Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

email sent from my computer with link in it


  • This topic is locked This topic is locked
20 replies to this topic

#1 taoson

taoson

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 13 February 2011 - 01:45 AM

I woke up this morning to find that my computer had sent several emails out to different groups of people in my contacts. The only thin in the message was a short line of text like this hxxp://xxxxxx .com/ rml3.html.

All requested logs are attached or below.

Thanks!


DDS (Ver_10-12-12.02) - NTFSx86
Run by Bill at 20:43:40.45 on Sat 02/12/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3071.939 [GMT -6:00]

AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.DEVELOPER2008\MSSQL\Binn\sqlservr.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.DEVELOPER2008\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.DEVELOPER2008\MSSQL\Binn\SQLAGENT.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.DEVELOPER2008\MSSQL\Binn\fdhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\PVSW\BIN\W3DBSMGR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
I:\VirusRemoval\Defogger.exe
I:\VirusRemoval\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: @c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\6.3.2380.0\mswinext.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
StartupFolder: c:\users\bill\appdata\roaming\micros~1\windows\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe
StartupFolder: c:\users\bill\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\W3DBSMGR.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} - hxxp://premieranniversarydownload.hipdigital.com/HipDigitalDownloadManager.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax8729.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
AppInit_DLLs: avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2010-7-17 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-7-17 52872]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-17 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-17 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-17 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-17 243024]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R1 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-7-17 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-7-17 5897808]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-4-27 193192]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-11-24 203616]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 msftesql$DEVELOPER2005;SQL Server FullText Search (DEVELOPER2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2007-6-22 95592]
R2 MSSQL$DEVELOPER2005;SQL Server (DEVELOPER2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 MSSQL$DEVELOPER2008;SQL Server (DEVELOPER2008);c:\program files\microsoft sql server\mssql10.developer2008\mssql\binn\sqlservr.exe [2009-3-30 43010392]
R2 MSSQLFDLauncher$DEVELOPER2008;SQL Full-text Filter Daemon Launcher (DEVELOPER2008);c:\program files\microsoft sql server\mssql10.developer2008\mssql\binn\fdlauncher.exe [2008-7-10 31256]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 SQLAgent$DEVELOPER2005;SQL Server Agent (DEVELOPER2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2008-11-24 346976]
R2 SQLAgent$DEVELOPER2008;SQL Server Agent (DEVELOPER2008);c:\program files\microsoft sql server\mssql10.developer2008\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2010-7-17 122448]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2010-7-17 30288]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2010-7-17 27216]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2007-1-24 299776]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2007-1-24 149504]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2007-1-24 498176]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2007-1-24 23552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-3 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-20 11264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]

=============== Created Last 30 ================

2011-02-09 22:55:41 -------- d-----w- c:\users\bill\appdata\roaming\Local
2011-02-09 22:54:12 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-02-09 22:53:05 -------- d-----w- c:\program files\common files\DivX Shared
2011-02-09 22:39:43 -------- d-----w- c:\program files\DivX
2011-02-09 22:36:11 -------- d-----w- c:\progra~2\DivX
2011-01-30 20:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-16 20:46:20 -------- d-----w- c:\program files\Citrix
2011-01-16 20:46:03 -------- d-----w- c:\users\bill\appdata\local\Citrix
2011-01-16 20:46:01 103720 ----a-w- c:\users\bill\GoToAssistDownloadHelper.exe
2011-01-16 20:40:35 -------- d-----w- C:\OGWin1.6
2011-01-16 17:36:27 -------- d-----w- c:\program files\common files\ODBC
2011-01-16 17:36:05 -------- d-----w- c:\program files\common files\Pervasive Software
2011-01-16 17:36:04 7952 ----a-w- c:\windows\system32\ODBCCP32.CPL
2011-01-16 17:35:39 -------- d-----w- C:\PVSW
2011-01-16 17:33:43 1204224 ----a-w- c:\windows\system32\ot60as.dll
2011-01-16 17:33:40 167936 ----a-w- c:\windows\system32\osc60as.dll
2011-01-16 17:33:35 1646592 ----a-w- c:\windows\system32\og70as.dll
2011-01-16 17:33:25 43760 ----a-w- c:\windows\system\nwlocale.dll
2011-01-16 17:33:25 146976 ----a-w- c:\windows\system32\mfcoleui.dll

==================== Find3M ====================

2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 20:45:04.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:44 PM

Posted 18 February 2011 - 09:21 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 taoson

taoson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 18 February 2011 - 09:38 PM

I'm here and ready to proceed.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:44 PM

Posted 18 February 2011 - 09:42 PM

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 taoson

taoson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 19 February 2011 - 01:10 PM

