Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware making my computer slow


  • This topic is locked This topic is locked
22 replies to this topic

#1 Bugbegone

Bugbegone

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 08 February 2011 - 06:23 PM

One day a message popped up on Facebook.com. The message was from my friend with a link to view his pics. I clicked on it before I realized that it was fake. An ip address showed up in the address bar. I could tell it was going to download spyware. I closed the browser, but my laptop was already cranking. I ran malwarebytes, hijackthis, and other programs to diagnose and remove it. I can't figure out what the process is. I have a website debugging utility called Charles that reported a process sending data about every minute to hxxp://8.3.27.141. I can't find a process that looks fishy. See below. I don't see any. I did block it in my firewall, but I want to remove it.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by LiechtyPO at 15:55:03.63 on Tue 02/08/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4026.1009 [GMT -7:00]

AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
C:\Windows\SysWOW64\CBA\pds.exe
C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
C:\PROGRA~2\LANDesk\LDClient\collector.exe
C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Users\liechtypo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Charles\Charles.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\mmc.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\liechtypo\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uDefault_Page_URL = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:8888; https=127.0.0.1:8888
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: XRefresh BHO: {8774c0b1-6697-43b8-8d0e-6179f48838b0} - "C:\Program Files (x86)\XRefresh\XRefreshAddon.dll"
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: XRefresh Toolbar: {551012c5-352d-48d9-9e29-e90f293d19f0} - "C:\Program Files (x86)\XRefresh\XRefreshAddon.dll"
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: XRefresh Panel: {0a839ff4-f7ca-41e0-8ea1-f5e2913139d0} - "C:\Program Files (x86)\XRefresh\XRefreshAddon.dll"
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\liechtypo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [LPManager] "C:\PROGRA~2\THINKV~1\PrdCtr\LPMGR.exe"
mRun: [LPMailChecker] "C:\PROGRA~2\THINKV~1\PrdCtr\LPMLCHK.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Sophos AutoUpdate Monitor] "C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
StartupFolder: C:\Users\LIECHT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\liechtypo\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-explorer: DisallowCpl = 1 (0x1)
uPolicies-explorer: NoStartMenuMyGames = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
IE: {8774C0B1-6697-43B8-8D0E-6179F48838B0} - {0A839FF4-F7CA-41E0-8EA1-F5E2913139D0} - C:\Program Files (x86)\XRefresh\XRefreshAddon.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: accesspointe.com
Trusted Zone: cdw.com
Trusted Zone: cexp.com
Trusted Zone: corpcons.co.nz
Trusted Zone: dell.com
Trusted Zone: elementk.com
Trusted Zone: emptoris.com
Trusted Zone: enpointe.com
Trusted Zone: eway.com
Trusted Zone: grainger.com
Trusted Zone: hp.com
Trusted Zone: netdimensions.com
Trusted Zone: netxpress.co.nz
Trusted Zone: officemax.com
Trusted Zone: officemaxsolutions.com
Trusted Zone: officeteam.co.uk
Trusted Zone: opweb.co.uk
Trusted Zone: ordermax.co.nz
Trusted Zone: ordermax.com.au
Trusted Zone: rosettastone.com
Trusted Zone: safaribooksonline.com
Trusted Zone: skillsoft.com
Trusted Zone: vinimaya.com
Trusted Zone: waxie.com
Trusted Zone: xerox.com
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
LSA: Notification Packages = scecli ACGina
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [AcWin7Hlpr] "C:\Program Files (x86)\Lenovo\Access Connections\AcWin7Hlpr.exe" showdeskband
mRun-x64: [TPHOTKEY] "C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe"
mRun-x64: [LENOVO.TPFNF6R] "C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe"
mRun-x64: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\LIECHT~1\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.0.0&locale=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\liechtypo\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: C:\Users\liechtypo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\liechtypo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: JetBrains Firefox extension: firefox-connector@jetbrains.com - %profile%\extensions\firefox-connector@jetbrains.com
FF - Ext: JSONView: jsonview@brh.numbera.com - %profile%\extensions\jsonview@brh.numbera.com
FF - Ext: Elasticfox: {2204c510-88f3-11db-b606-0800200c9a66} - %profile%\extensions\{2204c510-88f3-11db-b606-0800200c9a66}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Poster: {d48a39ba-8f80-4fce-8ee1-bc710561c55d} - %profile%\extensions\{d48a39ba-8f80-4fce-8ee1-bc710561c55d}
FF - Ext: Charles Autoconfiguration: {3e9a3920-1b27-11da-8cd6-0800200c9a66} - %profile%\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Pixel Perfect: pixelperfectplugin@openhouseconcepts.com - %profile%\extensions\pixelperfectplugin@openhouseconcepts.com
FF - Ext: CSS-X-Fire: cssxfire@cssxfire - %profile%\extensions\cssxfire@cssxfire
FF - Ext: HttpFox: {4093c4de-454a-4329-8aff-c6b0b123c386} - %profile%\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: MacOSX Theme: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9} - %profile%\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
FF - Ext: Quick Locale Switcher: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F} - %profile%\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
FF - Ext: Remove Cookies for Site: {06997db0-c027-4d5f-bd37-b0d9230226ea} - %profile%\extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - C:\Program Files (x86)\Fiddler2\FiddlerHook

============= SERVICES / DRIVERS ===============

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2008-5-12 15400]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2011-1-10 142328]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 ATService;AuthenTec Fingerprint Service;C:\Windows\System32\AtService.exe [2009-8-31 2498296]
R2 CBA8;LANDesk® Management Agent;C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe [2009-11-4 147456]
R2 CISMBIOS;CISMBIOS;C:\Windows\System32\drivers\cismbios.sys [2009-11-6 19472]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-7-30 402432]
R2 dtsvc;Data Transfer Service;C:\Windows\System32\DTS.exe [2009-8-31 117760]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [2010-10-27 195072]
R2 LANDesk® Out-of-Band Monitor Service;LANDesk® Out-of-Band Monitor Service;C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe [2010-10-27 1058816]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-1-8 163056]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-1-10 97520]
R2 Sophos Agent;Sophos Agent;C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [2011-1-8 282624]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2011-1-9 230640]
R2 Sophos Message Router;Sophos Message Router;C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [2011-1-8 806912]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-1-10 1541360]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-11-6 62320]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-7-30 1048576]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2008-10-26 548864]
R3 bpenum;Intel® WiMAX Link Enumerator;C:\Windows\System32\drivers\bpenum.sys [2009-7-30 70144]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-11-6 287960]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2008-3-26 56344]
R3 ldmirror;ldmirror;C:\Windows\System32\drivers\ldmirror.sys [2009-12-7 5120]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\Windows\System32\drivers\mirrorflt.sys [2009-12-7 6656]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-6 6816256]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2009-7-2 41536]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-20 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-11-6 45424]
S3 ADMonitor;AD Monitor;C:\Windows\System32\ADMonitor.exe [2009-8-31 130048]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 ldblank;Screen Blanking driver for Remote Control;C:\Windows\System32\drivers\ldblank.sys [2009-12-7 20480]
S3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2009-8-17 23536]
S3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2010-5-17 25592]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Tomcat6;Apache Tomcat;C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [2008-7-21 57344]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-4 1255736]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2010-5-17 25608]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-02-08 19:06:04 -------- d-----w- C:\Program Files (x86)\Spyware Process Detector
2011-02-08 16:42:09 388096 ----a-r- C:\Users\LIECHT~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-07 23:08:28 -------- d-----w- C:\Users\LIECHT~1\AppData\Local\Sophos
2011-02-04 23:29:56 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-02-04 23:29:53 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-02-04 22:44:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-04 22:44:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-03 22:54:41 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-02-03 22:54:19 -------- d-----w- C:\Program Files (x86)\MSSOAP
2011-02-03 22:54:19 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2011-02-03 22:54:05 -------- d-----w- C:\Program Files (x86)\Webroot
2011-02-03 22:37:42 -------- d-----w- C:\Program Files (x86)\Process Master
2011-02-03 22:34:00 8576 ----a-w- C:\Windows\SysWow64\drivers\KProcWatch.sys
2011-02-03 22:34:00 -------- d-----w- C:\Program Files (x86)\HiddenFinder
2011-02-01 17:25:19 -------- d-----w- C:\Program Files\iPod
2011-02-01 17:25:18 -------- d-----w- C:\Program Files\iTunes
2011-02-01 17:25:18 -------- d-----w- C:\Program Files (x86)\iTunes
2011-01-12 20:04:15 -------- d-----w- C:\Users\LIECHT~1\AppData\Local\IsolatedStorage
2011-01-12 20:00:11 -------- d-----w- C:\Program Files (x86)\NetLibrary
2011-01-12 16:09:27 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 16:09:27 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 16:09:27 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 16:09:27 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 16:09:27 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 16:09:27 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 16:09:27 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 16:09:26 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 16:09:26 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 16:09:26 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 23:21:22 -------- d-----w- C:\Users\liechtypo\.IntelliJIdea10
2011-01-10 16:13:12 183024 ----a-w- C:\Windows\System32\sdccoinstaller.dll
2011-01-10 16:13:07 -------- d-----w- C:\PROGRA~3\Sophos Web Intelligence
2011-01-10 16:12:54 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
2011-01-10 16:12:53 35568 ----a-w- C:\Windows\System32\SophosBootTasks.exe
2011-01-10 16:11:13 142328 ----a-w- C:\Windows\System32\drivers\savonaccess.sys

