Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow & Internet Explorer Hangs


  • This topic is locked This topic is locked
33 replies to this topic

#1 Explicit1

Explicit1

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 16 June 2011 - 08:03 PM

First off I had a TDL4 rootkit around a month ago and ever since I have had issues. The system hangs and I have to kill the process (explorer) and start over in order to finish online etc. Malwarebytes shows nothing found in safe mode and in regular startup. The same with norton antivirus... Also about ten minutes after boot the antivirus will pop up saying that realtime is disabled when it isn't and the virus date is stuck on the 4th of May when i got the TDL4 originally. I removed with tdskiller in the past. Please review my logs and let me know your thoughts..

Thanks in advance

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Matt at 13:56:06.96 on Thu 06/16/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2217 [GMT -7:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINNT\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
C:\WINNT\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\WINNT\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Documents and Settings\Matt\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
mRun: [Trirot] Trirot.exe
mRun: [RegServer] regserve.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SmartSoft PDF Printer Agent] "c:\program files\smart pdf creator pro\SmartSoft PDF Printer Agent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: rapmls.com
Trusted Zone: shortsalebirddogs.com\www
Trusted Zone: turbotax.com
Trusted Zone: uspto.gov
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1243218437625
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxp://ml.sitexdata.com/mortgageleads/arview2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} - hxxps://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://naasystem.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\winnt\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R3 AESTAud;AE Audio Service;c:\winnt\system32\drivers\AESTAud.sys [2009-5-16 108160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-25 105592]
R3 itecir;ITECIR Infrared Receiver;c:\winnt\system32\drivers\itecir.sys [2009-5-16 54784]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\winnt\system32\drivers\k57xp32.sys [2009-5-16 174592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110504.002\naveng.sys [2011-5-4 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110504.002\navex15.sys [2011-5-4 1393144]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\winnt\system32\drivers\OA001Ufd.sys [2009-5-16 133472]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\winnt\system32\drivers\OA001Vid.sys [2009-5-16 279488]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2008-7-31 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 136176]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\winnt\system32\AWINDIS5.SYS [2005-8-8 16194]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 136176]
S3 hcdriver;EHCI;c:\winnt\system32\drivers\hcdriver.sys [2005-12-2 46080]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\winnt\system32\drivers\wg511nd5.sys --> c:\winnt\system32\drivers\wg511nd5.sys [?]
S3 ptiusbf;PTI USB Filter;c:\winnt\system32\drivers\ptiusbf.sys --> c:\winnt\system32\drivers\PTIUSBF.SYS [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 Xgiv3;Xgiv3;c:\winnt\system32\drivers\Xgiv3m.sys [2005-5-24 337408]
S4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S4 RT80x86;Ralink 802.11n Wireless Driver;c:\winnt\system32\drivers\rt2860.sys --> c:\winnt\system32\drivers\RT2860.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-25 24652]
.
=============== Created Last 30 ================
.
2011-06-09 04:33:55 -------- d-----w- c:\program files\RAR Password Unlocker
2011-05-25 16:21:10 -------- d-----w- C:\DriveKey
2011-05-25 01:03:49 -------- d-----w- c:\program files\PeerBlock
2011-05-24 23:39:33 -------- d-----w- c:\program files\Datapol
2011-05-20 04:39:33 -------- d-----w- c:\program files\iPod
2011-05-20 04:39:08 -------- d-----w- c:\program files\iTunes
2011-05-20 04:31:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-05-20 04:31:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-05-20 04:31:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-05-20 04:31:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-05-20 04:31:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-05-20 04:31:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-05-20 04:31:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-06-16 15:44:27 11848 ----a-w- c:\winnt\system32\Fxxplfnt.tmp
2011-05-17 17:17:21 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-05-04 15:20:27 0 ----a-w- c:\winnt\Jkubitogolo.bin
2011-04-06 23:20:16 91424 ----a-w- c:\winnt\system32\dnssd.dll
2011-04-06 23:20:16 107808 ----a-w- c:\winnt\system32\dns-sd.exe
2001-09-29 00:00:28 164864 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 13:56:51.48 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2005 3:24:21 PM
System Uptime: 6/16/2011 8:24:07 AM (5 hours ago)
.
Motherboard: Dell Inc. | | 0P132H
Processor: Intel Pentium III Xeon processor | U2E1 | 2393/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 57.084 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 59.654 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\00000000
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\00000000
Service: NIC1394
.
==== System Restore Points ===================
.
RP704: 5/17/2011 10:30:39 PM - System Checkpoint
RP705: 5/19/2011 8:53:44 AM - System Checkpoint
RP706: 5/21/2011 12:07:33 PM - System Checkpoint
RP707: 5/22/2011 12:44:48 PM - System Checkpoint
RP708: 5/23/2011 1:33:42 PM - System Checkpoint
RP709: 5/24/2011 4:29:13 PM - System Checkpoint
RP710: 5/25/2011 9:20:10 AM - Installed HP USB Disk Storage Format Tool
RP711: 5/25/2011 9:21:10 AM - Installed HP USB Disk Storage Format Tool
RP712: 5/26/2011 9:21:47 AM - System Checkpoint
RP713: 5/27/2011 2:15:33 PM - System Checkpoint
RP714: 5/29/2011 2:50:47 PM - System Checkpoint
RP715: 5/30/2011 3:45:54 PM - System Checkpoint
RP716: 5/31/2011 3:50:30 PM - System Checkpoint
RP717: 6/7/2011 3:26:51 PM - System Checkpoint
RP718: 6/9/2011 3:59:10 PM - System Checkpoint
RP719: 6/10/2011 6:14:51 PM - System Checkpoint
RP720: 6/12/2011 3:14:07 PM - System Checkpoint
RP721: 6/13/2011 9:49:13 PM - System Checkpoint
RP722: 6/14/2011 10:00:09 PM - System Checkpoint
RP723: 6/16/2011 8:43:48 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
#1 DVD Ripper 7.2.1
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
Aarons Advanced Cliker Version 3.05
Acronis True Image Echo Workstation
Acronis Universal Restore for Acronis True Image Echo Workstation
ACT! by Sage Premium 2009 (11.0)
Ad-Aware SE Professional
Adobe Acrobat X Pro - English, Franēais, Deutsch
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced GIF Animator 3.0
AeroSnap 0.61
AIO_Scan
Allok Video to FLV Converter 4.7.1202
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
BCM V.92 56K Modem
Bejeweled Blitz
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
Broadcom Gigabit NetLink Controller
BS.Player PRO
CalyxLoanBridge11
CamStudio
Canon MP Drivers
Canon MP Toolbox 4.1
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CoffeeCup Flash Firestarter
CoffeeCup Flash Form Builder - Registered
Compatibility Pack for the 2007 Office system
Connect
Dell 5530 Wireless Broadband Package
Dell Touchpad
DH Mobility Modder.NET
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DJ_AIO_Software_min
DVD Shrink 3.1.6
EPSON Printer Software
FileZilla Client 3.0.9.3
Full Tilt Poker
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Genesis 2000
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet All-In-One Software 9.0
HP USB Disk Storage Format Tool
IDT Audio
Integrated Webcam Driver (1.05.02.1227)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
interneTIFF 9.0-FREE (IE Browser)
iTunes
Java™ 6 Update 17
kuler
LiveUpdate (Symantec Corporation)
Loan Tracker
LoanAmortizer Enterprise Edition
Lotto Hat v3.5
Magic ISO Maker v5.5 (build 0274)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Baseline Security Analyzer 2.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Sounds
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Works 6-9 Converter
Microsoft WSE 2.0 SP3 Runtime
Microsoft XML Parser
mIRC
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 6 Ultra Edition
Netflix Movie Viewer
NTFS4DOS
OfficeSharedAddInSetup
PartitionMagic
PDF Password Cracker Pro v2.0
PDF Settings CS4
PeerBlock 1.1 (r518)
Photoshop Camera Raw
PIXresizer 2.0.4
POINT
PokerStars
PowerQuest PartitionMagic 8.0
QuickTime
RAR Password Unlocker 3.0
ResumeMaker
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
Roxio Media Manager
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Setup
Skins
Skype Toolbars
Skype™ 4.2
Smart PDF Creator Pro 6.1.0.426
SmartDraw VP
Suite Shared Configuration CS4
Switch Sound File Converter
Symantec AntiVirus
System Requirements Lab
System Requirements Lab for Intel
Toolbox
TypingMaster Pro
Uniblue DriverScanner 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Viewpoint Media Player
Virtual Earth 3D (Beta)
Virtual Tutor System 3.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WavePad Sound Editor
WebEx
WebFldrs XP
WebFormDesigner
WexTech AnswerWorks
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WINForms® Desktop
WinRAR archiver
Wondershare Flash Gallery Factory Deluxe 5.0.2
XGI Volari-XP5 Display Driver
Xvid 1.1.3 final uninstall
YouTube FLV to AVI Suite Enterprise 2.3.9
zipForm6
.
==== Event Viewer Messages From Past Week ========
.
6/16/2011 8:25:24 AM, error: Print [19] - Sharing printer failed + 1722, Printer Xerox WorkCentre 24 PCL 6 share name Printer5.
6/11/2011 8:20:08 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
6/10/2011 1:21:26 PM, error: Service Control Manager [7034] - The Symantec AntiVirus Definition Watcher service terminated unexpectedly. It has done this 1 time(s).
6/10/2011 1:21:26 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
6/10/2011 1:21:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
6/10/2011 1:20:36 PM, error: NIC1394 [5002] - 1394 Net Adapter #2 : Has determined that the adapter is not functioning properly.
.
==== End Of File ===========================


GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-06-16 16:31:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9320421ASG rev.DE17
Running: m2wlsvgs.exe; Driver: C:\DOCUME~1\Matt\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT 8AAD6B00 ZwAlertResumeThread
SSDT 8AAB15F8 ZwAlertThread
SSDT 8AD2D008 ZwAllocateVirtualMemory
SSDT 8AD5BE18 ZwConnectPort
SSDT 8AE40120 ZwCreateMutant
SSDT 8AD233D0 ZwCreateThread
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAC5D1350]
SSDT 8ACF01B0 ZwFreeVirtualMemory
SSDT 8AE49E88 ZwImpersonateAnonymousToken
SSDT 8AD57510 ZwImpersonateThread
SSDT 8AF781B0 ZwMapViewOfSection
SSDT 8AD08AB8 ZwOpenEvent
SSDT 8AE58DF8 ZwOpenProcessToken
SSDT 8ACC4790 ZwOpenThreadToken
SSDT 8AD39580 ZwQueryValueKey
SSDT 8AF961B8 ZwResumeThread
SSDT 882E6B70 ZwSetContextThread
SSDT 8AE7F008 ZwSetInformationProcess
SSDT 8AADB970 ZwSetInformationThread
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAC5D1580]
SSDT 8AD04070 ZwSuspendProcess
SSDT 8AD43900 ZwSuspendThread
SSDT 8AEBD348 ZwTerminateProcess
SSDT 8AADBDC0 ZwTerminateThread
SSDT 8AEA68B8 ZwUnmapViewOfSection
SSDT 8AD31B78 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINNT\system32\DRIVERS\ati2mtag.sys section is writeable [0xB932B000, 0x1B601E, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0x57 0xB0 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x07 0x5C 0xAF 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4B 0x1C 0x83 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x50 0x57 0xB0 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x07 0x5C 0xAF 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4B 0x1C 0x83 0xFD ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore@DisableSR \t 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8C0B0701-6A33-7AD8-CDD1-91A3D55087AC}

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 June 2011 - 10:00 PM

Any Thoughts...

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 17 June 2011 - 11:38 PM.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:59 AM

Posted 23 June 2011 - 06:40 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:59 AM

Posted 25 June 2011 - 12:57 PM

Hi!

It's been several days since I last posted instructions for you to complete. Do you still require assistance in getting your computer cleaned up?

Please Note: Unless notified in advance, threads with no response in 3 days get closed.

If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.


Thanks,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:59 AM

Posted 26 June 2011 - 11:04 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:59 AM