2011/02/19 12:02:16.0614 24896 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/19 12:02:16.0663 24896 ================================================================================
2011/02/19 12:02:16.0664 24896 SystemInfo:
2011/02/19 12:02:16.0664 24896
2011/02/19 12:02:16.0664 24896 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/19 12:02:16.0664 24896 Product type: Workstation
2011/02/19 12:02:16.0664 24896 ComputerName: VISTA
2011/02/19 12:02:16.0664 24896 UserName: Bill
2011/02/19 12:02:16.0664 24896 Windows directory: C:\Windows
2011/02/19 12:02:16.0664 24896 System windows directory: C:\Windows
2011/02/19 12:02:16.0664 24896 Processor architecture: Intel x86
2011/02/19 12:02:16.0664 24896 Number of processors: 1
2011/02/19 12:02:16.0664 24896 Page size: 0x1000
2011/02/19 12:02:16.0665 24896 Boot type: Normal boot
2011/02/19 12:02:16.0665 24896 ================================================================================
2011/02/19 12:02:17.0775 24896 Initialize success
2011/02/19 12:02:32.0601 28676 ================================================================================
2011/02/19 12:02:32.0601 28676 Scan started
2011/02/19 12:02:32.0601 28676 Mode: Manual;
2011/02/19 12:02:32.0601 28676 ================================================================================
2011/02/19 12:02:33.0443 28676 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/19 12:02:33.0538 28676 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/02/19 12:02:33.0668 28676 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/02/19 12:02:33.0722 28676 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/02/19 12:02:33.0775 28676 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/02/19 12:02:33.0954 28676 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/19 12:02:34.0047 28676 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/02/19 12:02:34.0155 28676 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/19 12:02:34.0204 28676 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/02/19 12:02:34.0297 28676 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/02/19 12:02:34.0388 28676 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/02/19 12:02:34.0455 28676 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/02/19 12:02:34.0525 28676 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/19 12:02:34.0755 28676 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/02/19 12:02:34.0834 28676 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/02/19 12:02:34.0987 28676 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/19 12:02:35.0049 28676 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/19 12:02:35.0361 28676 atikmdag (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/19 12:02:35.0691 28676 Avgfwfd (26a4640a8f16f8ce39b93329c83bb15a) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2011/02/19 12:02:35.0788 28676 AVGIDSDrivervtx (1bf5706111544aefe29f64783c22d8fb) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys
2011/02/19 12:02:35.0922 28676 AVGIDSErHrvtx (3efc8f7eae54b780d1e0730da23dad25) C:\Windows\system32\Drivers\AVGIDSvx.sys
2011/02/19 12:02:36.0001 28676 AVGIDSFiltervtx (a19902063d7368864cc5708f4d1b1c97) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys
2011/02/19 12:02:36.0113 28676 AVGIDSShimvtx (034df5434a092e3bb963d1febff7aabf) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys
2011/02/19 12:02:36.0290 28676 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2011/02/19 12:02:36.0361 28676 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2011/02/19 12:02:36.0415 28676 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
2011/02/19 12:02:36.0499 28676 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2011/02/19 12:02:36.0666 28676 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/19 12:02:36.0770 28676 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/02/19 12:02:37.0059 28676 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/19 12:02:37.0172 28676 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/19 12:02:37.0232 28676 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/19 12:02:37.0359 28676 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/19 12:02:37.0434 28676 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/19 12:02:37.0532 28676 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/19 12:02:37.0613 28676 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/19 12:02:37.0770 28676 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/19 12:02:38.0135 28676 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/19 12:02:38.0251 28676 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/19 12:02:38.0520 28676 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/02/19 12:02:38.0613 28676 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/19 12:02:38.0778 28676 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/02/19 12:02:38.0939 28676 cmuda3 (4d78e35420723c0d71f2e3273d35cb45) C:\Windows\system32\drivers\cmudax3.sys
2011/02/19 12:02:39.0114 28676 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/02/19 12:02:39.0559 28676 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/02/19 12:02:39.0686 28676 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/02/19 12:02:39.0935 28676 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/02/19 12:02:40.0288 28676 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/19 12:02:40.0563 28676 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/19 12:02:41.0061 28676 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/19 12:02:41.0525 28676 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/19 12:02:41.0960 28676 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/19 12:02:42.0104 28676 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/19 12:02:42.0243 28676 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/02/19 12:02:42.0343 28676 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/02/19 12:02:42.0470 28676 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/19 12:02:42.0539 28676 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/19 12:02:42.0644 28676 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/19 12:02:42.0734 28676 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/19 12:02:42.0789 28676 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/19 12:02:42.0826 28676 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/19 12:02:42.0897 28676 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/19 12:02:43.0029 28676 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/19 12:02:43.0119 28676 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/19 12:02:43.0163 28676 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/19 12:02:43.0226 28676 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/19 12:02:43.0300 28676 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/19 12:02:43.0458 28676 HCW88TSE (d1b38599f3678f536eb61406f4f0da6d) C:\Windows\system32\drivers\hcw88tse.sys
2011/02/19 12:02:43.0545 28676 HCW88TUNE (36baa5ace16bb31e2b0bfaf551ac9786) C:\Windows\system32\drivers\hcw88tun.sys
2011/02/19 12:02:43.0657 28676 hcw88vid (2688cd88b87e0f5996ed4330e42d344a) C:\Windows\system32\drivers\hcw88vid.sys
2011/02/19 12:02:43.0759 28676 HCW88XBAR (462f10c8b88cddeb2fdaa47fa34793bb) C:\Windows\system32\drivers\HCW88BAR.sys
2011/02/19 12:02:43.0813 28676 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\drivers\hdaudbus.sys
2011/02/19 12:02:43.0857 28676 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/19 12:02:43.0937 28676 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/19 12:02:44.0058 28676 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/19 12:02:44.0143 28676 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/02/19 12:02:44.0250 28676 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/19 12:02:44.0425 28676 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/02/19 12:02:44.0724 28676 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/19 12:02:44.0835 28676 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/02/19 12:02:44.0942 28676 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/19 12:02:45.0023 28676 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/02/19 12:02:45.0152 28676 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/19 12:02:45.0305 28676 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/02/19 12:02:45.0379 28676 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/19 12:02:45.0589 28676 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/19 12:02:45.0944 28676 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/19 12:02:46.0128 28676 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/19 12:02:46.0230 28676 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/19 12:02:46.0315 28676 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/02/19 12:02:46.0502 28676 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/19 12:02:46.0983 28676 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/19 12:02:47.0108 28676 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/19 12:02:47.0368 28676 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/19 12:02:47.0510 28676 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/19 12:02:47.0669 28676 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/19 12:02:47.0955 28676 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/19 12:02:48.0285 28676 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/19 12:02:48.0438 28676 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/19 12:02:48.0586 28676 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/19 12:02:48.0922 28676 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/19 12:02:49.0193 28676 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/19 12:02:49.0271 28676 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/02/19 12:02:49.0406 28676 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/02/19 12:02:49.0507 28676 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/19 12:02:49.0611 28676 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/19 12:02:49.0700 28676 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/19 12:02:49.0755 28676 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/19 12:02:49.0835 28676 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/19 12:02:49.0941 28676 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/02/19 12:02:50.0028 28676 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/19 12:02:50.0152 28676 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/19 12:02:50.0243 28676 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/19 12:02:50.0326 28676 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/19 12:02:50.0443 