Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

vista security 2011


  • This topic is locked This topic is locked
38 replies to this topic

#1 M Moore

M Moore

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 March 2011 - 08:25 AM

I have been infected by Vista security 2011 and have unsuccessfully been trying to follow removal instructions from your malware removal guides as even in safe mode am unable to run programs required.

Symptoms:
- frequent fake virus detected messages, the scan window as shown in your removal guide.

What I have tried (in safe mode):
- ending process pcv whenever appears
- running glary utilities - won't let me run it (thought might be able to turn off 1 or more programs from startup options)
- getting into regedit - won't let me run it
- running dds - do have logs of problem
- running rkill - won't let me run any version of it (including when I manually rename them)
- manually deleted file: c:\windows\system32\null0.286252060812866.exe (was confident this file was somehow involved in this infection but no effect when deleted)
- manually deleted file: c:\windows\system32\config\systemprofile\appdata\local\gdipfontcachev1

Other things noticed:
- dds indicates following file association (which I know should be removed but haven't as didn't know if I could just remove the file association using vista command line approach without impacting how executables would run in general)
c:\windows\system32\config\systemprofile\appdata\local\pcv.exe -a "%1" %*
Note: I looked at this location to try and delete the program being referenced but couldn't find it - directory did have the gdipfontcachev1 I reference as deleting above with same time stamp as previous file I deleted so I deleted this file as well
- dds also indicates may have TDL4 rootkit infection

Computer details:
- windows vista home premium
- service pack 2
- 32 bit
- raid 0 (only mention as possible rootkit detection messages from dds mention storage and disk )

Any help is appreciated.

Mike

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:45 AM

Posted 27 March 2011 - 10:07 AM

See if you're able to run this tool:

Please download exe_fix and save it to your Desktop.
Double click on exe_fix.com to run it.
Type the number 1 at the prompt and allow the tool to run.

Now try and run RKill and see if it lets you run it.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 M Moore

M Moore
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 March 2011 - 10:29 AM

Won't let me run it...

result is dialog box with "c:\users\mike\appdata\local\temp\rarsfx1\exe_fix.bat" in title and message
"windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item"..

I renamed file to zzz.com and received same message (including the reference to the old file name in the dialog title).

(that is essentially the same message I get when I try and run rkill.)

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:45 AM

Posted 27 March 2011 - 10:35 AM

Can you post the DDS log for me to review? I seemed to have overlooked the fact that you were able to get a log from that.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 M Moore

M Moore
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 March 2011 - 10:40 AM

.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by Mike at 8:41:12.39 on 27/03/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3325.2450 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Taskmgr.exe
J:\play\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cm.my.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CmjBrowserHelperObject Object: {07a11d74-9d25-4fea-a833-8b0d76a5577a} - c:\program files\mindjet\mindmanager 7\Mm7InternetExplorer.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search 2\toolbar\ToolbarContainer101000318.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search 2\toolbar\ToolbarContainer101000318.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DeskbandIntegration303000026.dll
uRun: [Copernic Desktop Search - Home] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [OUU6KC5WPX] c:\users\mike\appdata\local\temp\Zjx.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Profiler] c:\program files\saitek\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\software\SaiMfd.exe
mRun: [Launch LgDevAgt] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - c:\program files\mindjet\mindmanager 7\Mm7InternetExplorer.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE}
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://otter1.vanaqua.org/activex/AxisCamControl.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
.
============= SERVICES / DRIVERS ===============
.
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2008-6-28 98536]
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [2008-6-28 308840]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [2008-6-28 268008]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [2008-6-28 511592]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2008-6-28 135400]
S0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [2008-6-28 297320]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-16 165456]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 67656]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-4 176128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-16 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-16 50256]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-28 20376]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
S2 gupdate1c9860175488406;Google Update Service (gupdate1c9860175488406);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-6-8 2560]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-12-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-12-14 166384]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-4 6789120]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-4 235520]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-15 40384]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-4-29 1034496]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\drivers\LGPBTDD.sys [2008-10-15 23432]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2008-6-28 362600]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-4-29 141376]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-4-29 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-4-29 235616]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [2008-7-12 39704]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-4-28 31616]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-12-14 1112560]
S3 SaiH0762;SaiH0762;c:\windows\system32\drivers\SaiH0762.sys [2011-3-8 192000]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
exefile="c:\windows\system32\config\systemprofile\appdata\local\pcv.exe" -a "%1" %*
.
=============== Created Last 30 ================
.
2011-03-25 11:30:29 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0b3c5388-3105-4051-b2ca-e55fb30fe65c}\mpengine.dll
2011-03-24 11:11:13 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-24 11:11:12 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-24 11:11:12 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-19 22:07:48 -------- d-----w- c:\program files\RetireWare
2011-03-19 18:28:48 -------- d-sh--w- c:\windows\ftpcache
2011-03-17 19:37:17 -------- d-----w- c:\users\mike\appdata\local\Chromium
2011-03-17 16:24:42 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-03-17 16:24:42 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-03-17 16:24:42 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-03-17 16:24:42 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-03-09 01:12:59 35072 ----a-w- c:\windows\system32\drivers\SaiBus.sys
2011-03-09 01:12:59 13824 ----a-w- c:\windows\system32\drivers\SaiMini.sys
2011-03-09 01:12:32 57344 ----a-w- c:\windows\system32\SAIGON.dll
2011-03-09 01:12:32 45056 ----a-w- c:\windows\system32\SAIKICK.dll
2011-03-09 01:12:32 155648 ----a-w- c:\windows\system32\nY.exe
2011-03-09 01:12:28 -------- d-----w- c:\program files\Saitek
2011-03-09 01:07:55 921600 ----a-w- c:\windows\system32\SaiC0762.Dll
2011-03-09 01:07:55 8192 ----a-w- c:\windows\system32\SaiC0762_0C.dll
2011-03-09 01:07:55 7680 ----a-w- c:\windows\system32\SaiC0762_10.dll
2011-03-09 01:07:55 7680 ----a-w- c:\windows\system32\SaiC0762_0A.dll
2011-03-09 01:07:55 7680 ----a-w- c:\windows\system32\SaiC0762_07.dll
2011-03-09 01:07:55 7168 ----a-w- c:\windows\system32\SaiC0762_09.dll
2011-03-09 01:07:55 7168 ----a-w- c:\windows\system32\SaiC0762_0402.dll
2011-03-09 01:07:55 5120 ----a-w- c:\windows\system32\SaiC0762_11.dll
2011-03-09 01:07:55 192000 ----a-w- c:\windows\system32\drivers\SaiH0762.sys
2011-03-08 23:51:29 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 23:51:29 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 23:51:29 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 23:51:29 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-08 23:51:26 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 23:51:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 23:35:54 -------- d-----w- c:\users\mike\{bd92fa70-5205-4b45-a48d-33b72ab6d868}
2011-02-25 14:31:35 -------- d-----w- c:\program files\Evernote
.
==================== Find3M ====================
.
2011-03-27 12:27:18 2585 --sha-w- c:\windows\system32\mmf.sys
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:03:34 17043968 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-05 03:02:40 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-05 03:02:28 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-05 02:58:42 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-05 02:58:02 397312 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-05 02:57:32 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-05 02:56:20 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-05 02:56:02 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-05 02:55:50 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-05 02:55:44 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-05 02:55:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-05 02:52:20 4101632 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-05 02:33:28 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-05 02:33:20 4162048 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-05 02:33:16 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-05 02:32:34 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-05 02:31:52 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-05 02:28:06 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-05 02:25:04 3461120 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-05 02:20:08 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-05 02:19:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-05 02:19:44 27648 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-05 02:18:46 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-05 02:18:26 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-05 02:17:40 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-01-05 02:11:00 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-05 02:11:00 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x871CA439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x871d07d0]; MOV EAX, [0x871d084c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E44912] -> \Device\Harddisk0\DR0[0x8719A6E8]
3 CLASSPNP[0x8BFA88B3] -> ntkrnlpa!IofCallDriver[0x82E44912] -> [0x87AB42C8]
\Driver\iaStor[0x8719D9E0] -> IRP_MJ_CREATE -> 0x871CA439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskARRAY1.0.00__#4&276286f9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 1953535998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 8:43:07.72 ===============

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:45 AM

Posted 27 March 2011 - 10:48 AM

This thread will be moved to the Malware forum shortly.

Did you attempt to run the tool I linked you to in Safe Mode?

Edited by elise025, 27 March 2011 - 10:57 AM.
moved as requested ~Elise

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 M Moore

M Moore
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 March 2011 - 10:49 AM

yes - all in post (including dds log) was run in safe mode.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:45 AM

Posted 27 March 2011 - 10:59 AM

Okay, I'd like to try and have you run another tool for me:


Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    :Services
    :Reg
    :Files
    c:\users\mike\appdata\local\temp\Zjx.exe
    c:\windows\system32\nY.exe
    c:\windows\system32\config\systemprofile\appdata\local\pcv.exe
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [createrestorepoint]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 M Moore

M Moore
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 March 2011 - 11:44 AM

During OTM Script step was unable to produce a log...
computer hung after pressing Move it button... appeared to take action based on notes in right hand window but had to reboot machine (wasn't asked but computer was hung).