==================== Find3M ====================

2010-12-21 01:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-02 03:35:18 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-11-30 00:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

============= FINISH: 15:56:21.48 ===============

Edited by Orange Blossom, 08 February 2011 - 11:42 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 PM

Posted 14 February 2011 - 08:36 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Bugbegone

Bugbegone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 15 February 2011 - 11:56 AM

I am here and ready to get this fixed. I am a computer tech so I hope that helps. I am stumped by this spyware. I look forward to working with you.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 PM

Posted 15 February 2011 - 04:12 PM

Hi. Can you run TDSSKiller and MBRCheck for me

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 Bugbegone

Bugbegone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 15 February 2011 - 06:30 PM

Here is the output of TDSkiller:

2011/02/15 16:19:47.0495 6060 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/15 16:19:47.0746 6060 ================================================================================
2011/02/15 16:19:47.0747 6060 SystemInfo:
2011/02/15 16:19:47.0747 6060
2011/02/15 16:19:47.0747 6060 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/15 16:19:47.0747 6060 Product type: Workstation
2011/02/15 16:19:47.0747 6060 ComputerName: LIECHTYPO-L3ACX
2011/02/15 16:19:47.0748 6060 UserName: LiechtyPO
2011/02/15 16:19:47.0748 6060 Windows directory: C:\Windows
2011/02/15 16:19:47.0748 6060 System windows directory: C:\Windows
2011/02/15 16:19:47.0748 6060 Running under WOW64
2011/02/15 16:19:47.0748 6060 Processor architecture: Intel x64
2011/02/15 16:19:47.0748 6060 Number of processors: 2
2011/02/15 16:19:47.0748 6060 Page size: 0x1000
2011/02/15 16:19:47.0748 6060 Boot type: Normal boot
2011/02/15 16:19:47.0748 6060 ================================================================================
2011/02/15 16:19:48.0550 6060 Initialize success
2011/02/15 16:20:27.0585 6948 ================================================================================
2011/02/15 16:20:27.0585 6948 Scan started
2011/02/15 16:20:27.0585 6948 Mode: Manual;
2011/02/15 16:20:27.0585 6948 ================================================================================
2011/02/15 16:20:31.0846 6948 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/15 16:20:31.0927 6948 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/15 16:20:31.0976 6948 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/15 16:20:32.0074 6948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/15 16:20:32.0147 6948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/15 16:20:32.0262 6948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/15 16:20:32.0351 6948 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/15 16:20:32.0434 6948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/15 16:20:32.0528 6948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/15 16:20:32.0612 6948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/15 16:20:32.0690 6948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/15 16:20:32.0788 6948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/15 16:20:32.0860 6948 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/15 16:20:32.0948 6948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/15 16:20:33.0042 6948 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/15 16:20:33.0134 6948 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/15 16:20:33.0256 6948 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/15 16:20:33.0324 6948 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/15 16:20:33.0395 6948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/15 16:20:33.0447 6948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/15 16:20:33.0675 6948 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/15 16:20:33.0944 6948 ATSwpWDF (468a011338170f0fd2e2b8966217c503) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/02/15 16:20:34.0111 6948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/15 16:20:34.0195 6948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/15 16:20:34.0262 6948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/15 16:20:34.0346 6948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/15 16:20:34.0440 6948 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/15 16:20:34.0498 6948 bpenum (1c70012ca7fd5e2699e850c4a4c03480) C:\Windows\system32\DRIVERS\bpenum.sys
2011/02/15 16:20:34.0555 6948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/15 16:20:34.0603 6948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/15 16:20:34.0663 6948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/15 16:20:34.0747 6948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/15 16:20:34.0795 6948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/15 16:20:34.0860 6948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/15 16:20:34.0926 6948 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/02/15 16:20:35.0005 6948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/15 16:20:35.0057 6948 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/02/15 16:20:35.0117 6948 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/02/15 16:20:35.0219 6948 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/02/15 16:20:35.0283 6948 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/15 16:20:35.0341 6948 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/15 16:20:35.0422 6948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/15 16:20:35.0487 6948 CISMBIOS (51e5e8b0f4bc030dc6e554a4b48e5705) C:\Windows\system32\drivers\cismbios.sys
2011/02/15 16:20:35.0585 6948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/15 16:20:35.0683 6948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/15 16:20:35.0724 6948 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/15 16:20:35.0780 6948 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/15 16:20:35.0888 6948 CnxtHdAudService (342d735238804336b694e6c352da6640) C:\Windows\system32\drivers\CHDRT64.sys
2011/02/15 16:20:35.0976 6948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/15 16:20:36.0051 6948 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/15 16:20:36.0108 6948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/15 16:20:36.0198 6948 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/02/15 16:20:36.0311 6948 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/15 16:20:36.0355 6948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/15 16:20:36.0438 6948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/15 16:20:36.0528 6948 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/15 16:20:36.0612 6948 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/15 16:20:36.0702 6948 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
2011/02/15 16:20:36.0854 6948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/15 16:20:37.0094 6948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/15 16:20:37.0163 6948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/15 16:20:37.0235 6948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/15 16:20:37.0307 6948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/15 16:20:37.0403 6948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/15 16:20:37.0503 6948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/15 16:20:37.0564 6948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/15 16:20:37.0615 6948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/15 16:20:37.0658 6948 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/15 16:20:37.0731 6948 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/15 16:20:37.0817 6948 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/15 16:20:37.0910 6948 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/15 16:20:37.0984 6948 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/15 16:20:38.0037 6948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/15 16:20:38.0109 6948 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/15 16:20:38.0201 6948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/15 16:20:38.0252 6948 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/15 16:20:38.0358 6948 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/15 16:20:38.0447 6948 HECIx64 (c936f49f1da1f4cc9eebcd805abc2bba) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/02/15 16:20:38.0511 6948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/15 16:20:38.0559 6948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/15 16:20:38.0640 6948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/15 16:20:38.0713 6948 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/15 16:20:38.0774 6948 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/15 16:20:38.0882 6948 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/15 16:20:38.0956 6948 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/15 16:20:39.0026 6948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/15 16:20:39.0087 6948 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/15 16:20:39.0153 6948 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/15 16:20:39.0217 6948 IBMPMDRV (16a43abb5a334c7842f4a60cf9ff8041) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/02/15 16:20:39.0318 6948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/15 16:20:39.0425 6948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/15 16:20:39.0494 6948 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/15 16:20:39.0631 6948 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/15 16:20:39.0710 6948 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/15 16:20:39.0758 6948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/15 16:20:39.0825 6948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/15 16:20:39.0867 6948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/15 16:20:39.0911 6948 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/15 16:20:39.0961 6948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/15 16:20:40.0004 6948 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/15 16:20:40.0065 6948 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/15 16:20:40.0178 6948 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/15 16:20:40.0228 6948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/15 16:20:40.0363 6948 ldblank (07aee92fd10bd36f48b01fc8c609e78b) C:\Windows\system32\DRIVERS\ldblank.sys
2011/02/15 16:20:40.0463 6948 ldmirror (af7ee29e43dc2909b855ead8747e24a9) C:\Windows\system32\DRIVERS\ldmirror.sys
2011/02/15 16:20:40.0594 6948 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
2011/02/15 16:20:40.0673 6948 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/15 16:20:40.0741 6948 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/15 16:20:40.0792 6948 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/15 16:20:40.0839 6948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/15 16:20:40.0887 6948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/15 16:20:40.0935 6948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/15 16:20:41.0017 6948 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/15 16:20:41.0103 6948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/15 16:20:41.0188 6948 mirrorflt (541a10534da3d78414674d1be164b2aa) C:\Windows\system32\DRIVERS\mirrorflt.sys