Posted 28 June 2011 - 05:47 PM

This topic has been re-opened at the request of the person who originally posted.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 28 June 2011 - 07:35 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB92F1000 C:\WINNT\system32\DRIVERS\ati2mtag.sys 5455872 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB8E8A000 C:\WINNT\system32\DRIVERS\NETw5x32.sys 4222976 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xBF1AD000 C:\WINNT\System32\ati3duag.dll 4120576 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF59B000 C:\WINNT\System32\ativvaxx.dll 2498560 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINNT\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINNT\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAC41D000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110504.002\navex15.sys 1388544 bytes (Symantec Corporation, AV Engine)
0xAC641000 C:\WINNT\system32\drivers\sthda.sys 1327104 bytes (IDT, Inc., IDT PC Audio)
0xBF063000 C:\WINNT\System32\ati2cqag.dll 577536 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB9DF6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9D46000 timntr.sys 536576 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xB8D12000 C:\WINNT\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xBF0F0000 C:\WINNT\System32\atikvmag.dll 471040 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAC146000 C:\WINNT\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAC209000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 413696 bytes (Symantec Corporation, SPBBC Driver)
0xAC0E8000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB8B21000 C:\WINNT\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAC317000 C:\WINNT\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB8D8D000 C:\WINNT\system32\DRIVERS\itecir.sys 360448 bytes (ITE Tech. Inc. , ITE Consumer IR Driver for eHome)
0xAC5A6000 C:\Program Files\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect)
0xA9086000 C:\WINNT\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB8DE5000 C:\WINNT\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xBF012000 C:\WINNT\System32\ati2dvag.dll 331776 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF163000 C:\WINNT\System32\atiok3x2.dll 303104 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBF9C6000 C:\WINNT\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAC3C4000 C:\WINNT\system32\DRIVERS\OA001Vid.sys 282624 bytes (Creative Technology Ltd., Video Capture Device Driver)
0xA8C5D000 C:\WINNT\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAC2DE000 C:\WINNT\System32\Drivers\SYMTDI.SYS 233472 bytes (Symantec Corporation, Network Dispatch Driver)
0xB8C7C000 C:\WINNT\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB8E5C000 C:\WINNT\system32\DRIVERS\k57xp32.sys 188416 bytes (Broadcom Corporation, Broadcom NetLink ™ Gigabit Ethernet NDIS5.1 Driver.)
0xA9571000 C:\WINNT\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DC9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB8CE6000 C:\WINNT\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xA87B0000 C:\WINNT\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAC1DE000 C:\WINNT\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB92B5000 C:\WINNT\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAC290000 C:\WINNT\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAC2B8000 C:\WINNT\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xACAA8000 C:\WINNT\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9291000 C:\WINNT\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8CC3000 C:\WINNT\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAC26E000 C:\WINNT\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAC584000 C:\WINNT\system32\Drivers\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0xAC3A3000 C:\WINNT\system32\DRIVERS\OA001Ufd.sys 135168 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0xB9E9A000 symsnap.sys 135168 bytes (StorageCraft, StorageCraft Volume Snap-Shot)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINNT\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9ECD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9D27000 snapman.sys 126976 bytes (Acronis, Acronis Snapshot API)
0xAC0CA000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB8BBF000 C:\WINNT\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xAC626000 C:\WINNT\system32\drivers\AESTAud.sys 110592 bytes (Andrea Electronics Corporation, Andrea Audio Driver)
0xACACC000 C:\WINNT\system32\drivers\AtiHdmi.sys 110592 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xB9D0D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAC0B2000 C:\WINNT\System32\Drivers\dump_atapi.sys 98304 bytes
0xB8BA7000 C:\WINNT\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9E83000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8CAC000 C:\WINNT\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA989C000 C:\WINNT\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xAC409000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110504.002\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xB8E37000 C:\WINNT\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xAC570000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xB92DD000 C:\WINNT\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAC370000 C:\WINNT\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINNT\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EBB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA9336000 C:\WINNT\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8E4B000 C:\WINNT\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0xB8C3C000 C:\WINNT\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1C8000 C:\WINNT\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA268000 C:\WINNT\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1D8000 C:\WINNT\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA99D9000 C:\WINNT\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA278000 C:\WINNT\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 C:\WINNT\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINNT\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1A8000 C:\WINNT\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1F8000 C:\WINNT\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA198000 C:\WINNT\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA218000 C:\WINNT\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA128000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xB8C5C000 C:\WINNT\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA1B8000 C:\WINNT\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA208000 C:\WINNT\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA258000 C:\WINNT\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA228000 C:\WINNT\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAC7CD000 C:\WINNT\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xA8680000 C:\WINNT\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA1E8000 C:\WINNT\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA158000 C:\WINNT\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA178000 C:\WINNT\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA168000 C:\WINNT\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3D8000 C:\WINNT\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA438000 C:\WINNT\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA410000 C:\WINNT\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3B8000 C:\WINNT\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA460000 C:\WINNT\system32\DRIVERS\v2imount.sys 32768 bytes (Symantec Corporation, V2iMount.sys - Image Mounting Device Driver)
0xBA328000 C:\WINNT\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3F8000 C:\WINNT\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xBA338000 risdptsk.sys 28672 bytes (REDC, RICOH SD/MMC Driver)
0xBA3D0000 C:\WINNT\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3C0000 C:\WINNT\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3C8000 C:\WINNT\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3B0000 C:\WINNT\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA428000 C:\WINNT\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3A0000 C:\WINNT\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xBA430000 C:\WINNT\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3E8000 C:\WINNT\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3F0000 C:\WINNT\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3E0000 C:\WINNT\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA458000 C:\WINNT\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINNT\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9CA8000 C:\WINNT\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB9C88000 C:\WINNT\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9D99000 C:\WINNT\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINNT\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAC785000 C:\WINNT\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9CA4000 C:\WINNT\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8B93000 C:\WINNT\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA9D95000 C:\WINNT\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB9CAC000 C:\WINNT\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5E4000 C:\WINNT\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5EC000 C:\WINNT\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5E2000 C:\WINNT\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINNT\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5E6000 C:\WINNT\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5E8000 C:\WINNT\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5D4000 C:\WINNT\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5D6000 C:\WINNT\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5DA000 C:\WINNT\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINNT\System32\drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7FC000 C:\WINNT\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA788000 C:\WINNT\System32\Drivers\cvintdrv.SYS 4096 bytes
0xBA709000 C:\WINNT\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7A7000 C:\WINNT\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINNT\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA6A5000 C:\WINNT\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [atapi.sys]