Unable to find log on disk - however there is an "_OTM" directory with following files:
_OTM\movedfiles\03272011_121230\c_users\mike\appdata\local\temp\zjx.exe
_OTM\movedfiles\03272011_121230\c_windows\system32\config\systemprofile\appdata\local\pcv.xe
_OTM\movedfiles\03272011_121230\c_windows\system32\ny.exe

Wasn't sure if I should proceed to second step, trying rerunning OTM, etc...

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:45 AM

Posted 27 March 2011 - 11:50 AM

Yes, you can proceed with the next step. You will be downloading and running OTL now.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 M Moore

M Moore
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 March 2011 - 12:07 PM

***** OTL.txt Start *****

OTL logfile created on: 27/03/2011 12:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mike\Desktop\playing
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 916.46 Gb Total Space | 413.23 Gb Free Space | 45.09% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.43 Gb Free Space | 29.54% Space Free | Partition Type: NTFS
Drive J: | 30.98 Mb Total Space | 18.62 Mb Free Space | 60.11% Space Free | Partition Type: FAT

Computer Name: MMOOREXPS2008 | User Name: Mike | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/27 12:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\playing\OTL.scr
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 03:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (SafeList) ==========

MOD - [2011/03/27 12:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\playing\OTL.scr
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/01/20 22:12:22 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/01/15 11:22:10 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/04 22:57:32 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/09/20 20:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/06 18:24:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Stopped] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/11/18 17:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/28 19:46:32 | 000,275,944 | ---- | M] (XIMETA, Inc.) [Auto | Stopped] -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc)
SRV - [2008/06/08 10:24:18 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2008/04/28 17:05:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/12/14 14:25:22 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/12/14 14:25:20 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/12/14 14:25:12 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/12 04:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV - [2011/01/04 23:36:10 | 006,789,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2011/01/04 23:36:10 | 006,789,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/04 22:19:18 | 000,235,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 08:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/11/08 17:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/07/03 09:00:48 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/03 09:00:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/07/03 09:00:48 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 05:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/02/26 21:33:20 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/11/12 17:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/12 10:59:19 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/09/12 10:59:18 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/10/15 19:30:34 | 000,023,432 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV - [2008/06/28 19:47:28 | 000,511,592 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ndasrofs.sys -- (ndasrofs)
DRV - [2008/06/28 19:47:06 | 000,268,008 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\ndasfat.sys -- (ndasfat)
DRV - [2008/06/28 19:46:56 | 000,308,840 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\ndasfs.sys -- (ndasfs)
DRV - [2008/06/28 19:46:54 | 000,297,320 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Stopped] -- C:\Windows\system32\DRIVERS\lfsfilt.sys -- (lfsfilt)
DRV - [2008/06/28 19:46:00 | 000,362,600 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndasscsi.sys -- (ndasscsi)
DRV - [2008/06/28 19:45:58 | 000,135,400 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndasbus.sys -- (ndasbus)
DRV - [2008/06/28 19:45:56 | 000,098,536 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lpx.sys -- (lpx)
DRV - [2008/03/13 09:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 09:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008/01/24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008/01/24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008/01/24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/11/20 03:18:48 | 001,034,496 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/09/12 04:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/09/12 04:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/22 01:39:20 | 000,235,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/08/22 01:39:18 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/08/22 01:39:04 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/01/24 16:27:54 | 000,039,704 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/09/28 05:57:42 | 000,035,072 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2006/09/28 05:57:38 | 000,013,824 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006/09/13 07:31:50 | 000,192,000 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0762.sys -- (SaiH0762)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.1

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/23 16:57:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/26 18:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/03/26 18:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/17 09:42:21 | 000,000,000 | ---D | M] (ReminderFox) -- C:\USERS\MIKE\APPDATA\ROAMING\THUNDERBIRD\PROFILES\7M7W4464.DEFAULT\EXTENSIONS\{ADA4B710-8346-4B82-8199-5DE2B400A6AE}

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000318.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 studios)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000..\Run: [Copernic Desktop Search - Home] C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe (Copernic Inc.)
O4 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000..\Run: [OUU6KC5WPX] File not found
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\..Trusted Domains: //@surf.mar@/ ([]money in Computer)
O15 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\..Trusted Domains: localhost ([]* in Computer)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://otter1.vanaqua.org/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://costco.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mike\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3b1afbde-7460-11de-b3ca-001ec937c441}\Shell - "" = AutoRun
O33 - MountPoints2\{3b1afbde-7460-11de-b3ca-001ec937c441}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Win-Azure.pdf
O33 - MountPoints2\{80a9f6bb-a9c4-11de-aeda-001ec937c441}\Shell\AutoRun\command - "" = K:\WDSetup.exe
O33 - MountPoints2\{d77ca8a9-efba-11de-a2b9-001ec937c441}\Shell\AutoRun\command - "" = K:\WDSetup.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Win-Azure.pdf
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
O35 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
O37 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 12:12:30 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/27 11:23:49 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/03/27 07:27:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\playing
[2011/03/24 07:11:13 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/24 07:11:12 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/19 18:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RetireWare
[2011/03/19 18:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\RetireWare
[2011/03/19 14:28:48 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/03/17 15:37:17 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Chromium
[2011/03/17 12:24:42 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/03/17 12:24:42 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/03/17 12:24:42 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/03/17 12:24:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/03/09 08:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/03/09 08:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011/03/08 21:12:59 | 000,035,072 | ---- | C] (Saitek) -- C:\Windows\System32\drivers\SaiBus.sys
[2011/03/08 21:12:59 | 000,013,824 | ---- | C] (Saitek) -- C:\Windows\System32\drivers\SaiMini.sys
[2011/03/08 21:12:32 | 000,057,344 | ---- | C] (Saitek) -- C:\Windows\System32\SAIGON.dll
[2011/03/08 21:12:32 | 000,045,056 | ---- | C] (Saitek) -- C:\Windows\System32\SAIKICK.dll
[2011/03/08 21:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saitek Programming Software
[2011/03/08 21:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Saitek
[2011/03/08 21:07:55 | 000,192,000 | ---- | C] (Saitek) -- C:\Windows\System32\drivers\SaiH0762.sys
[2011/03/08 19:51:29 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/08 19:51:29 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/08 19:51:29 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/08 19:51:29 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/08 19:35:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\{bd92fa70-5205-4b45-a48d-33b72ab6d868}
[2011/03/06 15:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YUPLAY
[2011/02/28 19:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/08/19 20:51:37 | 000,110,592 | ---- | C] (CyberLink Corp.) -- C:\Users\Mike\AppData\Local\ievcphs.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/27 12:19:42 | 000,667,836 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/27 12:19:42 | 000,131,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/27 12:15:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/27 11:28:52 | 000,009,584 | -HS- | M] () -- C:\Users\Mike\AppData\Local\67pex0qx72j4457dedm64k15jant06w7246xw12h87
[2011/03/27 11:28:52 | 000,009,584 | -HS- | M] () -- C:\ProgramData\67pex0qx72j4457dedm64k15jant06w7246xw12h87
[2011/03/27 09:16:12 | 000,001,356 | ---- | M] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2011/03/27 08:27:18 | 000,002,585 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2011/03/27 08:27:09 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/03/27 08:27:08 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/27 08:27:08 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/27 08:27:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/27 08:27:06 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/03/27 07:33:48 | 206,836,046 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/27 06:42:23 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/03/26 23:13:34 | 000,009,674 | -HS- | M] () -- C:\ProgramData\2171697913
[2011/03/26 23:06:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/26 21:04:31 | 000,000,234 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/19 18:07:50 | 000,001,631 | ---- | M] () -- C:\Users\Public\Desktop\RetireWare.lnk
[2011/03/17 08:13:10 | 000,000,215 | ---- | M] () -- C:\Users\Mike\Desktop\Total War SHOGUN 2.url
[2011/03/16 20:29:00 | 000,060,928 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/08 21:12:32 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Saitek SST Programming Software.lnk
[2011/03/08 21:11:34 | 000,004,704 | ---- | M] () -- C:\Windows\System32\SaiC0762-AD2CCA21-552D-48AD-AC6E-AB3D0FAC8A44.pr0
[2011/03/08 19:58:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/26 23:12:55 | 000,009,674 | -HS- | C] () -- C:\ProgramData\2171697913
[2011/03/26 23:12:55 | 000,009,584 | -HS- | C] () -- C:\Users\Mike\AppData\Local\67pex0qx72j4457dedm64k15jant06w7246xw12h87
[2011/03/26 21:18:46 | 000,009,584 | -HS- | C] () -- C:\ProgramData\67pex0qx72j4457dedm64k15jant06w7246xw12h87
[2011/03/26 21:04:31 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/03/26 21:04:30 | 000,000,234 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/19 18:07:50 | 000,001,631 | ---- | C] () -- C:\Users\Public\Desktop\RetireWare.lnk
[2011/03/17 08:13:10 | 000,000,215 | ---- | C] () -- C:\Users\Mike\Desktop\Total War SHOGUN 2.url
[2011/03/08 21:12:32 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Saitek SST Programming Software.lnk
[2011/03/08 21:11:32 | 000,004,704 | ---- | C] () -- C:\Windows\System32\SaiC0762-AD2CCA21-552D-48AD-AC6E-AB3D0FAC8A44.pr0
[2011/03/08 21:07:55 | 000,921,600 | ---- | C] () -- C:\Windows\System32\SaiC0762.Dll
[2011/03/08 21:07:55 | 000,018,342 | ---- | C] () -- C:\Windows\System32\SaiD0762.pr0
[2011/03/08 21:07:55 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0762_0C.dll
[2011/03/08 21:07:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0762_10.dll
[2011/03/08 21:07:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0762_0A.dll
[2011/03/08 21:07:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0762_07.dll
[2011/03/08 21:07:55 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0762_09.dll
[2011/03/08 21:07:55 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0762_0402.dll
[2011/03/08 21:07:55 | 000,005,120 | ---- | C] () -- C:\Windows\System32\SaiC0762_11.dll
[2011/03/08 21:07:55 | 000,000,306 | ---- | C] () -- C:\Windows\System32\SaiC0762.pr0
[2011/03/08 19:58:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf
[2011/02/12 17:19:54 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/12/15 15:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/10/27 18:13:58 | 000,226,857 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/03 07:10:08 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/30 19:10:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/30 17:59:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/06 21:14:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/02/21 00:40:08 | 000,001,356 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2009/12/28 13:13:29 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/12/17 21:09:45 | 000,000,116 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/21 19:58:16 | 000,000,188 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/10/31 16:16:05 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/10/31 16:16:05 | 000,022,328 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\PnkBstrK.sys
[2009/10/31 16:15:46 | 000,674,600 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/31 16:15:46 | 000,215,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/10/31 16:15:46 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/10/18 14:34:43 | 000,000,092 | ---- | C] () -- C:\Users\Mike\AppData\Local\fusioncache.dat
[2009/09/12 10:59:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/09/12 10:59:18 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/08/19 20:51:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/19 20:51:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/16 07:51:47 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/07 22:25:04 | 000,000,000 | ---- | C] () -- C:\Users\Mike\AppData\Local\rx_image32.Cache
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/30 16:24:55 | 000,116,841 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/02/18 10:34:30 | 000,003,102 | ---- | C] () -- C:\Windows\Gs.ini
[2008/10/14 07:05:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/10 18:20:13 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/10/10 18:20:13 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/09/13 20:06:24 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/06/08 20:35:28 | 000,002,585 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2008/06/08 10:24:18 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2008/06/08 10:24:18 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2008/05/16 14:35:55 | 000,129,900 | ---- | C] () -- C:\Windows\hppins21.dat
[2008/05/04 12:02:48 | 000,000,191 | ---- | C] () -- C:\Windows\WinHelp.ini
[2008/05/02 17:30:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/05/02 09:22:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/01 17:06:56 | 000,060,928 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/29 00:20:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2008/04/29 00:20:15 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/04/28 16:48:38 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/04/28 16:40:44 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/04/28 16:39:54 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2007/03/13 07:05:14 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,351,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,667,836 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,131,708 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >


***** OTL.txt End *****

***** Extras.txt Start *****

OTL Extras logfile created on: 27/03/2011 12:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mike\Desktop\playing
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 916.46 Gb Total Space | 413.23 Gb Free Space | 45.09% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.43 Gb Free Space | 29.54% Space Free | Partition Type: NTFS
Drive J: | 30.98 Mb Total Space | 18.62 Mb Free Space | 60.11% Space Free | Partition Type: FAT

Computer Name: MMOOREXPS2008 | User Name: Mike | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-1588603938-2877137775-2201771921-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A56ADE-BC42-4C04-B6C3-CC8DC076408F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{03AC8E9D-845F-4E5D-92CE-A0C86D851BA4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{05A44FD1-4559-41CD-A990-52658E723698}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{0763A1F3-29F6-4226-93AE-965ECC9E865F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{0885ADB0-BC8F-45A2-8FB7-1B839E85F7A2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0C56B07A-B89E-425F-9A14-83A78147A8B0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0FB47FAB-0941-4B55-9B86-E5976B472302}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{10BB4A61-F117-4645-B116-ED658F46A02C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11C20A57-6543-431E-8C0E-7593CF8BC6DA}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{19629820-224E-43DD-9BDF-2EFE6C75F9FC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{19CD9E4B-8848-4C66-863A-3E329A5F4700}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{19D4C4D8-30F6-4DA9-85C8-C79018282CD7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1DB7C936-B656-4D65-B37B-D55BABC263C5}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe |
"{225595B8-4EF1-420C-BFCD-9A5941D35EE4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{22ADAD59-515C-4B10-B411-9015DBDE8D7C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{2409C05E-BCCB-4347-9846-B5F188EFA161}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{2755AFBF-8F16-4802-9594-D8877003D444}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\world in conflict\wic.exe |
"{27CCA7AE-7C46-48CD-A7EE-63BFEC032BFA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{2835BB40-72A0-4ED1-A108-D68B77EFC80B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5 tribes of the east\bin\h5_game.exe |
"{2929AC3C-B2DC-49BC-A199-4722E7AA7993}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{2B309FE7-0C0A-4724-B280-0F0EF5BD5F4A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\wings of prey\launcher.exe |
"{2B4288DF-96AF-4092-9899-8851C7BE48D6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\europa universalis rome\romegame.exe |
"{2E3C0C00-C52A-43BA-BA56-6533D59BF45D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\europa universalis rome\romegame.exe |
"{2E7FC4BD-4BCA-4187-8C55-DD28EB69972D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{2F8027E7-0AEA-4D65-B732-9B0F3E273095}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3374783C-EA2C-4801-A660-A1ED579005F1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of discovery\anno4.exe |
"{35DAA726-0BB0-482A-8C5E-C9DC91530181}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\help.htm |
"{37C3B2BE-BEEF-4A19-BC2D-B56E0E0BF105}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\wings of prey\launcher.exe |
"{3BBDDAAD-A2C2-425C-B942-46E55209E012}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{3ECD541E-CC0C-4C98-B42D-3382702015D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4016A66E-E7A4-492D-BF30-5D3C4BDE6E60}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{40999F99-F05A-49B9-8E92-D21A83A41653}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5 tribes of the east\bin\h5_mapeditor.exe |
"{44564941-5DB4-413A-9DF4-BB7456FEF504}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{478400CF-C387-4560-B380-276EAFBA7867}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{47EDFD73-00D6-4281-B767-B4CAFC4AFB9A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\world in conflict\wic.exe |
"{4A3DD880-95D8-4BA9-86C2-9D6A57B7DE9A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4A7599EC-F02E-4FB0-A88B-F7662548CD97}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"{4ED904C9-B59B-41F3-8114-422C3018A8DB}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{50223BD6-09EE-4A71-94F9-C3E4EE362C14}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{5406F1F3-83EA-4ED1-96D5-90BA38D18069}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{59B895B5-0DBB-4F79-A328-78BA37D2ABBF}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"{5D0AE549-A604-4FE1-88F7-4316F61FD505}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{5D44C9FF-BFBA-4E71-8B5E-88497BFE3441}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{614EFF9D-15E7-49BD-84D1-CFBB9842DDA7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of discovery\anno4.exe |
"{62070056-AECA-415A-913D-F563621B52DC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{62103DFA-AA54-4BE1-B45F-14C1A1D67C1D}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{622D0BB0-7D5C-44FA-9EC2-02F62285A9EA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{6243CE7B-E53F-4E0F-86CD-C5934F5A6965}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{71572423-52B5-480E-B4EF-BA3FAD4E222D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{76674C77-9B62-4DB3-9854-C6E54D0EDB1A}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{7BD2580B-961D-482B-8165-8971DA402EA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C55C613-BEBE-4ECE-BD8A-804B5A6F6EB1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5\bina1\testapp.exe |
"{7DFB6F1B-BDB4-4B04-B045-3D8D6826E4F2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{7F2DA8BD-ABA8-4F47-A041-BDCDF30800D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{80DCD81E-2447-468E-A035-0E0546CA025A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{85C99B3D-60EA-4D3F-8FED-D8B360CE4805}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{8BCFBAD5-2719-472B-904A-C54CD4D99BD3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{935B5812-ED29-4FB4-9AC5-221551DA30E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arsenal of democracy\aodgame.exe |
"{99A091FB-70DC-4A2C-9596-AC5F1D6F15EE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\defense grid demo\defensegriddemo.exe |
"{9D44BF3E-963A-4CCC-BB62-A2D106AEC97A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5\bina1\testapp.exe |
"{9FE6E986-6520-4F98-A66F-9216534812C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A44A7D32-6C4B-4D64-A84A-A814678116DA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{A621F161-D00E-4F57-B0CD-788A5D091B20}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\europa universalis rome\romegame.exe |
"{AA3E029A-11D5-4C1A-A23C-16B5D3287EFA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5 tribes of the east\bin\h5_game.exe |
"{AAE06EA1-7FCC-4EE8-B1AC-71424B0FE55B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{AD398C29-87E4-4A7B-BDEC-D216D0B7DDA0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{B5E127D2-9AB2-425D-8E85-1C1283835BA8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5\bin\h5_game.exe |
"{B77AC9E4-EF65-4B2D-8B48-9D6E98B87147}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{B8E4AA09-D968-47D1-8DA1-09967ABCD922}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{BA03F62E-7570-4187-9229-C527E95FDC49}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF02E313-3D44-494C-B5CB-A771A6243BFC}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{BF165092-987B-4572-8F64-63AF15C7DA23}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{C5F87166-1700-4945-B922-25F16F227BAC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\defense grid demo\defensegriddemo.exe |
"{C8EDF919-1FC9-477E-8076-D1DBB79459FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{C9A09FC1-3BB1-4ECC-829C-0199598EC4A7}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{CB9C313E-89E2-4A55-8D13-04F4A175DADA}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{CF4CC4B2-C772-4C98-9B86-C8A4BE15DCAB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{CFCA9FE6-BC4D-4C9E-9ED5-319C60BC1C1B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{D118FD7E-01F9-4FA1-9BA4-1E1F9C5F48E4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{D14DEC2C-A289-4333-96F0-72BE47818E6D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5 tribes of the east\bin\h5_mapeditor.exe |
"{D6AD5EC8-8338-4BC2-9065-F5F0FF14EB5A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tropico 3\tropico3.exe |
"{D777B673-FEE8-462C-8ED4-9189DD3EABDF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{D7DDADA1-6844-4D34-8A22-356C33F05768}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tropico 3\tropico3.exe |
"{D9F36606-507D-4989-B040-679E75625B8A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{DBA53849-1010-4DA7-A946-57EC28C80D1F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5\bin\h5_game.exe |