2011/02/15 16:20:41.0244 6948 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/15 16:20:41.0303 6948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/15 16:20:41.0381 6948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/15 16:20:41.0454 6948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/15 16:20:41.0498 6948 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/15 16:20:41.0543 6948 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/15 16:20:41.0587 6948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/15 16:20:41.0644 6948 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/15 16:20:41.0739 6948 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/15 16:20:41.0865 6948 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/15 16:20:41.0929 6948 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/15 16:20:41.0983 6948 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/15 16:20:42.0039 6948 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/15 16:20:42.0101 6948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/15 16:20:42.0137 6948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/15 16:20:42.0181 6948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/15 16:20:42.0276 6948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/15 16:20:42.0332 6948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/15 16:20:42.0366 6948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/15 16:20:42.0428 6948 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/15 16:20:42.0500 6948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/15 16:20:42.0544 6948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/15 16:20:42.0582 6948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/15 16:20:42.0669 6948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/15 16:20:42.0770 6948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/15 16:20:42.0893 6948 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/15 16:20:42.0990 6948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/15 16:20:43.0078 6948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/15 16:20:43.0152 6948 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/15 16:20:43.0196 6948 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/15 16:20:43.0261 6948 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/15 16:20:43.0332 6948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/15 16:20:43.0395 6948 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/15 16:20:43.0669 6948 NETw5v64 (50d4c98bc85e87e5f38bd3960457c18b) C:\Windows\system32\DRIVERS\NETw5v64.sys
2011/02/15 16:20:43.0875 6948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/15 16:20:43.0955 6948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/15 16:20:44.0001 6948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/15 16:20:44.0085 6948 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/15 16:20:44.0228 6948 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/15 16:20:44.0312 6948 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/15 16:20:44.0364 6948 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/15 16:20:44.0429 6948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/15 16:20:44.0475 6948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/15 16:20:44.0552 6948 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/15 16:20:44.0591 6948 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/15 16:20:44.0712 6948 PCDSRVC{127174DC-C366ED8B-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor\pcdsrvc_x64.pkms
2011/02/15 16:20:45.0096 6948 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/15 16:20:45.0143 6948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/15 16:20:45.0211 6948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/15 16:20:45.0258 6948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/15 16:20:45.0306 6948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/15 16:20:45.0561 6948 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/15 16:20:45.0619 6948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/15 16:20:45.0703 6948 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
2011/02/15 16:20:45.0757 6948 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/15 16:20:45.0860 6948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/15 16:20:46.0001 6948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/15 16:20:46.0058 6948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/15 16:20:46.0100 6948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/15 16:20:46.0173 6948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/15 16:20:46.0229 6948 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/15 16:20:46.0270 6948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/15 16:20:46.0313 6948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/15 16:20:46.0421 6948 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/15 16:20:46.0482 6948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/15 16:20:46.0544 6948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/15 16:20:46.0607 6948 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/02/15 16:20:46.0650 6948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/15 16:20:46.0697 6948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/15 16:20:46.0743 6948 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/15 16:20:46.0786 6948 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/15 16:20:46.0903 6948 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/02/15 16:20:46.0992 6948 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/02/15 16:20:47.0074 6948 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
2011/02/15 16:20:47.0171 6948 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/02/15 16:20:47.0229 6948 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/02/15 16:20:47.0337 6948 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/02/15 16:20:47.0429 6948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/15 16:20:47.0476 6948 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/15 16:20:47.0581 6948 SAVOnAccess (d9057e8ca97628e275979a09ea66b34b) C:\Windows\system32\DRIVERS\savonaccess.sys
2011/02/15 16:20:47.0718 6948 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/15 16:20:47.0776 6948 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/15 16:20:47.0846 6948 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/15 16:20:47.0920 6948 sdcfilter (894bfbec492e9e838d9e4406a90a3edb) C:\Windows\system32\DRIVERS\sdcfilter.sys
2011/02/15 16:20:47.0981 6948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/15 16:20:48.0033 6948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/15 16:20:48.0083 6948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/15 16:20:48.0191 6948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/15 16:20:48.0276 6948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/15 16:20:48.0309 6948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/15 16:20:48.0346 6948 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/15 16:20:48.0384 6948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/15 16:20:48.0443 6948 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/15 16:20:48.0497 6948 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/15 16:20:48.0558 6948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/15 16:20:48.0715 6948 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
2011/02/15 16:20:48.0797 6948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/15 16:20:48.0899 6948 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/15 16:20:48.0984 6948 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/15 16:20:49.0081 6948 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/02/15 16:20:49.0174 6948 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/02/15 16:20:49.0314 6948 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/02/15 16:20:49.0432 6948 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/15 16:20:49.0514 6948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/15 16:20:49.0579 6948 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/15 16:20:49.0638 6948 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/15 16:20:49.0696 6948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/15 16:20:49.0809 6948 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/15 16:20:50.0032 6948 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/15 16:20:50.0201 6948 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/15 16:20:50.0255 6948 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/15 16:20:50.0314 6948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/15 16:20:50.0360 6948 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/15 16:20:50.0405 6948 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/15 16:20:50.0435 6948 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/15 16:20:50.0523 6948 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
2011/02/15 16:20:50.0604 6948 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/15 16:20:50.0677 6948 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/15 16:20:50.0736 6948 TVTI2C (fcfa0cff6c50ff3a58a22a15ea2a9fe5) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/02/15 16:20:50.0774 6948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/15 16:20:50.0815 6948 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/15 16:20:50.0886 6948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/15 16:20:50.0939 6948 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/15 16:20:50.0978 6948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/15 16:20:51.0107 6948 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/02/15 16:20:51.0204 6948 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/15 16:20:51.0268 6948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/15 16:20:51.0330 6948 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/15 16:20:51.0423 6948 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/15 16:20:51.0499 6948 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/15 16:20:51.0573 6948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/15 16:20:51.0640 6948 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/15 16:20:51.0700 6948 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/15 16:20:51.0769 6948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/15 16:20:51.0823 6948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/15 16:20:51.0858 6948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/15 16:20:51.0907 6948 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/15 16:20:51.0981 6948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/15 16:20:52.0044 6948 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/15 16:20:52.0091 6948 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/15 16:20:52.0129 6948 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/15 16:20:52.0172 6948 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/15 16:20:52.0241 6948 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/15 16:20:52.0363 6948 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/02/15 16:20:52.0471 6948 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/02/15 16:20:52.0547 6948 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/02/15 16:20:52.0644 6948 vpcvmm (a5d16559d80cfa1dcb98f46410be5551) C:\Windows\system32\drivers\vpcvmm.sys
2011/02/15 16:20:52.0722 6948 vpnva (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
2011/02/15 16:20:52.0793 6948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/15 16:20:52.0881 6948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/15 16:20:52.0964 6948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/15 16:20:53.0046 6948 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/15 16:20:53.0071 6948 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/15 16:20:53.0150 6948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/15 16:20:53.0208 6948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/15 16:20:53.0308 6948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/15 16:20:53.0369 6948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/15 16:20:53.0529 6948 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/15 16:20:53.0661 6948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/15 16:20:53.0755 6948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/15 16:20:53.0836 6948 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/15 16:20:53.0897 6948 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/15 16:20:54.0004 6948 ================================================================================
2011/02/15 16:20:54.0004 6948 Scan finished
2011/02/15 16:20:54.0004 6948 ================================================================================
2011/02/15 16:21:15.0401 4812 Deinitialize success