28676 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/19 12:02:50.0511 28676 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/19 12:02:50.0601 28676 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/02/19 12:02:50.0670 28676 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/02/19 12:02:50.0951 28676 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/19 12:02:51.0259 28676 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/19 12:02:51.0590 28676 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/19 12:02:51.0918 28676 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/19 12:02:52.0121 28676 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/19 12:02:52.0222 28676 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/19 12:02:52.0310 28676 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/19 12:02:52.0536 28676 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/19 12:02:52.0635 28676 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/19 12:02:52.0764 28676 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/19 12:02:53.0084 28676 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/19 12:02:53.0210 28676 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/19 12:02:53.0300 28676 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/19 12:02:53.0385 28676 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/19 12:02:53.0501 28676 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/19 12:02:53.0602 28676 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/19 12:02:53.0724 28676 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/19 12:02:53.0870 28676 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/19 12:02:53.0992 28676 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/19 12:02:54.0084 28676 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/19 12:02:54.0229 28676 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/19 12:02:54.0335 28676 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/19 12:02:54.0451 28676 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/02/19 12:02:54.0603 28676 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/19 12:02:54.0674 28676 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/02/19 12:02:54.0777 28676 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/02/19 12:02:54.0855 28676 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/19 12:02:55.0089 28676 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/02/19 12:02:55.0284 28676 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/02/19 12:02:55.0377 28676 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/19 12:02:55.0538 28676 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/02/19 12:02:55.0635 28676 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/19 12:02:55.0761 28676 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/02/19 12:02:55.0870 28676 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/19 12:02:56.0050 28676 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/19 12:02:56.0349 28676 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/19 12:02:56.0445 28676 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/02/19 12:02:56.0590 28676 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/19 12:02:56.0723 28676 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/02/19 12:02:56.0851 28676 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/19 12:02:56.0970 28676 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/19 12:02:57.0225 28676 R300 (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/19 12:02:57.0385 28676 RapportCerberus_19917 (539fbdcff37a24102c507092b333ec2b) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys
2011/02/19 12:02:57.0489 28676 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\Windows\system32\Drivers\RapportKELL.sys
2011/02/19 12:02:57.0634 28676 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/02/19 12:02:57.0751 28676 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/19 12:02:57.0819 28676 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/19 12:02:57.0915 28676 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/19 12:02:57.0983 28676 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/19 12:02:58.0055 28676 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/19 12:02:58.0187 28676 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/19 12:02:58.0274 28676 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/02/19 12:02:58.0333 28676 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/19 12:02:58.0436 28676 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/19 12:02:58.0728 28676 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/02/19 12:02:58.0984 28676 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/19 12:02:59.0098 28676 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/19 12:02:59.0175 28676 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/19 12:02:59.0305 28676 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/19 12:02:59.0584 28676 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/19 12:02:59.0705 28676 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/19 12:02:59.0865 28676 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/02/19 12:02:59.0956 28676 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/19 12:03:00.0143 28676 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/02/19 12:03:00.0241 28676 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/19 12:03:00.0303 28676 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/19 12:03:00.0415 28676 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/19 12:03:00.0609 28676 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/02/19 12:03:00.0670 28676 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/02/19 12:03:00.0753 28676 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/02/19 12:03:01.0003 28676 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/19 12:03:01.0459 28676 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/19 12:03:01.0869 28676 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/19 12:03:02.0173 28676 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/19 12:03:02.0279 28676 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/19 12:03:02.0391 28676 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/19 12:03:02.0431 28676 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/19 12:03:02.0477 28676 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/19 12:03:02.0529 28676 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/19 12:03:02.0613 28676 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/19 12:03:02.0725 28676 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/19 12:03:02.0829 28676 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/19 12:03:02.0912 28676 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/19 12:03:02.0973 28676 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/19 12:03:03.0129 28676 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/19 12:03:03.0230 28676 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/19 12:03:03.0401 28676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/19 12:03:03.0476 28676 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/19 12:03:03.0590 28676 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/19 12:03:03.0669 28676 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/02/19 12:03:03.0766 28676 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/19 12:03:03.0906 28676 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/19 12:03:04.0015 28676 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/02/19 12:03:04.0109 28676 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/19 12:03:04.0198 28676 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/19 12:03:04.0268 28676 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/19 12:03:04.0359 28676 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/19 12:03:04.0486 28676 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/19 12:03:04.0650 28676 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/19 12:03:04.0736 28676 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/19 12:03:04.0814 28676 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/19 12:03:04.0912 28676 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/19 12:03:04.0991 28676 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/19 12:03:05.0119 28676 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/19 12:03:05.0208 28676 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/19 12:03:05.0286 28676 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/19 12:03:05.0409 28676 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/02/19 12:03:05.0519 28676 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/19 12:03:05.0609 28676 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/19 12:03:05.0682 28676 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/02/19 12:03:05.0758 28676 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/02/19 12:03:05.0821 28676 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/19 12:03:05.0925 28676 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/19 12:03:06.0081 28676 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/19 12:03:06.0185 28676 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/19 12:03:06.0307 28676 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/02/19 12:03:06.0437 28676 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/02/19 12:03:06.0541 28676 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/02/19 12:03:06.0694 28676 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/19 12:03:06.0758 28676 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 12:03:06.0804 28676 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 12:03:06.0944 28676 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/02/19 12:03:07.0017 28676 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/19 12:03:07.0262 28676 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/19 12:03:07.0484 28676 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/19 12:03:07.0644 28676 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/19 12:03:07.0813 28676 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/19 12:03:07.0990 28676 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/19 12:03:08.0075 28676 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/19 12:03:08.0234 28676 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/02/19 12:03:08.0432 28676 ================================================================================
2011/02/19 12:03:08.0432 28676 Scan finished
2011/02/19 12:03:08.0432 28676 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:44 PM