"{DE32F3A3-EEDC-4F8A-BCCE-611C636B0213}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{DFACBBA5-D709-4581-B7B1-628A8BA22C52}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe |
"{DFCFB04B-F759-4CE8-AC5E-4791FF4B005C}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{DFF7D2FF-EFB4-4AE3-BC49-AD7E69636176}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\europa universalis rome\romegame.exe |
"{E0638FDD-3E74-4C59-8FDE-7B6E953CE812}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{E0943FC4-8E8E-4359-96B7-C5E77DCC93E1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arsenal of democracy\aodgame.exe |
"{E5CDDE2A-A9C8-47EE-9556-7D109CA3B557}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\help.htm |
"{E66DD4C8-6362-496C-A719-65E7A25F3947}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{E7CC759D-13FF-4DF5-83FE-6AF8E3A9E184}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC37D414-ADDF-411D-8721-CAD45641E195}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\reliccoh.exe |
"{EF83A15D-4003-493B-8D56-E50932B423C6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{F174A08B-A5FF-4929-B0F1-4892E55EFB08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1DBF652-F51F-4120-A469-82F348FC25C0}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{F39C12BD-AAFA-4135-8317-966E6B21151C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\hearts of iron 3\hoi3game.exe |
"TCP Query User{0AB3CED7-261C-4DB4-9BFC-ECE867F4C524}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{2484BBF4-A239-4098-9E3F-1D72429164C7}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{291A5B51-D422-4B2F-9F99-EE698CA2B6DD}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{32C07B70-3562-44B6-81AC-223598B40A6C}C:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"TCP Query User{3B9A1DE5-51A9-430A-A232-B9894AA97B37}C:\matrix games\storm over the pacific\update.exe" = protocol=6 | dir=in | app=c:\matrix games\storm over the pacific\update.exe |
"TCP Query User{43D1B658-C37B-40BD-A22B-45A3D94C31CE}C:\program files\steam\steamapps\common\wings of prey\acess.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\wings of prey\acess.exe |
"TCP Query User{4AB3E680-AADB-4C54-BF6B-EFD63B6AF4AF}C:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"TCP Query User{4C7A3E47-5F9F-4253-BEBC-EF6682B0BC42}C:\matrix games\decisive campaigns the blitzkrieg from warsaw to paris\update.exe" = protocol=6 | dir=in | app=c:\matrix games\decisive campaigns the blitzkrieg from warsaw to paris\update.exe |
"TCP Query User{6C6CC210-7971-4B42-AF63-C38FFADBDFB0}C:\matrix games\distant worlds\update.exe" = protocol=6 | dir=in | app=c:\matrix games\distant worlds\update.exe |
"TCP Query User{6D3C03AE-4EE2-42AD-A580-D91DD55800E0}C:\matrix games\gary grigsby's war in the east\update.exe" = protocol=6 | dir=in | app=c:\matrix games\gary grigsby's war in the east\update.exe |
"TCP Query User{6D8E232F-3BD9-476C-82D1-60D17D4B5744}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{8BB45940-36C5-4100-885D-7C33383682B3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{97A5E23F-3D43-45F7-AD50-FC59D97E49C2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9B069A6A-13BB-4C2F-A7E4-B5823E867CEA}C:\program files\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\altitude\altitude.exe |
"TCP Query User{C23293DF-51B7-4EAC-B4AA-E4CC85DACF45}C:\program files\steam\steamapps\common\dawn of discovery\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of discovery\tools\anno4web.exe |
"TCP Query User{C52A53EF-0EF1-4C89-9E63-E21DA19E7FC0}C:\program files\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\wings of prey demo\acess.exe |
"TCP Query User{C547FFB9-0766-46B6-8784-4711C1BCE93E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D41AD41C-4A45-4D91-BE2F-4E8FB7980F2D}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{F8929B0B-6DEA-46C3-B142-6B4880A98E2A}C:\matrix games\ww2 time of wrath\update.exe" = protocol=6 | dir=in | app=c:\matrix games\ww2 time of wrath\update.exe |
"TCP Query User{F9647243-58CD-44F0-AAAC-FBF171F85E02}C:\program files\steam\steamapps\common\world in conflict\wic.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\world in conflict\wic.exe |
"TCP Query User{FA36CCC6-08D9-42EE-ABCF-985887F58733}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{01944DB7-8B2F-45AA-83FE-EAEDE2BD8370}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{25F4ED57-58B5-44D5-8FB0-7F171273CE5A}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{27FCD405-9A06-4C21-B450-7563AA9DC2FE}C:\program files\steam\steamapps\common\world in conflict\wic.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\world in conflict\wic.exe |
"UDP Query User{38752399-BA71-48B6-8796-7ACDB94A88C7}C:\program files\steam\steamapps\common\wings of prey demo\acess.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\wings of prey demo\acess.exe |
"UDP Query User{4C1D2982-D357-4106-B25B-BAC0C9279531}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{50FA7285-0FEF-4BC1-BE50-93058FA93E43}C:\matrix games\storm over the pacific\update.exe" = protocol=17 | dir=in | app=c:\matrix games\storm over the pacific\update.exe |
"UDP Query User{761F3098-B2D9-4D18-8155-1F550BCF199D}C:\program files\steam\steamapps\common\dawn of discovery\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of discovery\tools\anno4web.exe |
"UDP Query User{85057F71-5194-4F51-BC40-BC670DB545D7}C:\matrix games\ww2 time of wrath\update.exe" = protocol=17 | dir=in | app=c:\matrix games\ww2 time of wrath\update.exe |
"UDP Query User{888D1F9C-7511-4350-A81E-4C4C5156DF51}C:\matrix games\gary grigsby's war in the east\update.exe" = protocol=17 | dir=in | app=c:\matrix games\gary grigsby's war in the east\update.exe |
"UDP Query User{89ED0397-7AC6-44B6-BD87-AAD23F2E7AEE}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8D2451BF-B9D7-4EF0-A55F-792D7E5BCC6A}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{93EACDAD-F8E4-4AEB-96CD-687F68A1A3BD}C:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{96B78DF1-5B82-4A28-854D-4E8B4AC2C172}C:\program files\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\altitude\altitude.exe |
"UDP Query User{988C14B2-C5E2-4F6A-9737-4942A60C091C}C:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"UDP Query User{AE776B19-4111-40CD-8DE8-3D95DF55DB26}C:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"UDP Query User{BE6E3DE2-0AA0-41A3-A4DA-032A17DDF5E8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D0B8114F-7209-48D2-B489-9D309E931BD1}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"UDP Query User{EA70370D-F147-4983-B2EF-187E0C8DCB1C}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{EFC9B0D3-C4DF-47F4-B0EE-CA8482327024}C:\matrix games\distant worlds\update.exe" = protocol=17 | dir=in | app=c:\matrix games\distant worlds\update.exe |
"UDP Query User{F2D3BC11-C3BB-4001-896D-BB9D4A50E1E4}C:\program files\steam\steamapps\common\wings of prey\acess.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\wings of prey\acess.exe |
"UDP Query User{F8A55CDD-A634-4612-B175-D15CC18447B0}C:\matrix games\decisive campaigns the blitzkrieg from warsaw to paris\update.exe" = protocol=17 | dir=in | app=c:\matrix games\decisive campaigns the blitzkrieg from warsaw to paris\update.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}" = HP Deskjet Printer Driver Software. 8.0.B
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0AAFCFAF-5544-EEAF-189B-C85B138112D1}" = ATI Catalyst Install Manager
"{0CDD5599-836A-4650-8BE7-F33D8D915A0D}" = dj6980
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}" = Neat Mobile Scanner Driver
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1659B0BD-841D-443B-9897-20B9FBE4CED1}" = ViSa Expansion Pack 3
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{243E9065-1DA0-4786-B3BD-B8030277F214}" = Logitech Harmony Remote Software 7
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2DFDCD8B-8D07-460E-9755-D420BD99B4AD}" = HouseLinc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{309C137D-66B4-491B-9D21-F03892DAFD93}" = Nike+ Utility
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32BC62C5-32B9-F838-ADD4-CFEF544C6888}" = ccc-core-static
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{334E2384-DF81-44b6-A2E2-D15B81162929}" = QuickBooks Pro Edition 2007
"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3822F6D9-F309-41f4-BB98-DA061F0BA8B3}" = SF_CDB_Software
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D10E608-A4A3-40AD-B91C-6D963BBD91D5}" = LP6980_Help
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3E9E68FB-49FA-410A-8787-424F2A506E0F}" = Business Plan Pro 15th Anniversary Edition
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4DF9F3D9-243E-4641-8588-99D025F43DF9}" = QuickBooks Pro 2011
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56CD95AF-0131-49F2-B6CE-4021771DB97E}" = HPS Soviet-Afghan War
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F5920A-9897-4830-BD4A-BE85DA9734FF}" = Neat Mobile Scanner 2008 Driver
"{57FEDDC5-376D-44CE-9A18-696A99CF0CFB}" = Ultrasoft MoneyLink
"{58155B30-6BE9-4268-A059-149629149C63}" = Neat ADF Scanner Driver