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

MBRCheck.exe didn't produce a log file, but here is the output.



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Enterprise Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 205545U
Logical Drives Mask: 0x0000000c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 0EE8E54EC7240953DA5DEC7835E43627861E1CBD


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 PM

Posted 15 February 2011 - 07:23 PM

Please run OTL, a scanner like DDS but with some firepower

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 Bugbegone

Bugbegone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 16 February 2011 - 11:41 AM

OTL.txt output:


OTL logfile created on: 2/16/2011 9:31:56 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\liechtypo\Desktop
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 39.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.74 Gb Total Space | 31.68 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Drive D: | 38.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LIECHTYPO-L3ACX | User Name: LiechtyPO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\liechtypo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\liechtypo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\liechtypo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
PRC - C:\Users\liechtypo\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe (Avocent Corporation )
PRC - C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe (Avocent Corporation )
PRC - C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE (Avocent Corporation )
PRC - C:\Program Files (x86)\LANDesk\LDClient\collector.exe (Avocent Corporation )
PRC - C:\Program Files (x86)\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (Avocent Corporation)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (TODO: <Company name>)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\liechtypo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (ATService) -- C:\Windows\SysNative\AtService.exe (AuthenTec, Inc.)
SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe ()
SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (Sophos Message Router) -- C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe (Sophos Plc)
SRV - (Sophos Agent) -- C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (LANDesk Policy Invoker) -- C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe (Avocent Corporation )
SRV - (LANDesk® Out-of-Band Monitor Service) LANDesk® -- C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe (Avocent Corporation )
SRV - (Intel Local Scheduler Service) -- C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE (Avocent Corporation )
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (CBA8) LANDesk® -- C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe (Avocent Corporation)
SRV - (TVT Backup Service) -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)
SRV - (Tomcat6) -- C:\Program Files (x86)\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe (Apache Software Foundation)
SRV - (Intel PDS) -- C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Plc)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Plc)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (CISMBIOS) -- C:\Windows\SysNative\drivers\cismbios.sys (Avocent Corporation)
DRV:64bit: - (ldblank) -- C:\Windows\SysNative\drivers\ldblank.sys (Avocent Corporation)
DRV:64bit: - (mirrorflt) -- C:\Windows\SysNative\drivers\mirrorflt.sys (Avocent Corporation)
DRV:64bit: - (ldmirror) -- C:\Windows\SysNative\drivers\ldmirror.sys (Avocent Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (PCDSRVC{127174DC-C366ED8B-06000000}_0) -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (bpenum) Intel® -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (e1yexpress) Intel® -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (io.sys) -- C:\Windows\SysWOW64\drivers\io.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://go.microsoft.com/fwlink/?LinkId=54843
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = devproxy.wh.ldsglobal.net:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {2204c510-88f3-11db-b606-0800200c9a66}:1.7.000116
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: firefox-connector@jetbrains.com:0.2.6
FF - prefs.js..extensions.enabledItems: jsonview@brh.numbera.com:0.5
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.5
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {d48a39ba-8f80-4fce-8ee1-bc710561c55d}:2.0.0
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.5.6
FF - prefs.js..extensions.enabledItems: cssxfire@cssxfire:1.9
FF - prefs.js..extensions.enabledItems: {4093c4de-454a-4329-8aff-c6b0b123c386}:0.8.8
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.8
FF - prefs.js..extensions.enabledItems: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F}:1.7.3.1
FF - prefs.js..extensions.enabledItems: {06997db0-c027-4d5f-bd37-b0d9230226ea}:0.62
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
FF - prefs.js..keyword.URL: "http://search.addthis.com/search?pco=fxe-3.0.0&locale=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/19 15:11:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/12/02 16:02:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 10:22:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/14 10:22:30 | 000,000,000 | ---D | M]

[2009/11/06 18:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Extensions
[2009/11/06 18:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/02/11 23:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions
[2010/12/09 13:02:27 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2011/01/18 13:31:23 | 000,000,000 | ---D | M] (Remove Cookies for Site) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}
[2010/07/14 13:01:51 | 000,000,000 | ---D | M] (Elasticfox) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{2204c510-88f3-11db-b606-0800200c9a66}
[2011/01/13 16:45:09 | 000,000,000 | ---D | M] (Quick Locale Switcher) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}
[2010/08/20 15:49:25 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2010/11/30 10:20:07 | 000,000,000 | ---D | M] (HttpFox) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
[2011/01/13 16:45:07 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/10/25 09:19:04 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2010/02/11 09:01:36 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011/01/07 08:30:28 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/07 08:30:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/11 16:01:04 | 000,000,000 | ---D | M] (Poster) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\{d48a39ba-8f80-4fce-8ee1-bc710561c55d}
[2010/11/11 10:33:14 | 000,000,000 | ---D | M] (CSS-X-Fire) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\cssxfire@cssxfire
[2011/01/07 08:30:34 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\firebug@software.joehewitt.com
[2010/05/06 16:10:30 | 000,000,000 | ---D | M] (JetBrains Firefox extension) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\firefox-connector@jetbrains.com
[2010/05/13 15:35:09 | 000,000,000 | ---D | M] (YouTube Video Downloader) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\firefox-ext@youtubekeep.com
[2010/08/20 15:49:26 | 000,000,000 | ---D | M] (JSONView) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\jsonview@brh.numbera.com
[2010/06/07 15:18:36 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\LogMeInClient@logmein.com
[2010/12/09 13:00:53 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\nasanightlaunch@example.com
[2010/11/11 10:21:49 | 000,000,000 | ---D | M] (Pixel Perfect) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\pixelperfectplugin@openhouseconcepts.com
[2010/05/05 21:48:23 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\support@ancestry.com
[2010/11/11 10:47:39 | 000,000,000 | ---D | M] (XRefresh) -- C:\Users\liechtypo\AppData\Roaming\mozilla\Firefox\Profiles\g72emwe3.default\extensions\xrefresh@xrefresh.com
[2010/09/22 16:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/12 17:14:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/06 23:07:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/12/02 16:02:22 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK
[2010/03/19 15:11:34 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/12/12 17:14:47 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/12/12 17:14:47 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2009/11/06 23:07:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2010/12/12 17:14:48 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/03/24 19:26:27 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/09/22 18:10:52 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/03/19 15:11:26 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2010/12/14 10:22:29 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/14 10:22:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/14 10:22:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/14 10:22:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/14 10:22:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/14 10:22:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/14 10:22:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/03/19 15:11:41 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
[2010/03/19 15:11:20 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2010/03/12 10:04:34 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/12 10:04:34 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\askcom.xml
[2010/03/12 10:04:34 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/12 10:04:34 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/12 10:04:34 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/03/12 10:04:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/12 10:04:34 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/02/15 12:11:41 | 000,000,040 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 patrick.familysearch.org
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (XRefresh BHO) - {8774C0B1-6697-43B8-8D0E-6179F48838B0} - C:\Program Files (x86)\XRefresh\XRefreshAddon.dll (binaryage.com)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (XRefresh Toolbar) - {551012C5-352D-48D9-9E29-E90F293D19F0} - C:\Program Files (x86)\XRefresh\XRefreshAddon.dll (binaryage.com)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcWin7Hlpr.exe ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\liechtypo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\liechtypo\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WAU: Disabled = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: XRefresh - {8774C0B1-6697-43B8-8D0E-6179F48838B0} - C:\Program Files (x86)\XRefresh\XRefreshAddon.dll (binaryage.com)
O9 - Extra 'Tools' menuitem : XRefresh - {8774C0B1-6697-43B8-8D0E-6179F48838B0} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: accesspointe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: apps.llc-office.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: cdw.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cexp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: corpcons.co.nz ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: elementk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: emptoris.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: enpointe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: eway.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: grainger.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldschurch.org ([*.stg] * in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ldsglobal.net ([*.wh] * in Local intranet)
O15 - HKCU\..Trusted Domains: netdimensions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netxpress.co.nz ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: officemax.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: officemaxsolutions.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: officeteam.co.uk ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: opweb.co.uk ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ordermax.co.nz ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ordermax.com.au ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rosettastone.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: safaribooksonline.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vinimaya.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: waxie.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: xerox.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.97.160.160 10.97.160.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldschurch.org
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ATFUS: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/18 09:32:25 | 000,000,082 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{828216e4-cb2d-11de-9d16-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{828216e4-cb2d-11de-9d16-806e6f6e6963}\Shell\AutoRun\command - "" = D:\tcauto.exe -- [2010/10/14 09:13:45 | 008,395,560 | R--- | M] (HR Block )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/16 09:21:39 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\liechtypo\Desktop\OTL.exe
[2011/02/15 19:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2010
[2011/02/15 19:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HRBlock2010
[2011/02/15 19:51:04 | 000,000,000 | ---D | C] -- C:\Users\liechtypo\Documents\HRBlock
[2011/02/12 08:22:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Change
[2011/02/08 12:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Process Detector
[2011/02/08 12:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Process Detector
[2011/02/08 09:42:09 | 000,000,000 | ---D | C] -- C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/08 09:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthis
[2011/02/07 16:08:28 | 000,000,000 | ---D | C] -- C:\Users\liechtypo\AppData\Local\Sophos
[2011/02/04 16:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/04 16:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/02/04 15:44:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/04 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/04 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/03 15:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011/02/03 15:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2011/02/03 15:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2011/02/03 15:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2011/02/03 15:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Master
[2011/02/03 15:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Process Master
[2011/02/03 15:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiddenFinder
[2011/02/03 15:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiddenFinder
[2011/02/02 16:06:48 | 000,000,000 | ---D | C] -- C:\Users\liechtypo\AppData\Roaming\dvdcss
[2011/02/01 20:04:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Ham
[2011/02/01 10:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/01 10:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/01 10:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/01 10:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/01/29 13:21:15 | 000,000,000 | ---D | C] -- C:\Users\liechtypo\AppData\Roaming\Download Manager
[2010/12/09 12:07:38 | 001,718,704 | ---- | C] (YSL Holdings LLC.) -- C:\ProgramData\Uninst.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/16 09:25:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-799575302-4118792355-3262406806-3105UA.job
[2011/02/16 09:25:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-799575302-4118792355-3262406806-3105Core.job
[2011/02/16 09:03:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/16 08:53:56 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/16 08:46:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/15 19:53:30 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\H&R Block 2010.lnk
[2011/02/15 19:52:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\liechtypo\Desktop\OTL.exe
[2011/02/15 17:01:54 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/02/15 12:11:41 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/02/15 09:51:06 | 000,012,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/15 09:51:06 | 000,012,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/15 09:43:24 | 3166,195,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/15 09:41:26 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/02/14 13:12:08 | 000,012,684 | ---- | M] () -- C:\Users\Public\Documents\dad coupon.docx
[2011/02/14 10:37:50 | 000,047,125 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/02/09 12:00:03 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\Weekly Scan.job
[2011/02/08 09:42:09 | 000,003,017 | ---- | M] () -- C:\Users\liechtypo\Desktop\HiJackThis.lnk
[2011/02/04 15:44:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/04 15:39:37 | 000,000,935 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2011/02/03 15:56:01 | 010,061,442 | ---- | M] () -- C:\Users\liechtypo\Documents\spyware-detection.chls
[2011/02/03 15:48:12 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2011/02/01 10:25:35 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/29 13:10:13 | 000,731,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/29 13:10:13 | 000,628,624 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/29 13:10:13 | 000,109,154 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/28 16:18:11 | 000,034,116 | ---- | M] () -- C:\Users\Public\Documents\2010 Employee Review and Plan - Patrick Liechty.docx
[2011/01/26 15:58:21 | 000,013,607 | ---- | M] () -- C:\Users\Public\Documents\REGULAR RESULTS DISCUSSION - Jan 2011.docx
[2011/01/21 10:46:27 | 000,010,618 | ---- | M] () -- C:\Users\liechtypo\.bash_history
[2011/01/18 13:19:29 | 000,202,179 | ---- | M] () -- C:\Users\Public\Documents\RootsTech - RegOnline.pdf
[2011/01/17 20:36:00 | 004,975,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/15 19:53:30 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\H&R Block 2010.lnk
[2011/02/14 13:12:08 | 000,012,684 | ---- | C] () -- C:\Users\Public\Documents\dad coupon.docx
[2011/02/08 09:42:09 | 000,003,017 | ---- | C] () -- C:\Users\liechtypo\Desktop\HiJackThis.lnk
[2011/02/04 15:44:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/03 15:56:00 | 010,061,442 | ---- | C] () -- C:\Users\liechtypo\Documents\spyware-detection.chls
[2011/02/03 15:48:09 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2011/02/03 15:34:00 | 000,008,576 | ---- | C] () -- C:\Windows\SysWow64\drivers\KProcWatch.sys
[2011/02/01 10:25:35 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/26 13:35:04 | 000,013,607 | ---- | C] () -- C:\Users\Public\Documents\REGULAR RESULTS DISCUSSION - Jan 2011.docx
[2011/01/20 19:55:54 | 000,034,116 | ---- | C] () -- C:\Users\Public\Documents\2010 Employee Review and Plan - Patrick Liechty.docx
[2011/01/18 13:19:41 | 000,202,179 | ---- | C] () -- C:\Users\Public\Documents\RootsTech - RegOnline.pdf
[2010/12/09 12:07:38 | 000,001,360 | ---- | C] () -- C:\ProgramData\Uninst.log
[2010/09/16 13:53:44 | 000,001,078 | ---- | C] () -- C:\Users\liechtypo\AppData\Roaming\Rim.Desktop.Exception.log
[2010/09/16 11:03:56 | 000,001,669 | ---- | C] () -- C:\Users\liechtypo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/20 07:54:07 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/04/18 22:11:59 | 000,005,152 | ---- | C] () -- C:\Windows\SysWow64\drivers\io.sys
[2010/02/08 22:50:51 | 000,007,680 | ---- | C] () -- C:\Users\liechtypo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 13:00:35 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/01/20 08:57:09 | 000,000,076 | ---- | C] () -- C:\Windows\Quicken.ini
[2010/01/04 09:20:37 | 000,000,097 | ---- | C] () -- C:\Users\liechtypo\AppData\Local\fusioncache.dat
[2009/12/25 23:39:08 | 000,000,363 | ---- | C] () -- C:\Users\liechtypo\AppData\Roaming\BBMS_EXCEPTION.txt
[2009/12/08 12:05:19 | 000,000,080 | RHS- | C] () -- C:\Windows\SysWow64\02BDA8AF9C.dll
[2009/11/16 09:02:26 | 000,749,812 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/09 13:43:27 | 000,000,600 | ---- | C] () -- C:\Users\liechtypo\AppData\Local\PUTTY.RND
[2009/11/06 15:46:39 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2009/11/06 15:45:30 | 000,047,125 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/01/26 05:51:57 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\pqdvdb.dll
[2006/01/26 05:51:56 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\nlame.dll