Posted 19 February 2011 - 07:39 PM

That's a good start. Please run MBAM and then SAS

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#7 taoson

taoson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 20 February 2011 - 03:14 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5815

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

2/20/2011 2:16:46 AM
mbam-log-2011-02-20 (02-16-46).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 645896
Time elapsed: 3 hour(s), 25 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5815

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

2/20/2011 2:16:46 AM
mbam-log-2011-02-20 (02-16-46).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 645896
Time elapsed: 3 hour(s), 25 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:44 PM

Posted 20 February 2011 - 04:46 PM

Do you realise that you have posted the MBAM log twice and not MBAM and then SAS?
Posted Image
m0le is a proud member of UNITE

#9 taoson

taoson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 20 February 2011 - 05:05 PM

I'm very sorry about that. I'm pushing 60 and starting to lose my edge. Here's the SAS Log. Thanks for your help.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/20/2011 at 01:40 PM

Application Version : 4.48.1000

Core Rules Database Version : 6437
Trace Rules Database Version: 4249

Scan type : Complete Scan
Total Scan Time : 02:15:19

Memory items scanned : 963
Memory threats detected : 0
Registry items scanned : 16866
Registry threats detected : 0
File items scanned : 163458
File threats detected : 449

Adware.Tracking Cookie
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@atdmt[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@ads.m4internet[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@view.atdmt[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@my.americandiscountcruises[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@ru4[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@adbrite[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@revsci[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@tribalfusion[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@citi.bridgetrack[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@atdmt[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@invitemedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@bs.serving-sys[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@imrworldwide[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@adecn[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@doubleclick[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@pointroll[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@questionmarket[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@serving-sys[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@advertising[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@videoegg.adbureau[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@collective-media[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@ads.pointroll[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@insightexpressai[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@ads.cnn[1].txt
.divx.112.2o7.net [ C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\Bill\AppData\Local\VirtualStore\Windows\temp\Cookies\bill@atdmt[2].txt
adimages.scrippsnetworks.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
adsatt.espn.go.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
b.ads2.msads.net [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
cdn4.specificclick.net [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
cloudfront.mediamatters.org [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
content.oddcast.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
core.insightexpressai.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
ia.media-imdb.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
img-cdn.mediaplex.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
kona.kontera.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
media.mtvnservices.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
media.scanscout.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
media.theonion.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
media.wfaa.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
media1.break.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
msnbcmedia.msn.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
polltracker.talkingpointsmemo.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
s0.2mdn.net [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
secure-us.imrworldwide.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
speed.pointroll.com [ C:\Users\Bill\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\J4Z67DJV ]
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@ads.m4internet[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\bill@atdmt[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@112.2o7[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@2o7[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@2o7[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@2o7[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@a1.interclick[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@a1.interclick[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@accountonline[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@accountonline[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad.bodybuilding[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad.wsod[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad.wsod[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad.yieldmanager[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad.yieldmanager[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad.yieldmanager[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad.yieldmanager[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad.yieldmanager[5].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad1.ftv[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad2.adfarm1.adition[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ad4.adfarm1.adition[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adbrite[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adbrite[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adecn[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adecn[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adfarm1.adition[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adform[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adinterax[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adinterax[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adlegend[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adlegend[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.as4x.tmcs.ticketmaster[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.associatedcontent[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.bcserving[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.belointeractive[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.bleepingcomputer[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.bleepingcomputer[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.bridgetrack[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.bridgetrack[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.cleveland[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.cnn[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.cnn[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.e-planning[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.esm1[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.financialcontent[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.foodbuzz[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.gmodules[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.impactnews[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.mail[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.meredithads[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.ookla[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.pgatour[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.pointroll[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.pointroll[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.pointroll[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.pointroll[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.react2media[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.roiserver[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.shorttail[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.tcmdb[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.tmnetads[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.undertone[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ads.undertone[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adserve.cruisetraffic[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adserver.adtechus[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adserver.adtechus[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adultfriendfinder[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adv.dmv[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adv.ftv[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@advertising[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@advertising[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@advertising[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adviva[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adviva[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adxpose[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@adxpose[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@americandiscountcruises[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@amtk-media[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@apmebf[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@apmebf[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@apmebf[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@apmebf[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@apmebf[5].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@associatedcontent.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@at.atwola[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@at.atwola[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@at.atwola[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@atdmt[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@atdmt[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@atdmt[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@atdmt[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@atdmt[5].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@atdmt[6].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@atlanticmedia.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@automobileclubofsoutherncalifornia.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@avgtechnologies.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@azjmp[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@beacon.dmsinsights[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@biskeducation.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@bizrate[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@bizrate[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@bmwmoter.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@borders.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@bs.serving-sys[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@bs.serving-sys[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@bs.serving-sys[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@burstbeacon[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@buycom.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@c.gigcount[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@care2.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@care2.112.2o7[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@casalemedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@cbsdigitalmedia.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@cdn1.trafficmp[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@cdn1.trafficmp[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@cdn4.specificclick[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@charter.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@chitika[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@citi.bridgetrack[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@citi.bridgetrack[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@clickaider[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@clicksor[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@collective-media[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@collective-media[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@collective-media[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@content.yieldmanager[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@content.yieldmanager[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@content.yieldmanager[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@content.yieldmanager[5].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@content.yieldmanager[7].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@counter.hitslink[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@counter.hitslink[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@counter5.sextracker[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@csm.rotator.hadj7.adjuggler[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@data.coremetrics[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@dc.tremormedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@dc.tremormedia[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@discountcruises.cruisemagic[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@discountcruises[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@dmtracker[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@doubleclick[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@doubleclick[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@eas.apm.emediate[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@eas.apm.emediate[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@edgeadx[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@edgeadx[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ehg-aaa.hitbox[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ehg-chartercommunications.hitbox[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ehg-emmiscommunications.hitbox[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ehg-eset.hitbox[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ehg-shaklee.hitbox[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@enhanced.charter[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ero-advertising[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@eyewonder[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@eyewonder[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@farecastcom.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@fastclick[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@fastclick[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@fastclick[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@find.myrecipes[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@findnsave.star-telegram[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@findvacationrentals[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@googleads.g.doubleclick[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@googleads.g.doubleclick[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@gr.burstnet[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@healthgrades.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@hearstmagazines.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@hitbox[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@hitbox[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@hotlog[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@hpi.rotator.hadj7.adjuggler[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@imagevenue.advertserve[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@imrworldwide[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@imrworldwide[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@in.getclicky[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@in.getclicky[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@insightexpressai[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@insightexpressai[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@interclick[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@interclick[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@intermundomedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@intermundomedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@intheswim.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@invitemedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@invitemedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@invitemedia[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@invitemedia[5].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@invitemedia[6].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@invitemedia[7].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@kantarmedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@kontera[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@kontera[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@leeenterprises.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@legolas-media[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@legolas-media[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@linksynergy[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveclicker[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[10].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[11].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[5].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[6].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[7].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[8].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@liveperson[9].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@lockedonmedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@lucidmedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@lucidmedia[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@marriottinternational.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@marthastewart.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@medhelpinternational.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@media.adfrontiers[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@media.adfrontiers[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@media.medhelp[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@media.photobucket[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@media2.legacy[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@media6degrees[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@media6degrees[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@mediabrandsww[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@mediabrandsww[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@mediamatters[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@mediamatters[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@mediaplex[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@mediaplex[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@mediaplex[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@microsoftmachinetranslation.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@microsoftsto.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@microsoftwindows.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@microsoftwlmobilemkt.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@movieticketscom.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@msnbc.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@msnbc.112.2o7[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@msnportal.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@msnportal.112.2o7[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@mtvn.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@mtvn.112.2o7[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@my.americandiscountcruises[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@myroitracking[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@network.realmedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@network.realmedia[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@networldmedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@nextag[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@nfl.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@northstartravelmedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@nytimes.stats[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@oasn04.247realmedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@oasn04.247realmedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@omaha.adbureau[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@overture[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@pajamasmedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@paypal.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@perf.overture[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@petfinder[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@pointroll[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@pointroll[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@pointroll[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@pointroll[5].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@polltracker.talkingpointsmemo[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@polltracker.talkingpointsmemo[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@pro-market[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@pro-market[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@qnsr[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@questionmarket[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@questionmarket[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@r1-ads.ace.advertising[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@rainbowmedia.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@rainbowmedia.122.2o7[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@randomhouse.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@rcci.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@realmedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@realmedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@realmedia[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@retropornarchive[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@revenue[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@revsci[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@revsci[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@revsci[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@revsci[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@richmedia.yahoo[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@richmedia.yahoo[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@richmedia.yahoo[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@rotator.adjuggler[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@rotator.adjuggler[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@rotator.hadj7.adjuggler[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ru4[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@ru4[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@s.clickability[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@s.clickability[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@sales.liveperson[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@saxoomahaworldherald.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@server.cpmstar[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@server.iad.liveperson[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@serving-sys[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@serving-sys[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@serving-sys[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@sexlist[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@sextracker[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@shopping.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@snapfish.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@sonyelectronicssupportus.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@sonyeurope.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@sonymediasoftware.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@specificclick[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@specificclick[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@specificmedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@specificmedia[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@stat.dealtime[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@statcounter[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@statcounter[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@statcounter[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@static.freewebs.getclicky[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@stats.dallasnews[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@stats.paypal[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@stats.townnews[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@stats.townnews[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@stats2.clicktracks[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@stats2.clicktracks[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@statse.webtrendslive[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@stpetersburgtimes.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@surveymonkey.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@surveymonkey.122.2o7[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@synacor.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tacoda.at.atwola[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tacoda.at.atwola[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tacoda.at.atwola[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tacoda[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tacoda[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@target.db.advertising[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@timeinc.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@toplist[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@track.adform[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@track.urbandealight[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tracking.foxnews[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tracking.hannoversche[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tracking.keywordmax[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tradedoubler[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@traffic.buyservices[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@trafficmp[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@trafficmp[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@trafficmp[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@traveladvertising[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@traveladvertising[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@travidia.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tribalfusion[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tribalfusion[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tribalfusion[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@tribalfusion[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@trvlnet.adbureau[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@trvlnet.adbureau[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@usatoday1.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@usnews.122.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@viacom.adbureau[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@videoegg.adbureau[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@videoegg.adbureau[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@videos.mediaite[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@walmart.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@waterfrontmedia.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@wnymedia[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@wpni.112.2o7[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@wpni.112.2o7[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.accountonline[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.accountonline[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.burstbeacon[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.burstnet[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.burstnet[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.clickmanage[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.collegeflagsandbanners[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.discountcruises[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[10].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[11].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[5].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[6].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[7].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[8].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.googleadservices[9].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.mlsfinder[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.mlsfinder[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.mlsfinder[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.qsstats[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.qsstats[4].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@www.quickfinder[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@xxxcounter[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@yadro[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@yieldmanager[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@yieldmanager[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@z.blogads[1].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@z.blogads[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@zedo[2].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@zedo[3].txt
C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\Low\bill@zedo[4].txt