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5A040A21-FA9D-11D3-B345-0050DAD5EC65}" = HPS Campaign Gettysburg
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6029C599-81E1-4C1C-8BD6-A7298CA88546}" = Mindjet MindManager Pro 7
"{62192BB6-268A-4AE6-A28B-FAD6EDDEB562}" = G-Tones
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6614BB9B-45A0-4A52-AE96-0CF7ADC5712F}" = HPS War Over The Mideast
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}" = Neat Mobile Scanner (Silver) Driver
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{771ABEA0-23AF-8F8E-63FE-168779F294B6}" = CCC Help English
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7BD1EAE4-2E08-4087-8600-44B0ACB0C887}" = NeatWorks Core Files
"{7C573746-C964-44D3-8657-275BF2A5CA0A}" = HPS Stalingrad '42
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}" = Garmin POI Loader
"{82FAFCE1-1618-11D4-B345-0050DAD5EC65}" = HPS Tour Of Duty
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{967FB80D-56BD-42EF-A942-9E8C78F984A4}" = Saitek SST Programming Software
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98786147-80E3-41A5-A80C-1F3C028558CF}" = Hearts of Iron 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5B156B-9A4B-48FB-AA59-47B221495A7B}" = Logitech GamePanel Software 3.01
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0A26FA0-FE91-11D4-B346-0050DAD5EC65}" = HPS Vietnam
"{A21A4591-3608-4664-8CB2-64D02598B93F}" = QuickBooks
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A4A42670-82B9-4A58-8955-20271DBBF29F}" = Neat ADF Scanner 2008 Driver
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABE15BAD-D1F3-4A81-8E2E-7512F8924CC2}" = RetireWare
"{AC015C45-1667-40A4-A126-966EE5629062}" = Quicken 2010
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF094932-91E6-4EF8-8AB8-1C7226DFEECB}" = Hauppauge TV Tuner Driver
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6E35BA6-DFFE-4753-AE1E-DFE08648EB04}_is1" = Diamond 10.2 Win7Vista Installation
"{B80EBD91-86C7-4D14-AEC0-86416A69ABDE}" = War Plan Pacific
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEA583A0-CDB1-11D3-B345-00500417F684}" = HPS The First Blitzkrieg
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{BF4B656F-4D67-4EBF-A523-5DD6BA77A324}" = Piccolo Help
"{C127414C-A625-4E0A-8AC1-F970F9E566A3}" = Adobe Elements Studio Launcher
"{C12A2A3D-0D08-8262-E189-E831A8AC3D37}" = Catalyst Control Center InstallProxy
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C92C89BB-1D11-C8D5-1584-D5259818479A}" = ccc-utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE84C180-E0A7-4B64-A661-4C397E11F03E}" = NDAS Software 3.30.1602-r11613
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D407F7C0-579E-4CCB-91FD-855CE5084E86}" = Microsoft Visual Studio 2005 Standard Edition - ENU
"{D504884F-7965-4066-8CE8-28CD1127324B}" = HPS The Renaissance
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E27ABEAB-2A23-737E-D290-FC42D45FCDA8}" = ATI AVIVO Codecs
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC1399E4-A960-4101-B346-34A2A088633F}" = Theme Builder
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{EDABA4A8-8B7E-488A-A85C-17406C1C62CA}" = LP6980Trb
"{EDBEA1E5-C9FD-11D5-B348-0050DAD5EC65}" = HPS Advance of the Reich
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEE791A8-4AB5-1540-FE9D-70EC70938AD2}" = The Complete National Geographic
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F1A54D01-5DD4-4D80-AA71-DA300081041F}" = HPS War on the Southern Front
"{F47C09DB-746B-2ABA-819B-8FC759034E74}" = Catalyst Control Center Graphics Previews Common
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6BA8EF2-A9F8-45B7-BD59-0A15DA9F7D68}" = Omron Health Management Software
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F789C27E-B3EF-4730-9EB5-928B4D8A17C1}" = SF_CDB_ProductContext
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}" = Microsoft WorldWide Telescope
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.04.804
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Advanced Video FX Engine" = Advanced Video FX Engine
"Age of Mythology 1.0" = Age of Mythology
"Age of Wonders Shadow Magic" = Age of Wonders Shadow Magic
"AGEod's American Civil War_is1" = AACW patch 1.10
"Air Command 3.0 (Demo)" = Air Command 3.0 (Demo)
"AoWSM_UPatch" = AoW...
"avast5" = avast! Free Antivirus
"Battlefront1.00" = Battlefront
"Battles from the Bulge4.0.229" = Battles from the Bulge
"BattlesInItalyv100" = Battles In Italy v1.00
"Birth of America_is1" = Birth of America 1.13d
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"BookSmart® 2.9.5 2.9.5" = BookSmart® 2.9.5 2.9.5
"Burma Campaign" = Burma Campaign
"Carbonite Backup" = Carbonite
"Close Combat - Modern Tactics1.00" = Close Combat - Modern Tactics
"Close Combat The Longest Day5.50" = Close Combat The Longest Day
"Close Combat Wacht am Rhein4.50" = Close Combat Wacht am Rhein
"com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1" = The Complete National Geographic
"Combat Mission Shock Force_is1" = Combat Mission Shock Force
"Conquest Of The Aegean3.0.126" = Conquest Of The Aegean
"Conquest! Medieval Realms1.70" = Conquest! Medieval Realms
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"Creative OEM005" = Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Decisive Campaigns The Blitzkrieg from Warsaw to Paris1.00" = Decisive Campaigns The Blitzkrieg from Warsaw to Paris
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Distant Worlds1.0.2" = Distant Worlds
"Dominions3" = Dominions 3 (remove only)
"Empires in Arms1.00" = Empires in Arms
"Explorer Suite_is1" = Explorer Suite III
"Fall Weiss for Italy" = Fall Weiss for Italy
"Galactic Civilizations II" = Galactic Civilizations II
"GameSpy Arcade" = GameSpy Arcade
"Gary Grigsby's War Between the States1.00" = Gary Grigsby's War Between the States
"Gary Grigsby's War in the East1.00" = Gary Grigsby's War in the East
"Glary Utilities_is1" = Glary Utilities 2.31.0.1098
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"GRBakPro" = GRBackPro: Professional Backup 6.6 FULL V6.6.32
"HandBrake" = HandBrake 0.9.3
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25296)
"Hired Guns1.07.000" = Hired Guns
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"I.I.I. Home Inventory" = I.I.I. Home Inventory 3.08
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Islands Campaign for Italy" = Islands Campaign for Italy
"John Tiller's Campaign Series1.01" = John Tiller's Campaign Series
"Karen's Computer Profiler" = Karen's Computer Profiler
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Standard Edition - ENU" = Microsoft Visual Studio 2005 Standard Edition - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Money2008b" = Microsoft Money Plus
"Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11)
"NeatWorks" = NeatWorks
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"PDF-XChange 3_is1" = PDF-XChange 3
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROSetDX" = Intel® PRO Network Connections 12.1.12.4
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Smugglers IV Demo1.00" = Smugglers IV Demo
"StarCraft II" = StarCraft II
"Stardock Central" = Stardock Central
"Startup Delayer" = Startup Delayer v2.5 (build 138)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10500" = Empire: Total War
"Steam App 15170" = Heroes of Might and Magic 5
"Steam App 15370" = Heroes of Might and Magic 5 - Tribes of the East
"Steam App 15380" = Heroes of Might and Magic 5 - Hammers of Fate
"Steam App 17460" = Mass Effect
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 21760" = World in Conflict
"Steam App 21910" = World in Conflict: Soviet Assault
"Steam App 23420" = Europa Universalis: Rome - Gold Edition
"Steam App 23440" = Europa Universalis: Rome - Vae Victis
"Steam App 23490" = Tropico 3 - Steam Special Edition
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 25890" = Hearts of Iron 3
"Steam App 26810" = Braid Demo
"Steam App 33210" = Dawn of Discovery
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 400" = Portal
"Steam App 41300" = Altitude
"Steam App 42850" = Arsenal of Democracy
"Steam App 45300" = Wings of Prey
"Steam App 4560" = Company of Heroes
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8850" = BioShock 2
"Steam App 8930" = Sid Meier's Civilization V
"Storm over the Pacific1.01" = Storm over the Pacific
"SystemRequirementsLab" = System Requirements Lab
"TAO5 for Italy" = TAO5 for Italy
"The Complete National Geographic 1.59" = The Complete National Geographic
"The Operational Art of War III3.0.0.12" = The Operational Art of War III
"Theatre of War_is1" = Theatre of War
"TrueCrypt" = TrueCrypt
"Ultimate-Coop 1.0_is1" = Ultimate-Coop 1.0
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"WinSPMBT" = WinSPMBT
"WinSPWW2 Ver 1.1B Upgrade" = WinSPWW2 Ver 1.1B Upgrade
"WinSPWW2v1 CD Edition" = WinSPWW2v1 CD Edition
"WinSPWW2v1 DL Edition" = WinSPWW2v1 DL Edition
"WinSPWW2v2 Upgrade" = WinSPWW2v2 Upgrade
"WW2 Time of Wrath1.00" = WW2 Time of Wrath
"yuPlay клиент_is1" = yuPlay client 0.7.18