========== LOP Check ==========

[2011/02/16 09:37:03 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\.purple
[2010/03/12 14:36:30 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\.visualvm
[2009/11/09 12:21:52 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\Blackberry Desktop
[2009/11/09 08:49:53 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\CachedFiles
[2010/06/24 13:55:35 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\Charles
[2011/01/01 13:26:00 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\CoreFTP
[2011/02/15 09:46:55 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\Dropbox
[2011/01/01 10:25:03 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\gtk-2.0
[2009/11/10 15:30:31 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\JGsoft
[2009/11/07 10:40:58 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\Lenovo
[2010/01/14 11:52:46 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\Mael
[2010/10/12 23:29:28 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\MySQL
[2010/09/16 13:53:43 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\Research In Motion
[2010/09/14 17:14:08 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\Stellarium
[2009/11/10 15:21:54 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\Subversion
[2011/02/15 19:53:45 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\TaxCut
[2010/07/30 09:58:53 | 000,000,000 | ---D | M] -- C:\Users\liechtypo\AppData\Roaming\TightVNC
[2011/02/15 09:41:26 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/13 22:08:49 | 000,027,910 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/15 17:01:54 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011/02/09 12:00:03 | 000,000,542 | ---- | M] () -- C:\Windows\Tasks\Weekly Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\windows-vista-key-rc1.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Wellness Challenge #6.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Wellness #5 Calendar Patrick.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Wellness #5 Calendar Mary.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Ward List2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Ward List1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\utah state tax.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Utah Sentator Email List_temp.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Utah Sentator Email List.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Thomas Owen 1870 Census.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Tanner SelectHealth COB-CPB Enrollment Form.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\SnacksPriceList.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\SiteCatalyst_13.5_User_Manual[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\SelectHealth COB-CPB Enrollment Form.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\search_01.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Scrum Team Evaluation Form Template(Client).xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Scrum Master Evaluation Form Template.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Ruby On Rails.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Rental Receipt.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Record Search Acceptance Testcases-Client Master.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Recipes 5-22-06.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\rachel.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Protected Records Pathway.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Product owner sprint eval v3.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\PLiechty.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Performance and Scalability.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Patrick Liechty 2008_latest.DOC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Patrick Liechty 2008.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Patrick Liechty 2007.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\MySQL Proposal.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Mysql Performance.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Money Movie.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Matthew_Final_Grades_UVU.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Martins6-18-08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Martins Collision Invoice3.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Martins Collision Invoice2.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Martins Collision Invoice.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Martins Collision Information.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\juracan.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\jan challenge.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\iPAQ Support Conversation.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\insurance card front.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\insurance card back.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\individual work plan 2007 - Patrick Liechty.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Hunting.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\How to make fire without matches.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Holiday_Schedule_2009.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Holiday_Schedule_2008.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\HenryB Radmall Autobio.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Head First Design Patterns Chapter 6.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Gun_BILL_OF_SALE.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\gri_newsletter.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\GrailsinAction.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Golf Teams Final.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\fsaOTCGuidelines.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\frankie_01.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Frankie Architecture.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Flex Framework Caching Documentation.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Fax Cover Sheet.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Disneyland Map.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\deploy recordsearch_components.rb.swc.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\ConferenceRoomsMapOrem.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Code Review Cards.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\CandidateAssessmentForm - Bruce Rust.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\BlackBerry_8700g_Manual_Zen.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\bill of sale truck.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\BB_Tips_8707g_BlackBerry_Zen.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Agile.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\9_11_ Press for Truth.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\770-10136d.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\4252.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\36837002.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\3683700.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\2009 INDIVIDUAL WORK PLAN FAMILY HISTORY.DOC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\2009 INDIVIDUAL WORK PLAN FAMILY HISTORY (Patrick Liechty).DOC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\2009 Employee Review and Plan - Amended.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\2008_Summer_Youth_Conference_Guide.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\2008_Scout_Calendar.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\2007_Team_Roster-_Schedule.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\2007 Scout Calendar.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\2006 Performance Eval Form - Patrick Liechty.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\2004 error.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\1997 Ford Ranger Extended Cab 4X4 XLT.doc:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


Extras output:


OTL Extras logfile created on: 2/16/2011 9:31:56 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\liechtypo\Desktop
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 39.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.74 Gb Total Space | 31.68 Gb Free Space | 21.30% Space Free | Partition Type: NTFS
Drive D: | 38.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LIECHTYPO-L3ACX | User Name: LiechtyPO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- C:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Users\liechtypo\tools\git\bin\wish.exe" "C:\Users\liechtypo\tools\git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\Windows\SysWOW64\cmd.exe" /c "pushd "%1" && "C:\Users\liechtypo\tools\git\bin\sh.exe" --login -i" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Users\liechtypo\tools\git\bin\wish.exe" "C:\Users\liechtypo\tools\git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Directory [git_shell] -- "C:\Windows\SysWOW64\cmd.exe" /c "pushd "%1" && "C:\Users\liechtypo\tools\git\bin\sh.exe" --login -i" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"{DE297B61-4073-49C9-A0C1-729FBC29AEB1}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=9535|LPort2_10=9593-9595|LPort=12174|LPort=33354|Name=LANDesk - TCP|Edge=TRUE|
"{FAD0C024-AD21-4F6B-B1FC-1AA2EF187B13}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=9595|LPort=33355|Name=LANDesk - UDP|Edge=TRUE|
"CoreNet-IPv6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IPHTTPS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name=@FirewallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-Teredo-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCPV6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IGMP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP4-DUFRAG-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LD-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR2-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-NDA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-NDS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-PP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-TE-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-PTB-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-DU-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"{A4625BE5-BF0A-4B37-AD76-D1BB72839EE7}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5007|RPort2_10=9594-9595|RPort=443|RPort=80|RPort2_10=12175-12176|RPort=33354|Name=LANDesk - TCP|
"{EE70E101-C257-4E0D-88FA-ABE51EF0912A}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=9595|RPort=33355|Name=LANDesk - UDP|
"{1B90A05F-3C0D-4803-9E3B-F07454F63FA8}" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=%PROGRAMFILES%\Sophos\Remote Management System\RouterNT.exe|Name=Sophos - RouterNT|Desc=Sophos RouterNT Allows All Traffic|
"{9EC32BF0-2DC2-488F-8B7B-4BE0D4171F95}" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=%ProgramFiles%\Sophos\Remote Management System\ManagementAgentNT.exe|Name=Sophos - ManagementAgent|Desc=Sophos Management Agent|
"{8273672E-32F2-4F46-88CB-D0A57B94CAB1}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|LPort2_10=8192-8194|Name=Sophos - TCP|
"{7DF2B846-03F3-412E-A394-C4F72E09F80A}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=524|LPort=427|LPort=2302|Name=Novell Client - TCP|
"{184BD251-7C08-4048-B95E-BD9D9B41582D}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=524|LPort=123|LPort=427|LPort=2645|Name=Novell Client - UDP|
"{34667576-73B0-4352-BCB8-3A98D4D4F261}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|LPort=524|LPort=427|LPort=2302|Name=Novell Client - TCP|
"{C4BA4BAA-9688-465D-B34E-A46335555A9C}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|LPort=524|LPort=123|LPort=427|LPort=2645|Name=Novell Client - UDP|
"{5C069438-7763-445F-8E63-773A45BD42D8}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=445|LPort=139|RPort=445|RPort=139|Name=Novell CIFS - TCP|
"{838A724C-71F0-47A1-BC75-BFFE97A5FB10}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=445|LPort=139|RPort=445|RPort=139|Name=Novell CIFS - UDP|
"FPS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-Out-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-Out-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-Out-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-Out-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-Out-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"{DE297B61-4073-49C9-A0C1-729FBC29AEB1}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=9535|LPort2_10=9593-9595|LPort=12174|LPort=33354|Name=LANDesk - TCP|Edge=TRUE|
"{FAD0C024-AD21-4F6B-B1FC-1AA2EF187B13}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=9595|LPort=33355|Name=LANDesk - UDP|Edge=TRUE|
"CoreNet-IPv6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IPHTTPS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name=@FirewallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-Teredo-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCPV6-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-DHCP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-IGMP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP4-DUFRAG-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LD-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR2-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LR-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-LQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-RA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|
"CoreNet-ICMP6-NDA-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-NDS-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-PP-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-TE-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-PTB-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"CoreNet-ICMP6-DU-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"{A4625BE5-BF0A-4B37-AD76-D1BB72839EE7}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5007|RPort2_10=9594-9595|RPort=443|RPort=80|RPort2_10=12175-12176|RPort=33354|Name=LANDesk - TCP|
"{EE70E101-C257-4E0D-88FA-ABE51EF0912A}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=9595|RPort=33355|Name=LANDesk - UDP|
"{1B90A05F-3C0D-4803-9E3B-F07454F63FA8}" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=%PROGRAMFILES%\Sophos\Remote Management System\RouterNT.exe|Name=Sophos - RouterNT|Desc=Sophos RouterNT Allows All Traffic|
"{9EC32BF0-2DC2-488F-8B7B-4BE0D4171F95}" = v2.10|Action=Allow|Active=TRUE|Dir=In|App=%ProgramFiles%\Sophos\Remote Management System\ManagementAgentNT.exe|Name=Sophos - ManagementAgent|Desc=Sophos Management Agent|
"{8273672E-32F2-4F46-88CB-D0A57B94CAB1}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|LPort2_10=8192-8194|Name=Sophos - TCP|
"{7DF2B846-03F3-412E-A394-C4F72E09F80A}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=524|LPort=427|LPort=2302|Name=Novell Client - TCP|
"{184BD251-7C08-4048-B95E-BD9D9B41582D}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=524|LPort=123|LPort=427|LPort=2645|Name=Novell Client - UDP|
"{34667576-73B0-4352-BCB8-3A98D4D4F261}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|LPort=524|LPort=427|LPort=2302|Name=Novell Client - TCP|
"{C4BA4BAA-9688-465D-B34E-A46335555A9C}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|LPort=524|LPort=123|LPort=427|LPort=2645|Name=Novell Client - UDP|
"{5C069438-7763-445F-8E63-773A45BD42D8}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=445|LPort=139|RPort=445|RPort=139|Name=Novell CIFS - TCP|
"{838A724C-71F0-47A1-BC75-BFFE97A5FB10}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=445|LPort=139|RPort=445|RPort=139|Name=Novell CIFS - UDP|
"FPS-LLMNR-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-Out" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-Out-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-Out-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-Out-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-Out-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-Out-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-Out-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-Out-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{49D5BCB5-31E0-4B32-816D-E953C372E650}" = TortoiseSVN 1.6.8.19260 (64 bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AF81FB63-8419-35A3-D9B1-BAFB441C81DE}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}" = 64 Bit HP CIO Components Installer
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F8597D20-ACC7-FD03-56FA-23894108BA06}" = ATI Catalyst Install Manager
"{FAE224AF-B15E-448B-88FA-1839A7570CF8}" = Intel® PROSet/Wireless WiMAX Software
"8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CutePDF Writer Installation" = CutePDF Writer 2.8
"LENOVO.SMIIF" = Lenovo System Interface Driver
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002DD827-7FAC-A09F-7382-BCF61E6744C8}" = CCC Help Portuguese
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C255F02-22AF-F50B-E945-B8D763E1A077}" = CCC Help Greek
"{0C5F09B4-5C7A-6F41-89F4-65B419A639B9}" = CCC Help Chinese Standard
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{12365698-8042-4774-8CAF-35BE91DC657B}" = Creative Vado HD Codec
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{180641E1-F6C2-6053-1022-78B9C49D173D}" = CCC Help Finnish
"{18A2FD82-910A-0208-3AE1-169E92F2AFA4}" = CCC Help Dutch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{279A07D5-6A45-4611-A284-948C4A7ECEF6}" = Putty 0.60 & WinSCP 4.0.5
"{2822F016-69E9-A368-B612-685CCF4A9B83}" = CCC Help English
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29736484-4E9A-420F-968D-68EF6F0ED010}" = Power2Go
"{2A07F8DD-96E5-8A5D-3C6A-D60F38D1F34B}" = CCC Help Turkish
"{2D397BD2-ED49-F9B9-4F65-D60D00AD6C5F}" = CCC Help Norwegian
"{30C4566A-85AC-1713-71B2-3BE50C7146F8}" = CCC Help Thai
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3380D2BE-EAE4-034C-1096-3CA28F82A2F9}" = CCC Help French
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{352256F0-7853-4193-9A46-9EF1E573A3F1}" = NetLibrary Media Center
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}" = Lenovo Hard Drive Quick Test
"{4067974F-F2E5-5893-E7A3-10C345089305}" = CCC Help Polish
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4177BBB8-D654-4364-A898-BA00A68D7897}" = CCC Help Swedish
"{41CD70E9-E193-8358-A837-A3A900565840}" = CCC Help Russian
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42BE86C5-DD62-408E-A4F7-D9E887A24D81}" = Adobe Setup
"{44386A7B-7093-4FDC-8B52-5F7E8B968960}" = XRefresh 1.3
"{44B4C2E3-D570-16B4-8CED-3D83AAF5D6F7}" = Catalyst Control Center Localization All
"{44EBD823-33EF-4C45-B3E5-6E0EC84FC5E8}" = Adobe Common Components
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk® Common Base Agent 8
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{473937BF-F1ED-764D-01A8-12A672DED3E0}" = CCC Help Spanish
"{4B95A5F1-EF59-4B08-BED8-C891C46121B3}_is1" = Mercurial 1.4.1+20091201
"{4ECC1D06-672F-2935-E570-CA2D210AE0CE}" = Catalyst Control Center InstallProxy
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{53B68192-C80E-434B-9666-4D08316E645D}" = LANDesk Advance Agent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5E88E702-C941-4DF3-B8B4-64559B94F174}" = LDS Collectors Library 2005
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}" = Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C7704C6-5ABF-4BD1-8EF2-D52E4DBF0283}" = LDS Collectors Library 2005
"{8D7CCD59-BEBB-57D4-23EC-B9A9DB173EAA}" = Catalyst Control Center Graphics Previews Vista
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8EE4C584-C82E-9BE3-41C1-BC2A53774DE6}" = CCC Help Korean
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{940C416E-1BE6-58C0-949E-1A588349B0C7}" = CCC Help Hungarian
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B7D833B7-915D-C859-D7A6-3639423E878C}" = CCC Help Danish
"{B9F76257-02B5-EB70-2A72-6D56C9359985}" = CCC Help Italian
"{BB778F28-FD55-C8FD-8E0B-482814C05D6B}" = CCC Help Chinese Traditional
"{BF076135-7D69-3255-D72B-487E67146727}" = CCC Help Japanese
"{C5FB3563-4CD4-4998-88D0-EC60A3E5A839}" = BlackBerry Smartphone Simulators 4.5.0.174 (8320-T-MobileEU)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB829D09-6426-F17D-C95D-303A6613A190}" = ccc-core-static
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DB2431D3-7712-4E3F-9288-35AD4DA7128C}" = H&R Block Utah 2009
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5A5844F-80CB-665D-0AF9-9D712F4E6238}" = CCC Help German
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6B3786B-B921-40CB-8868-C67FE904D0CD}" = Subversion
"{F958FF6B-B2B8-03F6-B56D-7D5E04768AA8}" = CCC Help Czech
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0591-8077-9297-0833" = FamilySearch Indexing 3.7.7
"8973-4025-0853-7287" = DbVisualizer 6.5.12
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Flex Builder 3" = Adobe Flex Builder 3
"Akamai" = Akamai NetSession Interface
"Ambulant Player 1.8 for SMIL 2.1" = Ambulant Player 1.8 for SMIL 2.1
"Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only)
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.6
"Charles_XK72" = Charles
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core FTP LE 2.1" = Core FTP LE 2.1
"Creative Vado HD Codec" = Creative Vado HD Codec
"EditPad Lite" = Just Great Software EditPad Lite 6.5.2
"Fiddler2" = Fiddler2
"FTP Commander" = FTP Commander
"Git_is1" = Git 1.6.5.1-preview20091022
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Hidden Finder_is1" = Hidden Finder 1.5.7
"HSH Home Buyer's Calculator Suite_is1" = HSH Home Buyer's Calculator Suite, 2.2.05
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"IE4Dev" = Microsoft Script Debugger
"IETester" = IETester v0.4.4 (remove only)
"IntelliJ IDEA 10.0.1" = IntelliJ IDEA 10.0.1
"IntelliJ IDEA 9.0.3" = IntelliJ IDEA 9.0.3
"jEdit_is1" = jEdit 4.2
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Monopoly" = Monopoly
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Patch-2.5.9-7_is1" = GnuWin32: Patch-2.5.9-7
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"Process Master_is1" = Process Master 1.1
"PROPLUS" = Microsoft Office Professional Plus 2007
"PuTTY Connection Manager_is1" = PuTTY Connection Manager 0.7.1.136beta
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Regular Expression Laboratory_is1" = Regular Expression Laboratory 1.0
"Spyware Process Detector_is1" = Spyware Process Detector v3.21
"Stellarium_is1" = Stellarium 0.10.5
"VLC media player" = VLC media player 1.0.5
"WampServer 2_is1" = WampServer 2.0
"WebStorm 1.0.2" = JetBrains WebStorm 1.0.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"Yugma90" = Yugma