OTL logfile created on: 6/28/2011 3:43:31 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.16% Memory free
7.33 Gb Paging File | 6.75 Gb Available in Paging File | 92.08% Paging File free
Paging file location(s): C:\pagefile.sys 4599 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 56.85 Gb Free Space | 58.22% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 51.22 Gb Free Space | 25.55% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 15:30:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2011/06/06 12:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/03/25 18:49:16 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
PRC - [2009/11/03 16:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 16:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/21 10:44:12 | 000,225,362 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\XPM09_6047v002\WDM\stacsv.exe
PRC - [2008/07/21 10:42:16 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/07/11 12:15:06 | 000,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINNT\system32\AESTFltr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2008/02/08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/10/07 20:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 16:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 15:30:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2009/11/03 16:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/11/03 16:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/11/03 16:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/07/27 22:42:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/31 22:04:38 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2008/07/21 10:44:12 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\XPM09_6047v002\WDM\stacsv.exe -- (STacSV)
SRV - [2008/04/14 05:42:40 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2008/02/22 20:41:54 | 000,423,192 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/02/21 15:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/21 15:02:44 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/10/07 21:48:36 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/08/27 18:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/16 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/18 01:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110504.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110504.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/02/21 12:07:00 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/26 06:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/28 05:12:49 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINNT\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/15 21:51:45 | 000,132,352 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/05/15 10:56:03 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/05/15 10:56:03 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/04/01 04:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/27 01:05:00 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/12/01 15:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/26 14:02:04 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/21 10:46:18 | 001,384,595 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/07/11 12:15:10 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/05/07 12:30:54 | 000,137,952 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINNT\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/29 20:04:04 | 000,174,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink ™
DRV - [2008/01/19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2007/12/26 20:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/08/27 18:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 18:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/26 20:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/03/14 18:25:00 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\itecir.sys -- (itecir)
DRV - [2006/12/28 09:44:44 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/11/20 22:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/07/14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/02/28 21:27:08 | 000,337,408 | ---- | M] (XGI Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Xgiv3m.sys -- (Xgiv3)
DRV - [2004/09/15 23:53:06 | 000,263,608 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/04/23 13:59:44 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/04/25 23:16:30 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\hcdriver.sys -- (hcdriver)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINNT\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2000/09/07 11:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/22 17:06:11 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINNT\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RegServer] File not found
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Trirot] File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: rapmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: rapmls.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: shortsalebirddogs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: uspto.gov ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1243218437625 (MUCatalogWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://ml.sitexdata.com/mortgageleads/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} https://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab (PtClickLoan Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/24 14:24:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 15:30:10 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/06/27 21:26:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matt\Recent
[2011/06/08 21:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\RAR Password Unlocker
[2011/06/08 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2011/06/07 18:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Google Earth
[2011/06/06 12:55:34 | 000,047,512 | ---- | C] (Adobe Systems Inc) -- C:\WINNT\System32\AdobePDF.dll
[2011/06/06 12:55:32 | 000,022,936 | ---- | C] (Adobe Systems Inc.) -- C:\WINNT\System32\AdobePDFUI.dll
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\Documents and Settings\Matt\My Documents\*.tmp files -> C:\Documents and Settings\Matt\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/28 15:30:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/06/28 15:29:41 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\RKUnhookerLE.EXE
[2011/06/28 14:57:00 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/28 14:07:07 | 000,515,608 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/06/28 14:07:07 | 000,099,970 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011/06/28 14:03:10 | 000,000,470 | ---- | M] () -- C:\WINNT\tasks\SDMsgUpdate (TE).job
[2011/06/28 14:02:56 | 000,000,868 | ---- | M] () -- C:\WINNT\tasks\Google Software Updater.job
[2011/06/28 14:02:12 | 000,000,878 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 14:02:03 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/06/27 11:12:14 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/06/25 16:53:02 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/06/22 17:06:27 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Adobe Acrobat X Pro.lnk
[2011/06/21 15:53:16 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Microsoft Office Outlook 2007.lnk
[2011/06/15 15:47:00 | 000,095,867 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Model Info Large.jpg
[2011/06/15 15:45:00 | 000,103,518 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Model Info.jpg
[2011/06/10 14:37:51 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 14:37:51 | 000,000,049 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2011/06/10 13:44:51 | 000,008,113 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Berlynn Bubble Gum.jpg
[2011/06/08 22:02:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/08 21:32:43 | 000,000,405 | ---- | M] () -- C:\WINNT\crackpdf.INI
[2011/06/08 21:25:24 | 076,732,804 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\ATPCF-327-Jamey_Johnson_-_That_Lonesome_Song-07-08-2008.rar
[2011/06/07 18:59:32 | 000,001,911 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Google Earth.lnk
[2011/06/06 20:32:42 | 028,125,116 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Coldwell-Banker-Commercial_2010-Year-End-Report.pdf
[2011/06/06 12:55:34 | 000,047,512 | ---- | M] (Adobe Systems Inc) -- C:\WINNT\System32\AdobePDF.dll
[2011/06/06 12:55:32 | 000,022,936 | ---- | M] (Adobe Systems Inc.) -- C:\WINNT\System32\AdobePDFUI.dll
[2011/05/31 11:34:17 | 000,306,777 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\SingleReport.pdf
[2011/05/31 11:34:01 | 000,592,377 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\TripleReport.pdf
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\Documents and Settings\Matt\My Documents\*.tmp files -> C:\Documents and Settings\Matt\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/28 15:29:48 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\RKUnhookerLE.EXE
[2011/06/15 15:47:00 | 000,095,867 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Model Info Large.jpg
[2011/06/15 15:45:00 | 000,103,518 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Model Info.jpg