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 13/05/2010 11:48:24 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

Error - 13/05/2010 11:55:13 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

Error - 13/05/2010 11:55:13 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

Error - 13/05/2010 11:55:13 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

Error - 13/05/2010 11:55:16 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

Error - 13/05/2010 11:55:17 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

Error - 13/05/2010 11:55:18 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

Error - 13/05/2010 11:57:41 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

Error - 13/05/2010 11:57:42 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

Error - 13/05/2010 11:57:43 PM | Computer Name = mmoorexps2008 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 26/03/2011 11:21:36 PM | Computer Name = mmoorexps2008 | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start

Error - 26/03/2011 11:34:51 PM | Computer Name = mmoorexps2008 | Source = EventSystem | ID = 4609
Description =

Error - 27/03/2011 6:45:37 AM | Computer Name = mmoorexps2008 | Source = EventSystem | ID = 4609
Description =

Error - 27/03/2011 7:03:52 AM | Computer Name = mmoorexps2008 | Source = EventSystem | ID = 4609
Description =

Error - 27/03/2011 7:45:16 AM | Computer Name = mmoorexps2008 | Source = EventSystem | ID = 4609
Description =

Error - 27/03/2011 7:57:05 AM | Computer Name = mmoorexps2008 | Source = EventSystem | ID = 4609
Description =

Error - 27/03/2011 8:04:06 AM | Computer Name = mmoorexps2008 | Source = EventSystem | ID = 4609
Description =

Error - 27/03/2011 8:31:35 AM | Computer Name = mmoorexps2008 | Source = EventSystem | ID = 4609
Description =

Error - 27/03/2011 12:13:31 PM | Computer Name = mmoorexps2008 | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 27/03/2011 12:15:53 PM | Computer Name = mmoorexps2008 | Source = EventSystem | ID = 4609
Description =

[ OSession Events ]
Error - 22/05/2008 11:12:56 AM | Computer Name = mmoorexps2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 401
seconds with 240 seconds of active time. This session ended with a crash.

Error - 13/07/2008 11:06:20 PM | Computer Name = mmoorexps2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 332 seconds with 180 seconds of active time. This session ended with a crash.

Error - 04/01/2009 5:03:10 PM | Computer Name = mmoorexps2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27/03/2011 12:16:39 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7001
Description =

Error - 27/03/2011 12:16:39 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7001
Description =

Error - 27/03/2011 12:16:39 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7001
Description =

Error - 27/03/2011 12:16:39 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7001
Description =

Error - 27/03/2011 12:16:39 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7001
Description =

Error - 27/03/2011 12:16:39 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7026
Description =

Error - 27/03/2011 12:16:39 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7001
Description =

Error - 27/03/2011 12:16:39 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7001
Description =

Error - 27/03/2011 12:16:39 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7001
Description =

Error - 27/03/2011 12:16:41 PM | Computer Name = mmoorexps2008 | Source = Service Control Manager | ID = 7001
Description =


< End of report >


***** Extras.txt End *****

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:45 AM

Posted 27 March 2011 - 12:13 PM

Hi,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
    O4 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000..\Run: [OUU6KC5WPX] File not found
    O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O33 - MountPoints2\{3b1afbde-7460-11de-b3ca-001ec937c441}\Shell - "" = AutoRun
    O33 - MountPoints2\{3b1afbde-7460-11de-b3ca-001ec937c441}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Win-Azure.pdf
    O33 - MountPoints2\{80a9f6bb-a9c4-11de-aeda-001ec937c441}\Shell\AutoRun\command - "" = K:\WDSetup.exe
    O33 - MountPoints2\{d77ca8a9-efba-11de-a2b9-001ec937c441}\Shell\AutoRun\command - "" = K:\WDSetup.exe
    O33 - MountPoints2\K\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Win-Azure.pdf
    O35 - HKLM\..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
    O35 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000..exefile [open] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
    O37 - HKU\S-1-5-21-1588603938-2877137775-2201771921-1000\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %*
    [2011/03/08 19:35:54 | 000,000,000 | ---D | C] -- C:\Users\Mike\{bd92fa70-5205-4b45-a48d-33b72ab6d868}
    [2009/08/19 20:51:37 | 000,110,592 | ---- | C] (CyberLink Corp.) -- C:\Users\Mike\AppData\Local\ievcphs.dll
    [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [2011/03/27 11:28:52 | 000,009,584 | -HS- | M] () -- C:\Users\Mike\AppData\Local\67pex0qx72j4457dedm64k15jant06w7246xw12h87
    [2011/03/27 11:28:52 | 000,009,584 | -HS- | M] () -- C:\ProgramData\67pex0qx72j4457dedm64k15jant06w7246xw12h87
    [2011/03/27 08:27:18 | 000,002,585 | -HS- | M] () -- C:\Windows\System32\mmf.sys
    [2011/03/27 08:27:09 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/03/26 23:13:34 | 000,009,674 | -HS- | M] () -- C:\ProgramData\2171697913
    [2011/03/26 21:04:31 | 000,000,234 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2011/03/26 23:12:55 | 000,009,674 | -HS- | C] () -- C:\ProgramData\2171697913
    [2011/03/26 23:12:55 | 000,009,584 | -HS- | C] () -- C:\Users\Mike\AppData\Local\67pex0qx72j4457dedm64k15jant06w7246xw12h87
    [2011/03/26 21:18:46 | 000,009,584 | -HS- | C] () -- C:\ProgramData\67pex0qx72j4457dedm64k15jant06w7246xw12h87
    [2011/03/26 21:04:31 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/03/26 21:04:30 | 000,000,234 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 M Moore

M Moore
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 March 2011 - 12:59 PM

Note: In step 1 and step 2 when asked to reboot I rebooted into full windows then went back into safe mode as wasn't sure if final steps of uninstall would occur under safe mode.

Note: 3rd step (Combo fix) didn't appear to go well.... no log file and similar messages as before about not being able to access files in a directory c:\32788r22fwjfw\<file> where file was one of iexploer,n.pif, hidec.exe, firefox.exe. Then recieved dialog about not knowing which program would run file "nircmd.cfxxe" and asked if I wanted to search internet for correct program to run it (I didn't)


****** OTL results start ******

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service RoxLiveShare9 stopped successfully!
Service RoxLiveShare9 deleted successfully!
Registry value HKEY_USERS\S-1-5-21-1588603938-2877137775-2201771921-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OUU6KC5WPX deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E92528A6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0B8C461-F8FB-49b4-8373-FE32E92528A6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E92528A6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0B8C461-F8FB-49b4-8373-FE32E92528A6}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1afbde-7460-11de-b3ca-001ec937c441}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b1afbde-7460-11de-b3ca-001ec937c441}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1afbde-7460-11de-b3ca-001ec937c441}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b1afbde-7460-11de-b3ca-001ec937c441}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Win-Azure.pdf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80a9f6bb-a9c4-11de-aeda-001ec937c441}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80a9f6bb-a9c4-11de-aeda-001ec937c441}\ not found.
File K:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77ca8a9-efba-11de-a2b9-001ec937c441}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d77ca8a9-efba-11de-a2b9-001ec937c441}\ not found.
File K:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\Win-Azure.pdf not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %* not found.
Registry value HKEY_USERS\S-1-5-21-1588603938-2877137775-2201771921-1000_Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Windows\system32\config\systemprofile\AppData\Local\pcv.exe" -a "%1" %* not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1588603938-2877137775-2201771921-1000_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1588603938-2877137775-2201771921-1000_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Mike\{bd92fa70-5205-4b45-a48d-33b72ab6d868} folder moved successfully.
C:\Users\Mike\AppData\Local\ievcphs.dll moved successfully.
C:\Windows\System32\SETD2EA.tmp deleted successfully.
C:\Windows\System32\SETD3C6.tmp deleted successfully.
C:\Windows\System32\SETD493.tmp deleted successfully.
C:\Users\Mike\AppData\Local\67pex0qx72j4457dedm64k15jant06w7246xw12h87 moved successfully.
C:\ProgramData\67pex0qx72j4457dedm64k15jant06w7246xw12h87 moved successfully.
C:\Windows\System32\mmf.sys moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\ProgramData\2171697913 moved successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.
File C:\ProgramData\2171697913 not found.
File C:\Users\Mike\AppData\Local\67pex0qx72j4457dedm64k15jant06w7246xw12h87 not found.
File C:\ProgramData\67pex0qx72j4457dedm64k15jant06w7246xw12h87 not found.
File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Mike\Desktop\playing\cmd.bat deleted successfully.
C:\Users\Mike\Desktop\playing\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 815238758 bytes
->Temporary Internet Files folder emptied: 1068944350 bytes
->Java cache emptied: 105441895 bytes
->Flash cache emptied: 420160 bytes