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cisco Unified Presenter Add-in 6x5" = Cisco Unified Presenter Add-in 6x5
"Dropbox" = Dropbox
"FamilySearch Indexing" = FamilySearch Indexing
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Uninstall FamilySearch Indexing" = Uninstall FamilySearch Indexing

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2011 11:45:30 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 2/15/2011 11:45:31 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 11:45:31 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2215

Error - 2/15/2011 11:45:31 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2215

Error - 2/15/2011 11:45:32 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 11:45:32 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3759

Error - 2/15/2011 11:45:32 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3759

Error - 2/15/2011 11:45:33 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/15/2011 11:45:33 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4758

Error - 2/15/2011 11:45:33 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4758

[ Cisco AnyConnect VPN Client Events ]
Error - 1/25/2011 12:47:21 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67108866
Description = Function: CCstpProtocol::sendControlFrame File: .\CstpProtocol.cpp Line:
1637 Invoked Function: CSslProtocol::writeTunnel Return Code: -31522805 (0xFE1F000B)
Description:
SOCKETTRANSPORT_ERROR_WRITE

Error - 1/25/2011 12:47:21 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67108866
Description = Function: CCstpProtocol::sendCloseMessage File: .\CstpProtocol.cpp Line:
2483 Invoked Function: CCstpProtocol::sendControlFrame Return Code: -31522805 (0xFE1F000B)
Description:
SOCKETTRANSPORT_ERROR_WRITE

Error - 1/25/2011 12:47:21 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67108866
Description = Function: CCstpProtocol::terminateTunnel File: .\CstpProtocol.cpp Line:
578 Invoked Function: CCstpProtocol::sendCloseMessage Return Code: -31522805 (0xFE1F000B)
Description:
SOCKETTRANSPORT_ERROR_WRITE

Error - 1/25/2011 12:47:21 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::internalWriteSocket File: .\IPC\SocketTransport.cpp
Line:
1737 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
connection was forcibly closed by the remote host.

Error - 1/25/2011 12:47:21 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::writeSocket File: .\IPC\SocketTransport.cpp
Line:
951 Invoked Function: internalWriteSocket Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE

Error - 1/25/2011 12:47:21 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67108866
Description = Function: CTlsProtocol::flushNetworkBio File: .\TlsProtocol.cpp Line:
983 Invoked Function: CSocketTransport::writeSocket Return Code: -31522805 (0xFE1F000B)
Description:
SOCKETTRANSPORT_ERROR_WRITE

Error - 1/25/2011 12:47:21 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67108866
Description = Function: CTlsProtocol::terminateTunnel File: .\TlsProtocol.cpp Line:
435 Invoked Function: flushNetworkBio Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE

Error - 1/25/2011 12:47:21 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67110873
Description = Termination reason code 34: Reconnect attempts have ceased because
the session timeout has been exceeded.

Error - 1/25/2011 12:47:21 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::main File: .\VpnMgr.cpp Line: 1382 Invoked Function:
CVpnMgr::checkReconnectLimits Return Code: -32899057 (0xFE0A000F) Description: VPNMGR_ERROR_SESSION_TIMEOUT


Error - 1/25/2011 12:47:23 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.

[ Media Center Events ]
Error - 3/21/2010 6:48:03 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 4:47:57 PM - Error connecting to the internet. 4:47:57 PM - Unable
to contact server..

Error - 3/21/2010 7:50:16 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 5:50:16 PM - Error connecting to the internet. 5:50:16 PM - Unable
to contact server..

Error - 3/21/2010 7:50:45 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 5:50:45 PM - Error connecting to the internet. 5:50:45 PM - Unable
to contact server..

Error - 3/25/2010 6:23:01 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 4:23:01 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 3/25/2010 6:23:04 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 4:23:02 PM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 4/21/2010 10:21:48 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 8:21:48 AM - Error connecting to the internet. 8:21:48 AM - Unable
to contact server..

Error - 4/21/2010 10:21:57 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 8:21:53 AM - Error connecting to the internet. 8:21:53 AM - Unable
to contact server..

Error - 12/1/2010 12:07:31 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 9:07:31 AM - Error connecting to the internet. 9:07:31 AM - Unable
to contact server..

Error - 12/1/2010 12:07:48 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 9:07:36 AM - Error connecting to the internet. 9:07:36 AM - Unable
to contact server..