[2011/06/10 13:45:13 | 000,008,113 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Berlynn Bubble Gum.jpg
[2011/06/08 22:02:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/08 21:25:24 | 076,732,804 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\ATPCF-327-Jamey_Johnson_-_That_Lonesome_Song-07-08-2008.rar
[2011/06/07 18:59:32 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Google Earth.lnk
[2011/06/06 20:28:25 | 028,125,116 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Coldwell-Banker-Commercial_2010-Year-End-Report.pdf
[2011/05/31 11:34:17 | 000,306,777 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\SingleReport.pdf
[2011/05/31 11:34:01 | 000,592,377 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\TripleReport.pdf
[2011/05/12 13:56:48 | 000,000,042 | ---- | C] () -- C:\WINNT\POINTHelp.INI
[2011/05/04 11:13:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\SMRBackup162.dat
[2011/05/04 10:39:50 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\7lRL0ux1i.dat
[2011/05/04 08:20:27 | 000,000,120 | ---- | C] () -- C:\WINNT\Awera.dat
[2011/05/04 08:20:27 | 000,000,000 | ---- | C] () -- C:\WINNT\Jkubitogolo.bin
[2011/03/26 18:52:55 | 000,503,808 | ---- | C] () -- C:\WINNT\System32\tiff2pdf.dll
[2011/03/09 12:02:46 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2011/02/26 17:20:41 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\KGyGaAvL.sys
[2011/02/26 17:20:41 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\C6FF29E281.sys
[2011/02/23 21:12:47 | 000,000,008 | RHS- | C] () -- C:\WINNT\System32\81E229FFC6.sys
[2010/06/11 10:33:24 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
[2010/05/29 08:34:24 | 000,122,771 | ---- | C] () -- C:\WINNT\hpoins14.dat
[2010/05/29 08:34:24 | 000,001,996 | ---- | C] () -- C:\WINNT\hpomdl14.dat
[2010/05/11 10:28:08 | 000,000,024 | ---- | C] () -- C:\WINNT\popcinfot.dat
[2010/05/11 10:28:08 | 000,000,000 | ---- | C] () -- C:\WINNT\popcreg.dat
[2010/04/21 23:23:27 | 000,072,856 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2010/04/09 19:55:47 | 000,010,752 | ---- | C] () -- C:\WINNT\System32\BASSMOD.dll
[2010/04/09 19:54:49 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\fusioncache.dat
[2010/02/21 19:49:02 | 000,000,000 | ---- | C] () -- C:\WINNT\vpc32.INI
[2009/12/30 20:40:53 | 000,593,920 | ---- | C] () -- C:\WINNT\System32\ati2sgag.exe
[2009/11/09 17:33:26 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2009/11/09 17:33:26 | 000,089,088 | ---- | C] () -- C:\WINNT\MBR.exe
[2009/11/09 17:33:26 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2009/11/09 17:33:25 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2009/11/09 17:33:25 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2009/10/29 09:32:22 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\pool.bin
[2009/05/18 18:47:13 | 000,000,010 | ---- | C] () -- C:\WINNT\WININIT.INI
[2009/05/16 19:24:45 | 000,000,000 | ---- | C] () -- C:\WINNT\ativpsrm.bin
[2009/05/14 19:17:31 | 000,012,576 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\LuUninstall.LiveUpdate
[2009/04/19 20:32:22 | 000,155,745 | ---- | C] () -- C:\WINNT\System32\installservice.exe
[2008/12/10 13:33:36 | 000,002,464 | ---- | C] () -- C:\WINNT\aopr.ini
[2008/12/10 13:26:17 | 000,000,844 | ---- | C] () -- C:\WINNT\avpr.ini
[2008/12/01 13:11:21 | 003,107,788 | ---- | C] () -- C:\WINNT\System32\ativvaxx.dat
[2008/12/01 13:11:21 | 003,107,788 | ---- | C] () -- C:\WINNT\System32\ativva5x.dat
[2008/12/01 13:11:21 | 000,887,724 | ---- | C] () -- C:\WINNT\System32\ativva6x.dat
[2008/10/30 07:45:42 | 000,180,720 | ---- | C] () -- C:\WINNT\System32\atiicdxx.dat
[2008/05/22 11:43:51 | 000,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/05/13 17:12:19 | 000,000,436 | ---- | C] () -- C:\WINNT\dvdtompegconverter.ini
[2008/05/13 17:10:59 | 000,000,001 | ---- | C] () -- C:\WINNT\System32\SysDVDtoMPeg.dat
[2008/04/21 08:52:34 | 000,001,984 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2008/04/03 20:54:38 | 000,242,176 | ---- | C] () -- C:\WINNT\System32\fixflash.exe
[2008/04/03 20:54:37 | 000,129,024 | ---- | C] () -- C:\WINNT\System32\AVERM.dll
[2008/04/03 20:54:37 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\AVEQT.dll
[2008/04/03 20:28:05 | 000,000,067 | ---- | C] () -- C:\WINNT\#1 DVD Ripper.INI
[2008/01/04 14:58:50 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2008/01/04 14:56:24 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll
[2007/05/22 22:15:11 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\13.sys
[2007/03/30 17:54:31 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\QTSBandwidthCache
[2007/01/29 10:41:58 | 000,000,405 | ---- | C] () -- C:\WINNT\crackpdf.INI
[2007/01/19 13:26:34 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\$_hpcst$.hpc
[2007/01/06 20:22:26 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/13 06:36:36 | 001,167,360 | ---- | C] () -- C:\WINNT\System32\acAuth.dll
[2006/06/20 22:53:34 | 000,319,488 | ---- | C] () -- C:\WINNT\System32\AegisI5.exe
[2006/05/04 14:14:27 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\Zlib.dll
[2006/05/04 14:14:23 | 000,041,984 | ---- | C] () -- C:\WINNT\System32\ZFExt.dll
[2006/05/04 14:14:20 | 000,000,026 | ---- | C] () -- C:\WINNT\SYSINF~1.INI
[2006/04/10 19:22:55 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\ScheduledItems
[2006/04/10 19:21:21 | 000,002,620 | -HS- | C] () -- C:\WINNT\System32\KGyGaAvL.sys
[2006/04/10 19:21:21 | 000,000,056 | RHS- | C] () -- C:\WINNT\System32\4994F12BB5.sys
[2006/02/21 13:30:02 | 000,000,058 | ---- | C] () -- C:\WINNT\mchguid.ini
[2006/02/18 15:26:14 | 000,000,000 | ---- | C] () -- C:\WINNT\PNTINFO.INI
[2005/12/30 13:18:26 | 000,180,224 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2005/12/30 13:10:30 | 000,761,856 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2005/12/02 12:45:55 | 000,007,140 | ---- | C] () -- C:\WINNT\System32\drivers\cvintdrv.sys
[2005/12/02 12:45:51 | 000,000,029 | ---- | C] () -- C:\WINNT\cviinst.ini
[2005/08/01 13:13:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\fusioncache.dat
[2005/08/01 13:13:42 | 000,184,320 | ---- | C] () -- C:\WINNT\System32\EmbeddedDX.dll
[2005/08/01 13:13:42 | 000,010,875 | ---- | C] () -- C:\WINNT\ESOA.INI
[2005/08/01 13:13:42 | 000,003,679 | ---- | C] () -- C:\WINNT\GrAddrBk.ini
[2005/08/01 13:13:42 | 000,000,995 | ---- | C] () -- C:\WINNT\GRACE.INI
[2005/08/01 13:13:42 | 000,000,053 | ---- | C] () -- C:\WINNT\PRSRVDLL.INI
[2005/08/01 13:11:34 | 000,001,327 | ---- | C] () -- C:\WINNT\winpoint.ini
[2005/07/25 12:15:54 | 000,000,049 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2005/07/12 11:34:30 | 000,005,632 | R--- | C] () -- C:\WINNT\System32\CNMVSya.DLL
[2005/07/12 11:33:52 | 000,000,356 | R--- | C] () -- C:\WINNT\System32\CNCASv50.ini
[2005/07/12 11:33:41 | 000,000,462 | R--- | C] () -- C:\WINNT\System32\CNCMP50.INI
[2005/06/14 20:43:12 | 000,000,626 | ---- | C] () -- C:\WINNT\ODBC.INI
[2005/06/09 11:14:04 | 000,000,027 | ---- | C] () -- C:\WINNT\GenSet.ini
[2005/06/09 11:13:39 | 000,626,688 | ---- | C] () -- C:\WINNT\System32\GENSYSIE.DLL
[2005/06/09 11:13:37 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\GNS2KZIP.DLL
[2005/06/09 11:13:37 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\GENFON32.DLL
[2005/06/09 11:13:37 | 000,001,327 | ---- | C] () -- C:\WINNT\GOLDCOM.INI
[2005/06/09 11:13:36 | 000,398,336 | ---- | C] () -- C:\WINNT\System32\TX32.DLL
[2005/06/09 11:13:36 | 000,000,151 | ---- | C] () -- C:\WINNT\System32\IC32.INI
[2005/06/09 11:12:52 | 000,225,280 | ---- | C] () -- C:\WINNT\System32\Gn32.dll
[2005/05/30 13:40:28 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2005/05/24 16:36:35 | 000,094,208 | ---- | C] () -- C:\WINNT\System32\NTDisUn.dll
[2005/05/24 16:36:35 | 000,004,404 | ---- | C] () -- C:\WINNT\System32\SIMPLDRV.SYS
[2005/05/24 15:24:28 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2005/05/24 15:16:29 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2005/05/24 14:23:03 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2005/05/24 14:22:08 | 000,022,192 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2005/05/24 07:12:46 | 000,303,354 | ---- | C] () -- C:\WINNT\System32\PerfStringBackup_001.INI
[2005/05/24 06:56:14 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2005/05/24 06:55:22 | 002,205,544 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2001/08/23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[2001/08/23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2001/08/23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2001/08/23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2001/08/23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2001/08/23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2001/08/23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[2001/08/23 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1999/12/07 05:00:00 | 000,515,608 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1999/12/07 05:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/12/07 05:00:00 | 000,099,970 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1999/12/07 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[1999/09/25 03:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