User: Public

User: Troubleshoot
->Temp folder emptied: 216510 bytes
->Temporary Internet Files folder emptied: 119639 bytes
->Flash cache emptied: 41 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169325785 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,060.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mike
->Flash cache emptied: 0 bytes

User: Public

User: Troubleshoot
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03272011_132154

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


****** OTL results end ******

****** TDSSKiller start ******

2011/03/27 13:32:33.0498 1964 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/27 13:32:33.0498 1964 ================================================================================
2011/03/27 13:32:33.0498 1964 SystemInfo:
2011/03/27 13:32:33.0498 1964
2011/03/27 13:32:33.0498 1964 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/27 13:32:33.0498 1964 Product type: Workstation
2011/03/27 13:32:33.0498 1964 ComputerName: MMOOREXPS2008
2011/03/27 13:32:33.0498 1964 UserName: Mike
2011/03/27 13:32:33.0498 1964 Windows directory: C:\Windows
2011/03/27 13:32:33.0498 1964 System windows directory: C:\Windows
2011/03/27 13:32:33.0498 1964 Processor architecture: Intel x86
2011/03/27 13:32:33.0498 1964 Number of processors: 2
2011/03/27 13:32:33.0498 1964 Page size: 0x1000
2011/03/27 13:32:33.0498 1964 Boot type: Safe boot
2011/03/27 13:32:33.0498 1964 ================================================================================
2011/03/27 13:32:34.0294 1964 Initialize success
2011/03/27 13:33:01.0641 2024 ================================================================================
2011/03/27 13:33:01.0641 2024 Scan started
2011/03/27 13:33:01.0641 2024 Mode: Manual;
2011/03/27 13:33:01.0641 2024 ================================================================================
2011/03/27 13:33:02.0390 2024 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/27 13:33:02.0530 2024 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/27 13:33:02.0593 2024 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/27 13:33:02.0624 2024 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/27 13:33:02.0702 2024 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/27 13:33:02.0858 2024 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/27 13:33:02.0905 2024 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/03/27 13:33:02.0936 2024 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/27 13:33:02.0967 2024 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
2011/03/27 13:33:03.0045 2024 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/03/27 13:33:03.0092 2024 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
2011/03/27 13:33:03.0123 2024 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/27 13:33:03.0154 2024 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/27 13:33:03.0435 2024 amdkmdag (409d070998de0c740372531174d22c91) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/27 13:33:03.0700 2024 amdkmdap (377cd7845a5c428112add976867a2819) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/03/27 13:33:03.0856 2024 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/27 13:33:03.0934 2024 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/27 13:33:04.0012 2024 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/27 13:33:04.0090 2024 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/27 13:33:04.0153 2024 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\Windows\system32\drivers\aswRdr.sys
2011/03/27 13:33:04.0199 2024 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\Windows\system32\drivers\aswSP.sys
2011/03/27 13:33:04.0231 2024 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\Windows\system32\drivers\aswTdi.sys
2011/03/27 13:33:04.0262 2024 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/27 13:33:04.0324 2024 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/03/27 13:33:04.0480 2024 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
2011/03/27 13:33:04.0621 2024 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
2011/03/27 13:33:04.0714 2024 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/03/27 13:33:04.0808 2024 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/27 13:33:04.0964 2024 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/27 13:33:05.0026 2024 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/27 13:33:05.0057 2024 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/27 13:33:05.0104 2024 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/27 13:33:05.0151 2024 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/27 13:33:05.0182 2024 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/27 13:33:05.0229 2024 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/27 13:33:05.0276 2024 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/27 13:33:05.0401 2024 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/27 13:33:05.0479 2024 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/27 13:33:05.0525 2024 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/27 13:33:05.0588 2024 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/27 13:33:05.0728 2024 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
2011/03/27 13:33:05.0759 2024 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2011/03/27 13:33:05.0806 2024 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/27 13:33:05.0853 2024 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/27 13:33:05.0978 2024 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/27 13:33:06.0103 2024 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/27 13:33:06.0212 2024 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/27 13:33:06.0290 2024 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/27 13:33:06.0368 2024 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/03/27 13:33:06.0430 2024 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/27 13:33:06.0524 2024 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/27 13:33:06.0586 2024 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/27 13:33:06.0711 2024 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/27 13:33:06.0773 2024 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/27 13:33:06.0836 2024 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/27 13:33:06.0914 2024 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/27 13:33:06.0976 2024 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/27 13:33:07.0039 2024 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/27 13:33:07.0101 2024 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/27 13:33:07.0210 2024 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/27 13:33:07.0273 2024 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\Windows\system32\drivers\ftdibus.sys
2011/03/27 13:33:07.0335 2024 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\Windows\system32\drivers\ftser2k.sys
2011/03/27 13:33:07.0397 2024 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/27 13:33:07.0507 2024 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/27 13:33:07.0585 2024 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
2011/03/27 13:33:07.0678 2024 HCW85BDA (57877ab7d10528565cb0c67b3bf12cff) C:\Windows\system32\drivers\HCW85BDA.sys
2011/03/27 13:33:07.0741 2024 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/03/27 13:33:07.0834 2024 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/27 13:33:07.0912 2024 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/27 13:33:07.0975 2024 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/27 13:33:08.0021 2024 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/27 13:33:08.0084 2024 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/27 13:33:08.0177 2024 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/27 13:33:08.0255 2024 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/27 13:33:08.0349 2024 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/27 13:33:08.0443 2024 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2011/03/27 13:33:08.0505 2024 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/27 13:33:08.0614 2024 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/27 13:33:08.0677 2024 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
2011/03/27 13:33:08.0723 2024 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/27 13:33:08.0817 2024 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/27 13:33:08.0895 2024 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/27 13:33:08.0942 2024 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/27 13:33:09.0020 2024 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/27 13:33:09.0067 2024 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/03/27 13:33:09.0113 2024 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/27 13:33:09.0145 2024 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/27 13:33:09.0207 2024 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/27 13:33:09.0285 2024 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/27 13:33:09.0363 2024 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/27 13:33:09.0441 2024 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/27 13:33:09.0535 2024 lfsfilt (f63b12fe3b1686da15605b4112180044) C:\Windows\system32\DRIVERS\lfsfilt.sys
2011/03/27 13:33:09.0613 2024 LGPBTDD (3bd7dc764089e4731889aaa7be4723d9) C:\Windows\system32\Drivers\LGPBTDD.sys
2011/03/27 13:33:09.0737 2024 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/03/27 13:33:09.0800 2024 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/27 13:33:09.0862 2024 lpx (a42877f61eaebff1a42ad52be8e66a8b) C:\Windows\system32\DRIVERS\lpx.sys
2011/03/27 13:33:09.0925 2024 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/27 13:33:10.0003 2024 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/27 13:33:10.0065 2024 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/27 13:33:10.0081 2024 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/27 13:33:10.0159 2024 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/27 13:33:10.0221 2024 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/27 13:33:10.0268 2024 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/27 13:33:10.0330 2024 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/27 13:33:10.0377 2024 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/27 13:33:10.0439 2024 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/27 13:33:10.0486 2024 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/27 13:33:10.0549 2024 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/27 13:33:10.0611 2024 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/27 13:33:10.0689 2024 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/27 13:33:10.0736 2024 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/27 13:33:10.0767 2024 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/27 13:33:10.0845 2024 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/27 13:33:10.0892 2024 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2011/03/27 13:33:10.0939 2024 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/27 13:33:11.0017 2024 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/27 13:33:11.0126 2024 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/27 13:33:11.0219 2024 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/27 13:33:11.0297 2024 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/27 13:33:11.0375 2024 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/27 13:33:11.0438 2024 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/27 13:33:11.0500 2024 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/27 13:33:11.0547 2024 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/27 13:33:11.0578 2024 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/27 13:33:11.0672 2024 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/27 13:33:11.0765 2024 ndasbus (bfacaaeace7b84514743eadc0bcd3d53) C:\Windows\system32\DRIVERS\ndasbus.sys
2011/03/27 13:33:11.0812 2024 ndasfat (46249c0fbc154d22203277a97bf6186b) C:\Windows\system32\DRIVERS\ndasfat.sys
2011/03/27 13:33:11.0890 2024 ndasfs (9bd6484ff5972bc6231c72fe6278295b) C:\Windows\system32\DRIVERS\ndasfs.sys
2011/03/27 13:33:11.0953 2024 ndasrofs (3fefb570ca7b6ed5bb4ac02565812e26) C:\Windows\system32\DRIVERS\ndasrofs.sys
2011/03/27 13:33:12.0031 2024 ndasscsi (ee1bd9f1710f742157bcb1aceeca36d9) C:\Windows\system32\DRIVERS\ndasscsi.sys