Error - 12/2/2010 12:05:30 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = MCUpdate | ID = 0
Description = 9:05:24 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

[ OSession Events ]
Error - 8/19/2010 11:01:08 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 62263
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/15/2011 10:41:19 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. B) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 2/15/2011 10:42:26 PM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain LDS due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 2/16/2011 11:46:01 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain LDS due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 2/16/2011 11:46:01 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. B) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 2/16/2011 11:46:05 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/16/2011 11:46:06 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/16/2011 11:46:07 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/16/2011 11:46:14 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/16/2011 11:48:19 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2/16/2011 11:48:20 AM | Computer Name = LIECHTYPO-L3ACX.ldschurch.org | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 PM

Posted 16 February 2011 - 07:34 PM

Yeah, not finding anything nasty either. Let's do a quick clear up. Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


I think we'll take a look at your symptoms currently. What suspicious activity have you seen on the machine since I picked up the topic?
Posted Image
m0le is a proud member of UNITE

#9 Bugbegone

Bugbegone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 February 2011 - 03:02 PM

Here is the output. One good thing, I don't see the traffic going to the ip address any more. I do see other traffic though. I see connections to:

http://rcv-srv120.inplay.tubemogul.com

http://www.tubemogul.com/ is an advertising, audience targeting software. Sounds like they are monitoring my behavior and sending it off to an ad service. Here is the service request it makes:

<StreamMiner xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.illumenix.com/StreamReceiver/services/schemas streamminer.xsd" version="4" xmlns="http://www.illumenix.com/StreamReceiver/services/schemas">
<Header transportSequenceID="12">
<To>
<Credential domain="authID">
<Identity>P-RS5-841</Identity>
</Credential>
</To>
</Header>
<Request>
<PlayerHeartbeatRequest playerInstanceID="WjtACMPa3x4YzcZqibIz" />
</Request>
</StreamMiner>



Here is the response:


<StreamMiner xmlns="http://www.illumenix.com/StreamReceiver/services/schemas" version="2">
<Response>
<PlayerHeartbeatResponse requestStatus="success" />
</Response>
</StreamMiner>

Here is the output of the OTL program:

========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.20.6 log created on 02172011_121954

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 PM

Posted 17 February 2011 - 05:38 PM

Looks like an adware request. Please run MBAM and SAS one after another (if possible)

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 PM

Posted 19 February 2011 - 08:30 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#12 Bugbegone

Bugbegone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 21 February 2011 - 11:17 AM

I ran Malware Bytes and Super Spyware. I had run these before, but I didn't do the full scans that I remember. I thought I did run a full scan or I had an older version of Malware Bytes. Anyway, the problem is fixed! Here is the out put of Malware Bytes and Super Spyware. If you could explain from the output what it was it removed, it would be good for learning sakes. I saw that spyware process detector was on there. I actually installed that one :(. I thought it was a spyware removal program. Here is the output.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5801

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/18/2011 1:15:38 PM
mbam-log-2011-02-18 (13-15-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 829668
Time elapsed: 2 hour(s), 24 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Process Detector_is1 (Rogue.SpywareProcessDetector) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\spyware process detector (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Base (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Help (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Save (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\uninstall (Rogue.SpywareProcessDetector) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector (Rogue.SpywareProcessDetector) -> No action taken.

Files Infected:
c:\program files (x86)\spyware process detector\register.url (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\spd321.dll (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\spd321.sys (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\spydetector.url (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Base\good.spd (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Help\english.chm (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Help\english.mnl (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin\belarusian.lng (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin\bulgarian.lng (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin\czech.lng (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin\deutsch.lng (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin\english.lng (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin\francais.lng (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin\hungarian.lng (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin\romanian.lng (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\Plugin\russian.lng (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\uninstall\isssurvey.dll (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\uninstall\isssurvey.ini (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\uninstall\unins000.dat (Rogue.SpywareProcessDetector) -> No action taken.
c:\program files (x86)\spyware process detector\uninstall\unins000.exe (Rogue.SpywareProcessDetector) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector\online registration.lnk (Rogue.SpywareProcessDetector) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector\spyware process detector v3.21.lnk (Rogue.SpywareProcessDetector) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector\user manual.lnk (Rogue.SpywareProcessDetector) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector\visit our site.lnk (Rogue.SpywareProcessDetector) -> No action taken.








SUPER SPYWARE OUTPUT:






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/18/2011 at 03:41 PM

Application Version : 4.48.1000

Core Rules Database Version : 6432
Trace Rules Database Version: 4244

Scan type : Complete Scan
Total Scan Time : 01:40:45

Memory items scanned : 769
Memory threats detected : 0
Registry items scanned : 14532
Registry threats detected : 0
File items scanned : 94421
File threats detected : 203

Adware.Tracking Cookie
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\liechtypo@112.2o7[4].txt
.liveperson.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
r.unicornmedia.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
dc.tremormedia.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
server.iad.liveperson.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.microsoftsto.112.2o7.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hotlog.ru [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.leeenterprises.112.2o7.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.foxfilmedentertainment.122.2o7.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
s03.flagcounter.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
network.realmedia.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webreports.digitalinsight.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webreports.digitalinsight.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webreports.digitalinsight.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.webreports.digitalinsight.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mercola.122.2o7.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\liechtypo\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
media.scanscout.com [ C:\Users\liechtypo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GM7WRZ84 ]
secure-us.imrworldwide.com [ C:\Users\liechtypo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GM7WRZ84 ]
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@microsoftsto.112.2o7[1].txt
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@ad.wsod[2].txt
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@imrworldwide[2].txt
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@ads.cnn[1].txt
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@digitalmediaminute[2].txt
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@revsci[2].txt
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@serving-sys[2].txt
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@bs.serving-sys[1].txt
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@insightexpressai[2].txt
C:\Users\liechtypo\AppData\Roaming\Microsoft\Windows\Cookies\Low\liechtypo@ad.yieldmanager[1].txt
.omnituretraining5.112.2o7.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.omnitureengineering.112.2o7.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.otstinc2.122.2o7.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.revsci.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.revsci.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.collective-media.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.collective-media.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.collective-media.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.trackalyzer.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.2o7.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.webreports.digitalinsight.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.webreports.digitalinsight.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.webreports.digitalinsight.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
counters.gigya.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.hotlog.ru [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.kontera.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.kontera.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.kontera.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.specificclick.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
www8.addfreestats.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.lucidmedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.realmedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.revsci.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.specificclick.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.liveperson.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.liveperson.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.game-advertising-online.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.specificclick.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.specificclick.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.specificmedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ru4.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.adecn.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.interclick.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.interclick.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.interclick.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.mediaforge.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.decho.122.2o7.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.unicornmedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
r2.unicornmedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.pcdiscounters.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.pcdiscounters.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.relfinder.dbpedia.org [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.relfinder.dbpedia.org [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.revsci.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.ev.ads.pointroll.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.realmedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.realmedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.revsci.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.revsci.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.revsci.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.revsci.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]
.revsci.net [ C:\Users\liechtypo\AppData\Roaming\Mozilla\Firefox\Profiles\g72emwe3.default\cookies.sqlite ]

#13 Bugbegone

Bugbegone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 21 February 2011 - 04:11 PM

Well, I guess it has reinstalled itself or something because it is back. I see the connections to http://rcv-srv122.inplay.tubemogul.com/StreamReceiver/services


I didn't see them for a few hours.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:24 PM

Posted 21 February 2011 - 05:33 PM

If you notice the MBAM program found the rogue spyware but the entries all have "No action taken" afterwards.

Can you run MBAM again but on the main Scanner screen when you click on the Show Results button to see a list of any malware that was found please make sure that everything is checked, and click Remove Selected

Post the log that you get.
Posted Image
m0le is a proud member of UNITE

#15 Bugbegone

Bugbegone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 21 February 2011 - 07:15 PM

I have found a similar but different process running that is sending encrypted traffic to http://173.223.52.125. But this one is making 5 requests per second where as the other one was making say one every 2 minutes. I blocked any traffic going to this ip address. It is also still sending data to tubemogul.com.

To respond to your reply, here is the log from MBam.

I did quarentine the spyware items. I went and found the log after I did that. Here it is:




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5801

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/18/2011 1:19:17 PM
mbam-log-2011-02-18 (13-19-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 829668
Time elapsed: 2 hour(s), 24 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Process Detector_is1 (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\spyware process detector (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Base (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Help (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Save (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\uninstall (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\spyware process detector\register.url (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\spd321.dll (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\spd321.sys (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\spydetector.url (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Base\good.spd (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Help\english.chm (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Help\english.mnl (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin\belarusian.lng (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin\bulgarian.lng (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin\czech.lng (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin\deutsch.lng (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin\english.lng (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin\francais.lng (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin\hungarian.lng (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin\romanian.lng (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\Plugin\russian.lng (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\uninstall\isssurvey.dll (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\uninstall\isssurvey.ini (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\uninstall\unins000.dat (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\program files (x86)\spyware process detector\uninstall\unins000.exe (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector\online registration.lnk (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector\spyware process detector v3.21.lnk (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector\user manual.lnk (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\spyware process detector\visit our site.lnk (Rogue.SpywareProcessDetector) -> Quarantined and deleted successfully.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users