< End of report >


OTL Extras logfile created on: 6/28/2011 3:43:31 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.16% Memory free
7.33 Gb Paging File | 6.75 Gb Available in Paging File | 92.08% Paging File free
Paging file location(s): C:\pagefile.sys 4599 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 56.85 Gb Free Space | 58.22% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 51.22 Gb Free Space | 25.55% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINNT\system32\mmc.exe" = C:\WINNT\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINNT\system32\dpvsetup.exe" = C:\WINNT\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\ACT\ACT for Windows\Act8.exe" = C:\Program Files\ACT\ACT for Windows\Act8.exe:*:Enabled:ACT! 8.x/2006 -- (Sage Software, Inc)
"C:\Program Files\ACT\ACT for Windows\ActSage.exe" = C:\Program Files\ACT\ACT for Windows\ActSage.exe:*:Enabled:ACT! by Sage -- (Sage Software, Inc.)
"C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe" = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe:*:Enabled:Acrobat.exe -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#1 DVD Ripper" = #1 DVD Ripper 7.2.1
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A3445-56FC-47B3-B706-17D599E3B630}" = CalyxLoanBridge11
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1" = AeroSnap 0.61
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{1EF6FE22-477E-4C34-BF09-C2E5A3953D3E}" = Acronis True Image Echo Workstation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{2555F283-A782-4F9F-829F-268A9B0F9CC1}" = POINT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D316CFB-1825-4030-A13A-29D18DC6B177}" = OfficeSharedAddInSetup
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{4669544E-20E4-4E56-8B44-2E6E1200051F}" = Canon MP Toolbox 4.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53952F34-D003-4854-B260-4361F0E323D9}" = LoanAmortizer Enterprise Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{580E3E43-F5EB-41C9-A348-1B7DCF002C2C}" = Dell 5530 Wireless Broadband Package
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Canon MP Drivers
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{715549E5-7FC1-44c7-88FB-9BA1052C57C5}" = XGI Volari-XP5 Display Driver
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7CF7C4D5-D30C-4ABA-A287-369B043087E8}" = Acronis Universal Restore for Acronis True Image Echo Workstation
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel® PROSet/Wireless WiFi Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85BC5C08-E73D-11D2-964D-444553540000}" = Point
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93737301-0D25-4E94-97F0-997815933757}" = interneTIFF 9.0-FREE (IE Browser)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2C82F57-F312-4525-A19C-40E228E09939}" = Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Franēais, Deutsch
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B789FA51-6A71-408F-92DE-EDE4A517B8F6}_is1" = RAR Password Unlocker 3.0
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC467935-A9A5-4D0F-BD89-94F36CDF0524}" = Adobe Stock Photos 1.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D9952F01-1EBB-494B-AD8C-36BCA14B0FC4}" = POINT
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Aarons Advanced Cliker_is1" = Aarons Advanced Cliker Version 3.05
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_d2f336b2c5feeb945c28b7a0a45170f" = Adobe Creative Suite 4 Master Collection
"Advanced GIF Animator_is1" = Advanced GIF Animator 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"Allok Video to FLV Converter_is1" = Allok Video to FLV Converter 4.7.1202
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Bejeweled Blitz" = Bejeweled Blitz
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"BSPlayerp" = BS.Player PRO
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CoffeeCup Flash Form Builder - Registered" = CoffeeCup Flash Form Builder - Registered
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"DVD Shrink_is1" = DVD Shrink 3.1.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"FileZilla Client" = FileZilla Client 3.0.9.3
"Genesis 2000" = Genesis 2000
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Loan Tracker_is1" = Loan Tracker
"Lotto Hat v3.5_is1" = Lotto Hat v3.5
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"mIRC" = mIRC
"MobilityDotNET" = DH Mobility Modder.NET
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NTFS4DOS" = NTFS4DOS
"PDF Password Cracker Pro v2.0_is1" = PDF Password Cracker Pro v2.0
"PIXresizer_is1" = PIXresizer 2.0.4
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"ResumeMaker" = ResumeMaker
"Smart PDF Creator Pro_is1" = Smart PDF Creator Pro 6.1.0.426
"SmartDraw VP" = SmartDraw VP
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Tutor System 3.0" = Virtual Tutor System 3.0
"VLC media player" = VLC media player 1.0.5
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebFormDesigner" = WebFormDesigner
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WINForms® Desktop" = WINForms® Desktop
"WinRAR archiver" = WinRAR archiver
"Wondershare Flash Gallery Factory Deluxe_is1" = Wondershare Flash Gallery Factory Deluxe 5.0.2
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YouTube FLV to AVI Suite Enterprise_is1" = YouTube FLV to AVI Suite Enterprise 2.3.9
"zipForm6" = zipForm6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2011 12:08:46 AM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/22/2011 11:30:58 AM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/22/2011 6:58:28 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/22/2011 8:32:07 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/25/2011 1:13:10 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/25/2011 5:44:09 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/27/2011 2:12:51 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/27/2011 10:41:01 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/28/2011 11:52:35 AM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/28/2011 5:02:33 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

[ OSession Events ]
Error - 1/20/2010 4:50:52 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/22/2010 11:52:03 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/27/2011 10:41:34 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service
to connect.

Error - 6/27/2011 10:41:34 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 6/27/2011 10:41:34 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus Definition Watcher service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/28/2011 11:52:07 AM | Computer Name = LAPTOP | Source = NIC1394 | ID = 5002
Description = 1394 Net Adapter #2 : Has determined that the adapter is not functioning
properly.

Error - 6/28/2011 11:53:07 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service
to connect.

Error - 6/28/2011 11:53:07 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 6/28/2011 5:02:11 PM | Computer Name = LAPTOP | Source = NIC1394 | ID = 5002
Description = 1394 Net Adapter #2 : Has determined that the adapter is not functioning
properly.

Error - 6/28/2011 5:03:07 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service
to connect.

Error - 6/28/2011 5:03:07 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 6/28/2011 5:03:07 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus Definition Watcher service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

#8 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 28 June 2011 - 07:40 PM

Also for reference, the TDL4 that was infected and removed with tdskiller was on the 4th of May and that is what my antivirus definitions are stuck on. It will update the definitions but not the date?

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:59 AM

Posted 29 June 2011 - 09:02 AM

Hi!

Also for reference, the TDL4 that was infected and removed with tdskiller was on the 4th of May and that is what my antivirus definitions are stuck on. It will update the definitions but not the date?

Okay. Something still is looking wacky.

Lets see what these scans turn up:

Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [RegServer] File not found
    O4 - HKLM..\Run: [Trirot] File not found
    O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: rapmls.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: rapmls.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: shortsalebirddogs.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
    [2011/05/04 10:39:50 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\7lRL0ux1i.dat
    [2011/05/04 08:20:27 | 000,000,120 | ---- | C] () -- C:\WINNT\Awera.dat
    [2011/05/04 08:20:27 | 000,000,000 | ---- | C] () -- C:\WINNT\Jkubitogolo.bin
    [2007/05/22 22:15:11 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\13.sys
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 29 June 2011 - 12:45 PM