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:44 PM

Posted 20 February 2011 - 05:20 PM

Don't worry about it, age has nothing to do with it - everyone on a forum makes mistakes. Except me, obviously :whistle:

Everything looks fine from there. I would like to see an OTL log next to do a deeper check

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#11 taoson

taoson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 20 February 2011 - 06:53 PM

OTL logfile created on: 2/20/2011 5:40:53 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Bill\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 33.86 Gb Free Space | 22.08% Space Free | Partition Type: NTFS
Drive D: | 50.01 Gb Total Space | 8.62 Gb Free Space | 17.23% Space Free | Partition Type: NTFS
Drive E: | 781.49 Gb Total Space | 775.84 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive F: | 50.01 Gb Total Space | 30.05 Gb Free Space | 60.10% Space Free | Partition Type: NTFS
Drive G: | 50.01 Gb Total Space | 35.07 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive I: | 122.28 Mb Total Space | 101.45 Mb Free Space | 82.97% Space Free | Partition Type: FAT

Computer Name: VISTA | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\lxeaserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
PRC - C:\Windows\System32\lxeacoms.exe ( )
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\ProgramData\U3\U3Launcher\LaunchU3.exe ()
PRC - C:\PVSW\Bin\W3DBSMGR.EXE ()


========== Modules (SafeList) ==========

MOD - C:\Users\Bill\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)


========== Win32 Services (SafeList) ==========

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (lxeaCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxea_device) -- C:\Windows\System32\lxeacoms.exe ( )
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (WMSvc) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (MSFTPSVC) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (RapportCerberus_19917) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (AVGIDSErHrvtx) -- C:\Windows\System32\Drivers\AVGIDSvx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDrivervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFiltervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimvtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (cmuda3) -- C:\Windows\System32\drivers\cmudax3.sys (C-Media Inc)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 5A 4A C1 07 E6 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/04/26 20:55:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/01 14:04:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/01 14:05:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/09 16:55:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/09 16:55:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoMailer.lnk = C:\Troopmaster Software\AutoMailer\AutoMailer.exe ()
O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} http://premieranniversarydownload.hipdigital.com/HipDigitalDownloadManager.cab (Hip Digital Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax8729.cab (MsnMusicAx Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/20 09:42:25 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e19c6c88-51a7-11df-bf11-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e19c6c88-51a7-11df-bf11-806e6f6e6963}\Shell\AutoRun\command - "" = H:\cd_intro.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/20 17:39:32 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2011/02/20 14:30:22 | 000,000,000 | ---D | C] -- C:\From2ndDrive
[2011/02/20 11:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/20 11:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/20 11:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/20 11:15:44 | 010,421,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Bill\Desktop\SUPERAntiSpyware.exe
[2011/02/19 22:35:58 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bill\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/11 19:50:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/10 11:08:26 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bill\Desktop\TDSSKiller.exe
[2011/02/09 16:55:41 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\Local
[2011/02/09 16:55:00 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\DivX
[2011/02/09 16:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/02/09 16:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/02/09 16:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/02/09 16:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/09 16:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/02/09 16:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/27 22:16:42 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
[2010/04/27 22:16:42 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
[2010/04/27 22:16:42 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
[2010/04/27 22:16:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
[2010/04/27 22:16:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
[2010/04/27 22:16:42 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
[2010/04/27 22:16:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
[2010/04/27 22:16:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
[2010/04/27 22:16:42 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEAhcp.dll
[2010/04/27 22:16:42 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
[2010/04/13 18:41:34 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/20 17:37:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2011/02/20 17:14:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/20 15:52:13 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 15:52:13 | 000,004,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/20 13:59:37 | 000,840,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/20 13:59:37 | 000,186,514 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/20 13:53:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/20 13:51:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/20 13:51:44 | 3220,758,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 13:50:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/20 11:17:18 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/19 22:37:29 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/19 22:23:32 | 010,421,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Bill\Desktop\SUPERAntiSpyware.exe
[2011/02/19 22:20:50 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bill\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/19 18:54:05 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{423F7643-1989-4DC3-8B95-DD92922E81C7}.job
[2011/02/17 19:31:36 | 000,019,968 | ---- | M] () -- C:\Users\Bill\Desktop\Scout Payments.xls
[2011/02/12 20:47:57 | 000,003,224 | ---- | M] () -- C:\Users\Bill\Desktop\Attach.zip
[2011/02/12 12:10:14 | 000,001,736 | -H-- | M] () -- C:\Users\Bill\Documents\Default.rdp
[2011/02/12 04:26:35 | 071,115,338 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/02/11 19:51:19 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/11 12:25:24 | 000,645,397 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bill\Desktop\TDSSKiller.exe
[2011/02/09 17:32:12 | 000,015,872 | ---- | M] () -- C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/09 16:55:45 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/02/09 16:55:45 | 000,001,393 | ---- | M] () -- C:\Users\Bill\Desktop\DivX Movies.lnk
[2011/02/09 16:54:43 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/02/09 16:42:32 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/07 23:31:08 | 000,370,711 | ---- | M] () -- C:\Users\Bill\Documents\CruiseReceipt.xps
[2011/02/01 13:42:40 | 000,002,583 | ---- | M] () -- C:\Users\Bill\Desktop\BlackElkOldSite.ctl
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/20 15:23:28 | 061,023,816 | ---- | C] () -- C:\Users\Bill\Desktop\SQL2008.AdventureWorks_All_Databases.zip
[2011/02/20 15:23:06 | 063,130,624 | ---- | C] () -- C:\Users\Bill\Desktop\SQL2008.AdventureWorks_All_Databases.x86.msi
[2011/02/20 15:22:22 | 029,877,248 | ---- | C] () -- C:\Users\Bill\Desktop\AdventureWorksDBCI.msi
[2011/02/20 11:17:18 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/19 22:37:29 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/12 20:47:57 | 000,003,224 | ---- | C] () -- C:\Users\Bill\Desktop\Attach.zip
[2011/02/09 16:55:45 | 000,001,393 | ---- | C] () -- C:\Users\Bill\Desktop\DivX Movies.lnk
[2011/02/09 16:54:43 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/02/09 16:53:52 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/02/09 16:42:32 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/07 23:31:01 | 000,370,711 | ---- | C] () -- C:\Users\Bill\Documents\CruiseReceipt.xps
[2011/02/01 13:42:40 | 000,002,583 | ---- | C] () -- C:\Users\Bill\Desktop\BlackElkOldSite.ctl
[2011/01/16 11:36:13 | 000,000,052 | ---- | C] () -- C:\Windows\WUCADMIN.INI
[2011/01/16 11:36:13 | 000,000,052 | ---- | C] () -- C:\Windows\W32UCADM.INI
[2011/01/16 11:35:39 | 000,000,184 | ---- | C] () -- C:\Windows\BTI.INI
[2010/07/11 20:04:26 | 000,000,363 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/09 20:04:49 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2010/05/03 20:44:45 | 000,000,614 | ---- | C] () -- C:\ProgramData\lxeaDiagnostics.log
[2010/04/30 17:58:01 | 000,000,221 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/28 21:37:43 | 000,012,993 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/04/28 21:35:02 | 000,038,456 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/04/28 21:23:24 | 000,009,771 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\Comma Separated Values (Windows).EML
[2010/04/28 20:28:32 | 000,038,034 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
[2010/04/28 18:43:25 | 000,000,082 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010/04/28 18:43:01 | 000,258,048 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/04/28 18:43:01 | 000,000,252 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010/04/28 18:28:38 | 000,002,125 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010/04/28 18:28:29 | 000,002,423 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010/04/28 06:43:19 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/04/28 00:42:18 | 000,015,872 | ---- | C] () -- C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 22:27:00 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/04/27 22:19:17 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
[2010/04/27 22:19:10 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
[2010/04/27 22:19:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
[2010/04/27 22:19:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
[2010/04/27 22:19:08 | 000,011,702 | ---- | C] () -- C:\ProgramData\lxeascan.log
[2010/04/27 22:16:55 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
[2010/04/27 22:16:42 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
[2010/04/27 22:16:42 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
[2010/04/27 22:16:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
[2010/04/27 22:16:42 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
[2010/04/27 22:16:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
[2010/04/27 22:16:42 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
[2010/04/27 22:16:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
[2010/04/27 22:16:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
[2010/04/27 22:16:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
[2010/04/27 22:13:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/04/27 22:13:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/04/27 22:13:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/04/27 22:12:55 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
[2010/04/27 22:12:55 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
[2010/04/26 22:01:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/01/20 20:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/01/24 13:25:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2006/11/02 06:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/05/11 12:56:17 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\eFax Messenger
[2010/05/04 17:36:48 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\j2 Global
[2011/02/09 16:55:41 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Local
[2010/08/14 18:54:33 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Sony
[2010/05/01 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Trusteer
[2011/02/20 13:50:18 | 000,030,934 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/19 18:54:05 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{423F7643-1989-4DC3-8B95-DD92922E81C7}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Bill\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty

< End of report >


OTL Extras logfile created on: 2/20/2011 5:40:54 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Bill\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 33.86 Gb Free Space | 22.08% Space Free | Partition Type: NTFS
Drive D: | 50.01 Gb Total Space | 8.62 Gb Free Space | 17.23% Space Free | Partition Type: NTFS
Drive E: | 781.49 Gb Total Space | 775.84 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive F: | 50.01 Gb Total Space | 30.05 Gb Free Space | 60.10% Space Free | Partition Type: NTFS
Drive G: | 50.01 Gb Total Space | 35.07 Gb Free Space | 70.13% Space Free | Partition Type: NTFS
Drive I: | 122.28 Mb Total Space | 101.45 Mb Free Space | 82.97% Space Free | Partition Type: FAT

Computer Name: VISTA | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0235CA89-6579-492A-880D-D28AFAFE1221}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{09E3423C-80B0-4A29-9F5E-C7DE59961F80}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0AA89203-0639-4DBA-81FE-90DFFFBF4A63}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1E706818-BBC3-4B78-B96E-95659F6F6E5D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1FE4E4E1-162B-43A8-8E3E-8BD61C0F8684}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{214AC668-58D6-4157-81AB-95C136F04E85}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{265D2837-4290-4AB0-8A55-87B30622B3DC}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2741087E-636A-4C91-AD46-A2E4ABE5C962}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28D29076-3402-41EF-8380-9E2D484F68C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2966C9EB-71FE-4E98-A9A1-0DF170F5377B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2DBD45A8-3997-4AA2-9830-30BAE1759DA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D7EA690-7BA1-4B0B-AAA9-D8B905416805}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E5A0B79-5DEC-463C-A05B-0DC76E092E5D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59F2CEC5-DCCC-4557-B2A9-9C43E5304EFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B474AA3-199D-48E1-A4B9-1E309DE51D20}" = lport=10244 | protocol=6 | dir=in | app=system |
"{7B29675C-6B28-40BC-85BA-16C9C76E644F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{82C66E25-2FE4-4746-8DE4-44E39FC3721B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{853605DE-8137-4BE3-B4A1-B253DC45C4F0}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{86309EFA-922B-4B9A-91FA-22F94815338A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89D35B99-F9DB-4028-9DB4-6425C9C8A0C6}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8D14CA80-EF3B-4362-BE6A-58F41BCE6276}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FA0EE2A-A964-4CBE-9D80-D0B364B2EA04}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98DE4CCD-5097-4CC1-A829-A68010A92B1A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1D90457-20F3-4572-BDB3-D888399F94A8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B1FF4241-6210-4C1B-8755-48156CA20C87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B20C6D20-419D-41CE-8D85-E4D0C0239AF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2945506-B039-45B2-9FA2-1BC04D704878}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C24BE874-D9FF-4AF8-9BD6-8FDCC8E6C573}" = lport=3390 | protocol=6 | dir=in | app=system |
"{CD97D122-C8F3-4AC4-AC92-0E0DC5EB2890}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{D7DDC436-DCF9-44F5-A555-408D33919A1C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DED1B702-7D54-44A5-A8D0-1B7D6DD4411C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E542E146-BD54-45A2-86B6-86B64AF64394}" = lport=3390 | protocol=6 | dir=in | app=system |
"{EDE00B10-1C39-4B9E-B25D-BB79E815E076}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{F385F61B-4F0A-43CF-9D4D-014665BF0371}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03228406-A4C5-4235-B6CE-9CFB3880E209}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A02AC3D-36E8-46C4-9499-B1B6DF61C02D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0D54D55D-986E-41DC-BE04-DE9581168F88}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2505035A-A8F8-4633-8455-BB2FEF7B5D0E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28911686-CD3D-48B8-8606-783C548D12D5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2975EBB1-B9F8-466A-B59B-551723C378DA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2F9BC8AE-3817-42EF-9EFD-D602431157DA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{30C3BF0D-A69E-433A-A456-293E2E8E0BE4}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{3542F0E8-EB2A-4B61-94C4-A65FA8CCF7FC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{363A98CE-F793-473D-8882-1F43A06E3771}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{37558DFA-3ABA-4B95-A11A-091720F4862E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3CE525CA-349C-48BA-918E-56E6BFF8B01A}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{3E262B81-2D29-4ED0-AF2C-951C2BCC55C6}" = protocol=17 | dir=in | app=c:\windows\system32\lxeacoms.exe |
"{461E2B39-3DE1-4B3F-A2EB-F6DE29B59032}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{463B2FC9-8483-4D23-B951-1DC520836E3A}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{498B6912-7293-443F-920B-A05C5D41DF50}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4DABB216-5D9D-46E2-A30A-9B40E4C23064}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{57CE2835-8670-4FE3-93C3-AC69595E7B7E}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{5D5F7461-D6A9-460F-908A-C9D56148DF62}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5E9E6BBF-6E83-4857-84D6-4992E6152187}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{5FB58DBE-6B97-445F-BE9C-C9DEE576CF1B}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{681C6614-EEF5-426E-9DC0-E340BE2193F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6EEBC83E-B072-4F82-BBA7-6E4C09A25791}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6F5E1C74-87C1-4D52-893D-C9DCF2EECB91}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{714C784E-E17A-4EA8-BE04-5139FAAB7D06}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{732EF35E-CCDC-4862-8882-2777A5EAEAAA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B280810-3C79-4097-8F0F-F60186487E20}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |
"{9D3E76F6-4DBD-4E66-A5D3-35C34B7C5258}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A44E0667-60BD-4F06-9429-F1C11053E27D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AF380CBE-EEFF-470E-A70F-ADB8B25072A8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B0C3753B-AFEB-4B2E-B6F5-C3DF27922569}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C1CBFB68-FCF3-4DFB-B138-8C93597BF3D2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C56124F8-FA82-4743-A82D-9CF0C65EC456}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CCC91213-3527-4684-9B76-B89F48B728F6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CE227C0A-C5BB-4951-A536-818B85DAFEAF}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{CE2FCF90-7B4A-4D60-9D23-BE8C75DF6074}" = protocol=6 | dir=in | app=c:\windows\system32\lxeacoms.exe |
"{D1E86F6B-CC4B-49FA-8220-692B8C0FE410}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{D57D6056-2FD0-468F-9A6D-35180B72F19A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E33B7CCB-DB0F-4BBC-9AAC-A925D19B380F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E82884A3-6C5A-430D-A899-01B30B7FE030}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F236151E-E5BE-4964-AE93-6FB83D43EF4E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{FF01C733-2F6E-42EC-9794-3444F4A27B05}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{1CA52CB6-401E-40AF-A6F2-53DB46AE3A22}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{823E62AA-5D46-42D3-850D-F1AB61AF2775}C:\program files\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=6 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |
"UDP Query User{094251A8-4341-41C2-98DB-D1598B658279}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{4E43839E-C1AC-4574-B92C-230BEFBEA839}C:\program files\pervasive software\psql\bin\w3dbsmgr.exe" = protocol=17 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{033B535A-1AFF-435D-B8D9-B0B83A800569}" = Microsoft SQL Server 2008 Full text search
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005 (DEVELOPER2005)
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40F34A1C-65A2-4163-98CE-A0D0646CABEF}" = Microsoft SQL Server 2008 Integration Services
"{440A992F-3BDB-4D76-9CB4-B4C09F5998B7}" = Microsoft SQL Server 2008 Books Online (October 2009)
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}" = Microsoft SQL Server 2008 Client Tools
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60D46DEE-5221-47AA-B978-BA25C5D9F560}" = Microsoft SQL Server 2008 Client Tools
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{64C85B95-E971-4705-B3ED-D4A0153C0D5B}" = SAMSUNG USB Driver for Mobile Phones V5.2.0.0
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6FDD4688-E063-401D-B6BE-7234E20B9173}" = Microsoft SQL Server 2005 Books Online (English) (September 2007)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8111C33A-87E8-49CA-BB38-9E7FAA568D68}" = SamsungSimpleDL
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8415F660-5FDC-4601-97DD-43A783600F4B}" = SQLXML4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEB03FAF-90EB-4B4F-BA32-9C4DDE2C9804}" = Microsoft SQL Server 2008 Integration Services
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BC016166-AB8A-4EE3-831F-97AEB6CCFB3D}" = Microsoft SQL Server Compact 3.5 SP2 for Devices English
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D407F7C0-579E-4CCB-91FD-855CE5084E86}" = Microsoft Visual Studio 2005 Standard Edition - ENU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudibleManager" = AudibleManager
"AVG9Uninstall" = AVG 9.0
"Belarc Advisor" = Belarc Advisor 8.1
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"CNXT_MODEM_PCI_HSF" = PCI Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX Setup
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"InstallShield_{8111C33A-87E8-49CA-BB38-9E7FAA568D68}" = SamsungSimpleDL
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Standard Edition - ENU" = Microsoft Visual Studio 2005 Standard Edition - ENU
"MSN Music Assistant" = MSN Music Assistant
"Pervasive.SQL 2000 Workstation" = Pervasive.SQL 2000 Workstation (SP3)
"Rapport_msi" = Rapport
"Rhapsody" = Rhapsody
"TroopMaster 2010" = TroopMaster 2010
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"ULTIMATER" = Microsoft Office Ultimate 2007
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9b8a4839388c96bd" = MyLucky7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2011 12:49:53 AM | Computer Name = VISTA | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e,
exception code 0xc0000005, fault offset 0x0004a246, process id 0x3fdc, application
start time 0x01cbc190470e0e2d.

Error - 2/4/2011 9:39:07 PM | Computer Name = VISTA | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e,
exception code 0xc0000005, fault offset 0x0004a246, process id 0x340c, application
start time 0x01cbc41353151380.

Error - 2/6/2011 7:06:54 PM | Computer Name = VISTA | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0xe06d7363, fault offset 0x0003fbae, process id 0x3e24, application
start time 0x01cbc6527d6c5896.

Error - 2/11/2011 9:18:08 PM | Computer Name = VISTA | Source = Application Error | ID = 1000
Description = Faulting application qw.exe, version 17.1.9.2, time stamp 0x49065244,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00039747, process id 0xfc98, application start time
0x01cbca50e3660c12.

Error - 2/11/2011 9:20:06 PM | Computer Name = VISTA | Source = Application Error | ID = 1000
Description = Faulting application IEXPLORE.EXE, version 8.0.6001.18999, time stamp
0x4ccf92fb, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e,
exception code 0xc0000005, fault offset 0x0004a246, process id 0x5a00, application
start time 0x01cbc98c83a48183.

Error - 2/13/2011 12:17:36 AM | Computer Name = VISTA | Source = Perflib | ID = 1010
Description =

Error - 2/20/2011 12:39:23 AM | Computer Name = VISTA | Source = EventSystem | ID = 4621
Description =

Error - 2/20/2011 12:43:43 AM | Computer Name = VISTA | Source = WinMgmt | ID = 10
Description =

Error - 2/20/2011 3:53:48 PM | Computer Name = VISTA | Source = WinMgmt | ID = 10
Description =

Error - 2/20/2011 5:36:47 PM | Computer Name = VISTA | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e,
exception code 0xc0000005, fault offset 0x0004a246, process id 0x238, application
start time 0x01cbd137af2b9878.

