystemRoot\system32\DRIVERS\cfosspeed.sys
0xB85C8000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB879E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7D13000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6D08000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8440000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6C2F000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8278000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8470000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8488000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8498000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xB8288000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB6BD7000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8298000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8370000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6B51000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C93000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB6B25000 \SystemRoot\system32\drivers\windrvr6.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
0xB7C77000 \SystemRoot\system32\DRIVERS\hpnuhst.sys
0xB82C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB82D8000 \SystemRoot\system32\DRIVERS\hpnuhub.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85EA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8308000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB8360000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB85F0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8681000 \SystemRoot\System32\Drivers\Null.SYS
0xB85F4000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8388000 \SystemRoot\System32\drivers\vga.sys
0xB85F8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB6C0F000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB49C4000 \SystemRoot\System32\Drivers\InCDfs.SYS
0xB83B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83C0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4993000 \SystemRoot\System32\Drivers\UdfReadr.SYS
0xB6BCF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4946000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB48ED000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB48B5000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xB488F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8318000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB47C7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB8148000 \SystemRoot\system32\drivers\ip6fw.sys
0xB8178000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB47A5000 \SystemRoot\System32\drivers\afd.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8208000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB475B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB84A8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB4730000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4711000 \SystemRoot\system32\DRIVERS\psinknc.sys
0xB466A000 \SystemRoot\system32\DRIVERS\hpl8187.sys
0xB8218000 \SystemRoot\System32\Drivers\PQIMount.SYS
0xB8428000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB45AA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8378000 \SystemRoot\System32\DRIVERS\InCDPass.sys
0xB8228000 \SystemRoot\System32\Drivers\Fips.SYS
0xB455E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4592000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB6CC0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83D0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB83F0000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xB6CB0000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB44E3000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB4662000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8338000 \SystemRoot\system32\DRIVERS\point32.sys
0xB6CA0000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xB4254000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0xB8614000 \SystemRoot\system32\DRIVERS\lv302af.sys
0xB6C90000 \SystemRoot\system32\drivers\usbaudio.sys
0xB40FA000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xB406F000 \SystemRoot\System32\Drivers\dump_nvraid.sys
0xB6C80000 \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB40CE000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8358000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8735000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD635000 \SystemRoot\System32\ATMFD.DLL
0xB38A9000 \SystemRoot\system32\DRIVERS\PSINAflt.sys
0xB388F000 \SystemRoot\system32\DRIVERS\PSINProt.sys
0xB3878000 \SystemRoot\system32\DRIVERS\PSINFile.sys
0xB385E000 \SystemRoot\system32\DRIVERS\PSINProc.sys
0xB3982000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xB8420000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB370D000 \SystemRoot\system32\DRIVERS\HPEAPPkt.sys
0xB38E6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB398A000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xB394A000 \SystemRoot\system32\DRIVERS\purendis.sys
0xB34F0000 \SystemRoot\system32\drivers\wdmaud.sys
0xB35BD000 \SystemRoot\system32\drivers\sysaudio.sys
0xB320F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8438000 \SystemRoot\System32\drivers\BrPar.sys
0xB34B5000 \SystemRoot\system32\DRIVERS\MaVc2K.sys
0xB31D6000 \SystemRoot\System32\Drivers\adfs.SYS
0xB8734000 \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
0xB87F5000 \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
0xB303E000 \SystemRoot\system32\DRIVERS\srv.sys
0xB8478000 \??\C:\WINDOWS\system32\drivers\RTWTKRNL.sys
0xB8490000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xB2DA6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB83E8000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB241D000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB248F000 \SystemRoot\system32\DRIVERS\hpnucmp.sys
0xB248B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB2305000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB230D000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB25C3000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB3752000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB218A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
1760 C:\WINDOWS\system32\smss.exe
560 csrss.exe
652 C:\WINDOWS\system32\winlogon.exe
700 C:\WINDOWS\system32\services.exe
720 C:\WINDOWS\system32\lsass.exe
1000 C:\WINDOWS\system32\nvsvc32.exe
1044 C:\WINDOWS\system32\svchost.exe
1092 svchost.exe
1932 C:\WINDOWS\system32\svchost.exe
1956 C:\Program Files\Ahead\InCD\InCDsrv.exe
1688 C:\WINDOWS\system32\svchost.exe
972 svchost.exe
1280 C:\WINDOWS\explorer.exe
1364 C:\WINDOWS\system32\spoolsv.exe
1900 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2172 svchost.exe
2216 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
2248 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2332 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2464 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
2768 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
3048 C:\WINDOWS\system32\HPZipm12.exe
3068 C:\WINDOWS\system32\PnkBstrA.exe
3104 C:\WINDOWS\system32\tcpsvcs.exe
3144 C:\WINDOWS\system32\svchost.exe
3584 C:\Program Files\TightVNC\tvnserver.exe
2244 C:\Program Files\DynDNS Updater\DynDNS.exe
2644 C:\WINDOWS\notepad.exe
3888 C:\WINDOWS\Dit.exe
1232 C:\WINDOWS\system32\rundll32.exe
3848 C:\WINDOWS\DitExp.exe
3796 C:\WINDOWS\tppaldr.exe
536 C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
1800 C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
1832 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
832 C:\Program Files\HP Wireless Adapter\HPWLan.exe
960 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
2132 C:\WINDOWS\system32\rundll32.exe
2292 C:\Program Files\TightVNC\tvnserver.exe
2316 C:\Documents and Settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe
2636 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2688 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
3980 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
2872 C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
3496 C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
1168 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3752 C:\WINDOWS\system32\ctfmon.exe
3900 C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe
3500 C:\Program Files\Hamachi\hamachi.exe
3712 C:\Program Files\PrintKey2000\Printkey2000.exe
3464 C:\WINDOWS\system32\wuauclt.exe
3448 alg.exe
3680 C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3196 C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1924 C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4032 C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2124 C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3284 C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
676 C:\Documents and Settings\Alan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
988 C:\WINDOWS\system32\wscntfy.exe
1140 C:\Documents and Settings\Alan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\M: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: NVIDIASTRIPE 931.52G, Rev:
PhysicalDrive1 Model Number: SeagateFreeAgentDesktop, Rev: 100F

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#13 agerickson

agerickson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 13 February 2011 - 04:43 PM

Report too big to post - so here it is.

Attached Files



#14 agerickson

agerickson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 13 February 2011 - 04:58 PM

I tried several reboots with out generating the ntdll error. So far - so good. I then tried a safe mode reboot, got the BSOD BAD-POOL_CALLER. Now when I boot up, I am back to the ntdll error.

AARRGGHH!

#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:08:10 AM

Posted 14 February 2011 - 11:56 AM

Hi-

I thought that the BSOD was a new problem but I see it existed back in December, which means that it is probaly not related to the current infections. Have you also had the ntdll error message since then or is it new? Let's see if we can get some info on these BSODs

Download NirSoft BlueScreenView v1.31.
  • Install it and run it.
  • In the upper panel, hightlight three or four of the most recent crashes.
  • Click on the program's Save Selected Items icon (second icon from the left).
  • Copy the contents of the saved file into your reply.

Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users