2011/06/29 10:43:02.0218 2860 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 10:43:02.0796 2860 ================================================================================
2011/06/29 10:43:02.0796 2860 SystemInfo:
2011/06/29 10:43:02.0796 2860
2011/06/29 10:43:02.0796 2860 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/29 10:43:02.0796 2860 Product type: Workstation
2011/06/29 10:43:02.0796 2860 ComputerName: LAPTOP
2011/06/29 10:43:02.0796 2860 UserName: Matt
2011/06/29 10:43:02.0796 2860 Windows directory: C:\WINNT
2011/06/29 10:43:02.0796 2860 System windows directory: C:\WINNT
2011/06/29 10:43:02.0796 2860 Processor architecture: Intel x86
2011/06/29 10:43:02.0796 2860 Number of processors: 2
2011/06/29 10:43:02.0796 2860 Page size: 0x1000
2011/06/29 10:43:02.0796 2860 Boot type: Normal boot
2011/06/29 10:43:02.0796 2860 ================================================================================
2011/06/29 10:43:04.0203 2860 Initialize success
2011/06/29 10:43:07.0500 1112 ================================================================================
2011/06/29 10:43:07.0500 1112 Scan started
2011/06/29 10:43:07.0500 1112 Mode: Manual;
2011/06/29 10:43:07.0500 1112 ================================================================================
2011/06/29 10:43:09.0421 1112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINNT\system32\drivers\ACPI.sys
2011/06/29 10:43:09.0484 1112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINNT\system32\DRIVERS\ACPIEC.sys
2011/06/29 10:43:09.0640 1112 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINNT\system32\drivers\adfs.sys
2011/06/29 10:43:09.0781 1112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINNT\system32\drivers\aec.sys
2011/06/29 10:43:10.0218 1112 AESTAud (fde8ed2c9280afb8975894aa78eef59f) C:\WINNT\system32\drivers\AESTAud.sys
2011/06/29 10:43:10.0390 1112 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINNT\System32\drivers\afd.sys
2011/06/29 10:43:10.0437 1112 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINNT\system32\DRIVERS\agp440.sys
2011/06/29 10:43:10.0718 1112 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINNT\system32\DRIVERS\Apfiltr.sys
2011/06/29 10:43:10.0781 1112 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINNT\system32\DRIVERS\arp1394.sys
2011/06/29 10:43:10.0921 1112 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINNT\system32\drivers\aspi32.sys
2011/06/29 10:43:10.0953 1112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINNT\system32\DRIVERS\asyncmac.sys
2011/06/29 10:43:11.0000 1112 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINNT\system32\drivers\atapi.sys
2011/06/29 10:43:11.0156 1112 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINNT\system32\DRIVERS\ati2mtag.sys
2011/06/29 10:43:11.0265 1112 AtiHdmiService (1e82f05cff41316bcaa513909d99a004) C:\WINNT\system32\drivers\AtiHdmi.sys
2011/06/29 10:43:11.0296 1112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINNT\system32\DRIVERS\atmarpc.sys
2011/06/29 10:43:11.0359 1112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINNT\system32\DRIVERS\audstub.sys
2011/06/29 10:43:11.0390 1112 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) C:\WINNT\system32\AWINDIS5.SYS
2011/06/29 10:43:11.0437 1112 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINNT\system32\DRIVERS\bcm4sbxp.sys
2011/06/29 10:43:11.0500 1112 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINNT\system32\DRIVERS\BCMSM.sys
2011/06/29 10:43:11.0578 1112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINNT\system32\drivers\Beep.sys
2011/06/29 10:43:11.0656 1112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINNT\system32\drivers\cbidf2k.sys
2011/06/29 10:43:11.0687 1112 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINNT\system32\DRIVERS\CCDECODE.sys
2011/06/29 10:43:11.0765 1112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINNT\system32\drivers\Cdaudio.sys
2011/06/29 10:43:11.0781 1112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINNT\system32\drivers\Cdfs.sys
2011/06/29 10:43:11.0812 1112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINNT\system32\DRIVERS\cdrom.sys
2011/06/29 10:43:11.0859 1112 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINNT\system32\DRIVERS\CmBatt.sys
2011/06/29 10:43:11.0921 1112 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINNT\system32\DRIVERS\compbatt.sys
2011/06/29 10:43:12.0046 1112 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\WINNT\system32\drivers\cvintdrv.sys
2011/06/29 10:43:12.0109 1112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINNT\system32\DRIVERS\disk.sys
2011/06/29 10:43:12.0171 1112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINNT\system32\drivers\dmboot.sys
2011/06/29 10:43:12.0203 1112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINNT\system32\DRIVERS\dmio.sys
2011/06/29 10:43:12.0234 1112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINNT\system32\drivers\dmload.sys
2011/06/29 10:43:12.0265 1112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINNT\system32\drivers\DMusic.sys
2011/06/29 10:43:12.0312 1112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINNT\system32\drivers\drmkaud.sys
2011/06/29 10:43:12.0421 1112 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/29 10:43:12.0453 1112 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/29 10:43:12.0515 1112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINNT\system32\drivers\Fastfat.sys
2011/06/29 10:43:12.0578 1112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINNT\system32\drivers\Fdc.sys
2011/06/29 10:43:12.0609 1112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINNT\system32\drivers\Fips.sys
2011/06/29 10:43:12.0687 1112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINNT\system32\drivers\Flpydisk.sys
2011/06/29 10:43:12.0718 1112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINNT\system32\drivers\fltmgr.sys
2011/06/29 10:43:12.0750 1112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINNT\system32\drivers\Fs_Rec.sys
2011/06/29 10:43:12.0781 1112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINNT\system32\DRIVERS\ftdisk.sys
2011/06/29 10:43:12.0843 1112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINNT\system32\Drivers\GEARAspiWDM.sys
2011/06/29 10:43:12.0859 1112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINNT\system32\DRIVERS\msgpc.sys
2011/06/29 10:43:12.0921 1112 hcdriver (6c03302056548ce712ee085663824810) C:\WINNT\system32\Drivers\hcdriver.sys
2011/06/29 10:43:12.0984 1112 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINNT\system32\drivers\AtiHdAud.sys
2011/06/29 10:43:13.0015 1112 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINNT\system32\DRIVERS\HDAudBus.sys
2011/06/29 10:43:13.0046 1112 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINNT\system32\DRIVERS\hidusb.sys
2011/06/29 10:43:13.0125 1112 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINNT\system32\DRIVERS\HPZid412.sys
2011/06/29 10:43:13.0156 1112 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINNT\system32\DRIVERS\HPZipr12.sys
2011/06/29 10:43:13.0218 1112 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINNT\system32\DRIVERS\HPZius12.sys
2011/06/29 10:43:13.0281 1112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINNT\system32\Drivers\HTTP.sys
2011/06/29 10:43:13.0328 1112 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINNT\system32\DRIVERS\i8042prt.sys
2011/06/29 10:43:13.0375 1112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINNT\system32\DRIVERS\imapi.sys
2011/06/29 10:43:13.0453 1112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINNT\system32\DRIVERS\intelppm.sys
2011/06/29 10:43:13.0468 1112 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINNT\system32\drivers\ip6fw.sys
2011/06/29 10:43:13.0500 1112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINNT\system32\DRIVERS\ipfltdrv.sys
2011/06/29 10:43:13.0531 1112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINNT\system32\DRIVERS\ipinip.sys
2011/06/29 10:43:13.0578 1112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINNT\system32\DRIVERS\ipnat.sys
2011/06/29 10:43:13.0593 1112 IPSEC (23c74d75e36e7158768dd63d92789a91) C:\WINNT\system32\DRIVERS\ipsec.sys
2011/06/29 10:43:13.0625 1112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINNT\system32\DRIVERS\irenum.sys
2011/06/29 10:43:13.0656 1112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINNT\system32\DRIVERS\isapnp.sys
2011/06/29 10:43:13.0687 1112 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\WINNT\system32\DRIVERS\itecir.sys
2011/06/29 10:43:13.0781 1112 k57w2k (447db1ac2aeb1ea9263130890929a98e) C:\WINNT\system32\DRIVERS\k57xp32.sys
2011/06/29 10:43:13.0796 1112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINNT\system32\DRIVERS\kbdclass.sys