[ Media Center Events ]
Error - 6/28/2010 9:50:51 PM | Computer Name = VISTA | Source = Mcx2Prov | ID = 507
Description =

Error - 6/28/2010 9:50:52 PM | Computer Name = VISTA | Source = Mcx2Dvcs | ID = 405
Description =

Error - 6/28/2010 10:35:48 PM | Computer Name = VISTA | Source = Mcx2Prov | ID = 507
Description =

Error - 6/28/2010 10:35:48 PM | Computer Name = VISTA | Source = Mcx2Dvcs | ID = 405
Description =

Error - 6/28/2010 11:40:09 PM | Computer Name = VISTA | Source = Mcx2Prov | ID = 507
Description =

Error - 6/28/2010 11:40:09 PM | Computer Name = VISTA | Source = Mcx2Dvcs | ID = 405
Description =

[ OSession Events ]
Error - 4/29/2010 8:34:26 AM | Computer Name = VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 378
seconds with 300 seconds of active time. This session ended with a crash.

Error - 10/6/2010 11:46:34 PM | Computer Name = VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/10/2010 7:10:57 PM | Computer Name = VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 559
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/6/2010 9:15:28 PM | Computer Name = VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1896
seconds with 60 seconds of active time. This session ended with a crash.

Error - 1/14/2011 10:04:51 PM | Computer Name = VISTA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1927
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/23/2011 5:27:20 PM | Computer Name = VISTA | Source = Print | ID = 6161
Description = The document 2011_Alaska_program_overview.pdf, owned by Bill, failed
to print on printer Lexmark S300 Series (Network). Try to print the document again,
or restart the print spooler. Data type: RAW. Size of the spool file in bytes:
13425513. Number of bytes printed: 13425513. Total number of pages in the document:
4. Number of pages printed: 0. Client computer: \\VISTA. Win32 error code returned
by the print processor: 0. The operation completed successfully.

Error - 1/25/2011 10:23:21 AM | Computer Name = VISTA | Source = Print | ID = 6161
Description = The document http://www.frommers.com/destinations/print-narrative.cfm?destID,
owned by Bill, failed to print on printer Lexmark S300 Series (Network). Try to
print the document again, or restart the print spooler. Data type: LEMF. Size of
the spool file in bytes: 2073080. Number of bytes printed: 2073080. Total number
of pages in the document: 4. Number of pages printed: 0. Client computer: \\VISTA.
Win32 error code returned by the print processor: 0. The operation completed successfully.


Error - 2/8/2011 9:31:59 PM | Computer Name = VISTA | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 2/11/2011 9:50:34 PM | Computer Name = VISTA | Source = DCOM | ID = 10005
Description =

Error - 2/11/2011 9:50:34 PM | Computer Name = VISTA | Source = Service Control Manager | ID = 7009
Description =

Error - 2/11/2011 9:50:34 PM | Computer Name = VISTA | Source = Service Control Manager | ID = 7000
Description =

Error - 2/20/2011 12:41:28 AM | Computer Name = VISTA | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 2/20/2011 12:43:47 AM | Computer Name = VISTA | Source = Service Control Manager | ID = 7026
Description =

Error - 2/20/2011 3:51:25 PM | Computer Name = VISTA | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 2/20/2011 3:53:50 PM | Computer Name = VISTA | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:44 PM

Posted 20 February 2011 - 07:06 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please next run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    iexplore.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#13 taoson

taoson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 20 February 2011 - 09:31 PM

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.20.6 log created on 02202011_201845



SystemLook 04.09.10 by jpshortstuff
Log created at 20:22 on 20/02/2011 by Bill
Administrator - Elevation successful

No Context: • :filefind

No Context: • iexplore.exe

-= EOF =-

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:44 PM

Posted 21 February 2011 - 06:07 PM

Not sure what's happened there.

Please run SystemLook again and make sure all that gets copied and pasted is what is below in the code boxes.

:filefind
iexplore.exe

If it still fails try this one:

:filefind
iexplore.*

Posted Image
m0le is a proud member of UNITE

#15 taoson

taoson
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 21 February 2011 - 08:58 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 19:51 on 21/02/2011 by Bill
Administrator - Elevation successful

========== filefind ==========

Searching for "iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe --a---- 638232 bytes [03:54 16/12/2010] [06:03 02/11/2010] 5AB037B17F8A87D052F5A88E0D29A3C8
C:\Windows\SoftwareDistribution\Download\8430e87565ba4408aed93f76136db174\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe --a---- 638232 bytes [11:38 09/02/2011] [06:28 18/12/2010] B988D7F127B94BD5BF8356FE81B985C4
C:\Windows\SoftwareDistribution\Download\8430e87565ba4408aed93f76136db174\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe --a---- 638232 bytes [11:38 09/02/2011] [07:19 18/12/2010] 7852371DA9EFBC17B645558E23780EAC
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\iexplore.exe --a---- 634648 bytes [01:28 27/04/2010] [16:56 09/03/2010] 259E27152180B895DF395ED3E412B90E
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21242_none_2ddbfecc361459f2\iexplore.exe --a---- 634648 bytes [01:28 27/04/2010] [16:32 09/03/2010] 97496AA4590CB101EF990060F7055F3D
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe --a---- 625664 bytes [02:21 21/01/2008] [02:21 21/01/2008] 5B92133D3E7FB2644677686305E29E81
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18444_none_2f3ac9191a1b4a85\iexplore.exe --a---- 634648 bytes [01:28 27/04/2010] [16:30 09/03/2010] 74E60C93D1C9A40354D839776CCF53DF
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22653_none_2fb897943341ea10\iexplore.exe --a---- 634648 bytes [01:28 27/04/2010] [16:40 11/03/2010] 67C769016A79E6FC65D1755E5D6ADAB3
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe --a---- 636080 bytes [04:00 27/04/2010] [04:27 11/04/2009] 2C5168C856455CC43C4B4E1CC1920001
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe --a---- 638816 bytes [04:43 27/04/2010] [21:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe --a---- 638232 bytes [04:44 27/04/2010] [06:39 23/02/2010] 9F52FBE99C749E3F32C75124F09F1B03
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe --a---- 638232 bytes [02:48 21/06/2010] [06:00 04/05/2010] 5C9B1062EA7A44E8F6BFDE994B68C7AA
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe --a---- 638232 bytes [00:34 11/08/2010] [06:06 26/06/2010] 7420BE0E7D3D1320054F7ACA0594953D
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe --a---- 638232 bytes [02:11 13/10/2010] [06:02 08/09/2010] D5A730DFDEAE005373E62BC2A866E3BB
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe --a---- 638232 bytes [03:54 16/12/2010] [06:03 02/11/2010] 5AB037B17F8A87D052F5A88E0D29A3C8
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe --a---- 638232 bytes [04:44 27/04/2010] [15:06 23/02/2010] 25DB705A7DC85C208B3CF2D20F118AA7
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe --a---- 638232 bytes [02:48 21/06/2010] [06:32 04/05/2010] 48A6109E8DF0365195298CC527B7426A
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe --a---- 638232 bytes [00:34 11/08/2010] [06:52 26/06/2010] F05B3A2C6CB319DD1377AD566CF5ECE5
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe --a---- 638232 bytes [02:11 13/10/2010] [06:26 08/09/2010] 4A719476A6393B1DCACFEB4F3AC6599C
C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe --a---- 638232 bytes [03:54 16/12/2010] [07:13 02/11/2010] 92A17B0A89D14815AACC62CD190B6CE3

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users