2011/03/27 13:33:12.0124 2024 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/27 13:33:12.0218 2024 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/27 13:33:12.0265 2024 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/27 13:33:12.0327 2024 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/27 13:33:12.0358 2024 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/27 13:33:12.0421 2024 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/27 13:33:12.0483 2024 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/27 13:33:12.0530 2024 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/27 13:33:12.0639 2024 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/27 13:33:12.0701 2024 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/27 13:33:12.0795 2024 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/27 13:33:12.0857 2024 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/27 13:33:12.0920 2024 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/27 13:33:12.0951 2024 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/27 13:33:13.0013 2024 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/27 13:33:13.0060 2024 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/03/27 13:33:13.0216 2024 OEM05Afx (58f478fd0115012ceec75fb73628901c) C:\Windows\system32\Drivers\OEM05Afx.sys
2011/03/27 13:33:13.0232 2024 OEM05Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM05Vfx.sys
2011/03/27 13:33:13.0279 2024 OEM05Vid (3c60c2022cb93073da2574da90c962c2) C:\Windows\system32\DRIVERS\OEM05Vid.sys
2011/03/27 13:33:13.0357 2024 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/27 13:33:13.0435 2024 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/27 13:33:13.0497 2024 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/27 13:33:13.0544 2024 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/27 13:33:13.0622 2024 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/27 13:33:13.0653 2024 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2011/03/27 13:33:13.0715 2024 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/27 13:33:13.0762 2024 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/27 13:33:13.0887 2024 pnarp (3de33bce4a930edf57bd1f742823bcd8) C:\Windows\system32\DRIVERS\pnarp.sys
2011/03/27 13:33:13.0981 2024 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/27 13:33:14.0012 2024 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/27 13:33:14.0074 2024 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/27 13:33:14.0137 2024 purendis (53efa6066e7ffaa1ad91c7fb40ffd2ec) C:\Windows\system32\DRIVERS\purendis.sys
2011/03/27 13:33:14.0183 2024 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/27 13:33:14.0293 2024 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/27 13:33:14.0355 2024 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/27 13:33:14.0402 2024 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/27 13:33:14.0729 2024 R300 (409d070998de0c740372531174d22c91) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/27 13:33:14.0807 2024 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/27 13:33:14.0870 2024 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/27 13:33:14.0932 2024 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/27 13:33:14.0979 2024 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/27 13:33:15.0057 2024 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/27 13:33:15.0119 2024 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/27 13:33:15.0182 2024 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/03/27 13:33:15.0244 2024 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/27 13:33:15.0338 2024 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/27 13:33:15.0447 2024 RemoteControl-USBLAN (7553d60b85ac53bd4486c418a0fbfcdf) C:\Windows\system32\DRIVERS\rcblan.sys
2011/03/27 13:33:15.0509 2024 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/03/27 13:33:15.0556 2024 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/03/27 13:33:15.0634 2024 RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\Windows\system32\DRIVERS\livecamv.sys
2011/03/27 13:33:15.0681 2024 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/03/27 13:33:15.0759 2024 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/27 13:33:15.0821 2024 SaiH0762 (a2290661d007d6b68866bd6119f159cd) C:\Windows\system32\DRIVERS\SaiH0762.sys
2011/03/27 13:33:15.0853 2024 SaiMini (1a97eed6d95a2c239ef27c15e63f3446) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/03/27 13:33:15.0915 2024 SaiNtBus (4dbdefa637fd28b1ecd27692d70ea6a6) C:\Windows\system32\drivers\SaiBus.sys
2011/03/27 13:33:15.0977 2024 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/27 13:33:16.0040 2024 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/03/27 13:33:16.0071 2024 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/03/27 13:33:16.0118 2024 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/27 13:33:16.0165 2024 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/27 13:33:16.0211 2024 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/27 13:33:16.0243 2024 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/27 13:33:16.0305 2024 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/27 13:33:16.0352 2024 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/03/27 13:33:16.0383 2024 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/27 13:33:16.0414 2024 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/27 13:33:16.0445 2024 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/27 13:33:16.0477 2024 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/03/27 13:33:16.0508 2024 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/27 13:33:16.0539 2024 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/27 13:33:16.0617 2024 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/27 13:33:16.0679 2024 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/27 13:33:16.0773 2024 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/27 13:33:16.0820 2024 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/27 13:33:16.0835 2024 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/27 13:33:16.0929 2024 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
2011/03/27 13:33:17.0007 2024 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/27 13:33:17.0069 2024 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/27 13:33:17.0132 2024 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/27 13:33:17.0179 2024 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/27 13:33:17.0241 2024 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
2011/03/27 13:33:17.0303 2024 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/03/27 13:33:17.0381 2024 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/27 13:33:17.0475 2024 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/27 13:33:17.0537 2024 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/27 13:33:17.0600 2024 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/27 13:33:17.0662 2024 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/27 13:33:17.0709 2024 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/27 13:33:17.0771 2024 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/27 13:33:17.0896 2024 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/03/27 13:33:17.0974 2024 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/27 13:33:18.0052 2024 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/27 13:33:18.0099 2024 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/27 13:33:18.0146 2024 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/27 13:33:18.0208 2024 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/27 13:33:18.0271 2024 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/27 13:33:18.0349 2024 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/27 13:33:18.0411 2024 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/27 13:33:18.0458 2024 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/27 13:33:18.0536 2024 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/27 13:33:18.0645 2024 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/27 13:33:18.0723 2024 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/03/27 13:33:18.0785 2024 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/27 13:33:18.0848 2024 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/27 13:33:18.0895 2024 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/27 13:33:18.0988 2024 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/27 13:33:19.0035 2024 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/27 13:33:19.0097 2024 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/27 13:33:19.0160 2024 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/27 13:33:19.0191 2024 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/27 13:33:19.0238 2024 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/27 13:33:19.0300 2024 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/27 13:33:19.0378 2024 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/27 13:33:19.0409 2024 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/03/27 13:33:19.0472 2024 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/27 13:33:19.0503 2024 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
2011/03/27 13:33:19.0550 2024 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/27 13:33:19.0612 2024 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/27 13:33:19.0721 2024 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/27 13:33:19.0784 2024 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/27 13:33:19.0846 2024 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/27 13:33:19.0909 2024 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/27 13:33:19.0940 2024 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/27 13:33:19.0987 2024 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/27 13:33:20.0033 2024 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/27 13:33:20.0143 2024 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/03/27 13:33:20.0236 2024 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\Windows\system32\drivers\WmBEnum.sys
2011/03/27 13:33:20.0299 2024 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\Windows\system32\drivers\WmFilter.sys
2011/03/27 13:33:20.0361 2024 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/27 13:33:20.0408 2024 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\Windows\system32\drivers\WmVirHid.sys
2011/03/27 13:33:20.0455 2024 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\Windows\system32\drivers\WmXlCore.sys
2011/03/27 13:33:20.0548 2024 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/27 13:33:20.0642 2024 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/27 13:33:20.0735 2024 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/27 13:33:20.0798 2024 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/27 13:33:20.0954 2024 ================================================================================
2011/03/27 13:33:20.0954 2024 Scan finished
2011/03/27 13:33:20.0954 2024 ================================================================================
2011/03/27 13:33:20.0969 2016 Detected object count: 1
2011/03/27 13:34:25.0663 2016 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/27 13:34:25.0663 2016 \HardDisk0 - ok
2011/03/27 13:34:25.0663 2016 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/27 13:34:35.0741 1960 Deinitialize success


****** TDSSKiller end ******

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:45 AM

Posted 27 March 2011 - 01:08 PM

Hello,

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



The main infection that you are infected with is called TDL4.

See snippet below:

2011/03/27 13:33:20.0969 2016 Detected object count: 1
2011/03/27 13:34:25.0663 2016 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/27 13:34:25.0663 2016 \HardDisk0 - ok
2011/03/27 13:34:25.0663 2016 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/27 13:34:35.0741 1960 Deinitialize success


You can read more about this infection here:

Thanks to quietman7 for providing the above links.



After running TDSSKiller did you reboot your computer before you attempted to run ComboFix? I'd like to have you try running ComboFix in Normal mode after you reboot your computer.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 M Moore

M Moore
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 27 March 2011 - 01:22 PM

appreciate the warning - it is my main pc, but I would like proceed with trying to clean it...

I ran combofix in normal windows mode and received same results as previously documented... the progress bar appears to reach 100% then the series of messages about unable to access file occur + message about not knowing program to run "nircmd.cfxxe".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users