2011/06/29 10:43:13.0843 1112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINNT\system32\drivers\kmixer.sys
2011/06/29 10:43:13.0875 1112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINNT\system32\drivers\KSecDD.sys
2011/06/29 10:43:13.0968 1112 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINNT\system32\DRIVERS\mcdbus.sys
2011/06/29 10:43:14.0031 1112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINNT\system32\drivers\mnmdd.sys
2011/06/29 10:43:14.0046 1112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINNT\system32\drivers\Modem.sys
2011/06/29 10:43:14.0062 1112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINNT\system32\DRIVERS\mouclass.sys
2011/06/29 10:43:14.0109 1112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINNT\system32\DRIVERS\mouhid.sys
2011/06/29 10:43:14.0125 1112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINNT\system32\drivers\MountMgr.sys
2011/06/29 10:43:14.0265 1112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINNT\system32\DRIVERS\mrxdav.sys
2011/06/29 10:43:14.0296 1112 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINNT\system32\DRIVERS\mrxsmb.sys
2011/06/29 10:43:14.0328 1112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINNT\system32\drivers\Msfs.sys
2011/06/29 10:43:14.0359 1112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINNT\system32\drivers\MSKSSRV.sys
2011/06/29 10:43:14.0390 1112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINNT\system32\drivers\MSPCLOCK.sys
2011/06/29 10:43:14.0421 1112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINNT\system32\drivers\MSPQM.sys
2011/06/29 10:43:14.0453 1112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINNT\system32\DRIVERS\mssmbios.sys
2011/06/29 10:43:14.0500 1112 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINNT\system32\drivers\MSTEE.sys
2011/06/29 10:43:14.0531 1112 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINNT\system32\drivers\Mup.sys
2011/06/29 10:43:14.0578 1112 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINNT\system32\DRIVERS\NABTSFEC.sys
2011/06/29 10:43:14.0671 1112 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110504.002\naveng.sys
2011/06/29 10:43:14.0750 1112 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110504.002\navex15.sys
2011/06/29 10:43:14.0796 1112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINNT\system32\drivers\NDIS.sys
2011/06/29 10:43:14.0859 1112 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINNT\system32\DRIVERS\NdisIP.sys
2011/06/29 10:43:14.0890 1112 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINNT\system32\DRIVERS\ndistapi.sys
2011/06/29 10:43:14.0937 1112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINNT\system32\DRIVERS\ndisuio.sys
2011/06/29 10:43:14.0984 1112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINNT\system32\DRIVERS\ndiswan.sys
2011/06/29 10:43:15.0046 1112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINNT\system32\drivers\NDProxy.sys
2011/06/29 10:43:15.0062 1112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINNT\system32\DRIVERS\netbios.sys
2011/06/29 10:43:15.0093 1112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINNT\system32\DRIVERS\netbt.sys
2011/06/29 10:43:15.0265 1112 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINNT\system32\DRIVERS\NETw5x32.sys
2011/06/29 10:43:15.0375 1112 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINNT\system32\DRIVERS\nic1394.sys
2011/06/29 10:43:15.0406 1112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINNT\system32\drivers\Npfs.sys
2011/06/29 10:43:15.0468 1112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINNT\system32\drivers\Ntfs.sys
2011/06/29 10:43:15.0546 1112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINNT\system32\drivers\Null.sys
2011/06/29 10:43:15.0578 1112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINNT\system32\DRIVERS\nwlnkflt.sys
2011/06/29 10:43:15.0609 1112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
2011/06/29 10:43:15.0671 1112 OA001Ufd (9f4a5990f326f91f4d2fcdd869b15ff4) C:\WINNT\system32\DRIVERS\OA001Ufd.sys
2011/06/29 10:43:15.0734 1112 OA001Vid (fc893946db8c49d0a1504373dd491b65) C:\WINNT\system32\DRIVERS\OA001Vid.sys
2011/06/29 10:43:15.0765 1112 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINNT\system32\DRIVERS\ohci1394.sys
2011/06/29 10:43:15.0828 1112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINNT\system32\drivers\Parport.sys
2011/06/29 10:43:15.0859 1112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINNT\system32\drivers\PartMgr.sys
2011/06/29 10:43:15.0890 1112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINNT\system32\drivers\ParVdm.sys
2011/06/29 10:43:15.0906 1112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINNT\system32\DRIVERS\pci.sys
2011/06/29 10:43:15.0984 1112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINNT\system32\DRIVERS\pciide.sys
2011/06/29 10:43:16.0000 1112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINNT\system32\DRIVERS\pcmcia.sys
2011/06/29 10:43:16.0156 1112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINNT\system32\DRIVERS\raspptp.sys
2011/06/29 10:43:16.0203 1112 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINNT\system32\drivers\PQNTDrv.sys
2011/06/29 10:43:16.0218 1112 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINNT\system32\DRIVERS\processr.sys
2011/06/29 10:43:16.0234 1112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINNT\system32\DRIVERS\ptilink.sys
2011/06/29 10:43:16.0281 1112 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINNT\system32\Drivers\PxHelp20.sys
2011/06/29 10:43:16.0421 1112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINNT\system32\DRIVERS\rasacd.sys
2011/06/29 10:43:16.0437 1112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINNT\system32\DRIVERS\rasl2tp.sys
2011/06/29 10:43:16.0468 1112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINNT\system32\DRIVERS\raspppoe.sys
2011/06/29 10:43:16.0484 1112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINNT\system32\DRIVERS\raspti.sys
2011/06/29 10:43:16.0515 1112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINNT\system32\DRIVERS\rdbss.sys
2011/06/29 10:43:16.0531 1112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINNT\system32\DRIVERS\RDPCDD.sys
2011/06/29 10:43:16.0546 1112 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINNT\system32\DRIVERS\rdpdr.sys
2011/06/29 10:43:16.0593 1112 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINNT\system32\drivers\RDPWD.sys
2011/06/29 10:43:16.0625 1112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINNT\system32\DRIVERS\redbook.sys
2011/06/29 10:43:16.0687 1112 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINNT\system32\DRIVERS\rimmptsk.sys
2011/06/29 10:43:16.0734 1112 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINNT\system32\DRIVERS\rimsptsk.sys
2011/06/29 10:43:16.0765 1112 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINNT\system32\Drivers\RimUsb.sys
2011/06/29 10:43:16.0812 1112 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINNT\system32\DRIVERS\RimSerial.sys
2011/06/29 10:43:16.0875 1112 risdptsk (ace2ce73d7b04eac48fb80482e05e770) C:\WINNT\system32\DRIVERS\risdptsk.sys
2011/06/29 10:43:16.0890 1112 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINNT\system32\DRIVERS\rixdptsk.sys
2011/06/29 10:43:16.0921 1112 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINNT\system32\Drivers\RootMdm.sys
2011/06/29 10:43:17.0000 1112 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINNT\system32\DRIVERS\s24trans.sys
2011/06/29 10:43:17.0093 1112 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/06/29 10:43:17.0109 1112 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/06/29 10:43:17.0171 1112 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINNT\system32\DRIVERS\sdbus.sys
2011/06/29 10:43:17.0234 1112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINNT\system32\DRIVERS\secdrv.sys
2011/06/29 10:43:17.0281 1112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINNT\system32\drivers\Serial.sys
2011/06/29 10:43:17.0312 1112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINNT\system32\drivers\Sfloppy.sys
2011/06/29 10:43:17.0359 1112 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINNT\system32\DRIVERS\SLIP.sys
2011/06/29 10:43:17.0421 1112 snapman (fc57e414748cf169604d0585c26ee097) C:\WINNT\system32\DRIVERS\snapman.sys
2011/06/29 10:43:17.0500 1112 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/06/29 10:43:17.0515 1112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINNT\system32\drivers\splitter.sys
2011/06/29 10:43:17.0562 1112 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINNT\System32\Drivers\sptd.sys
2011/06/29 10:43:17.0609 1112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINNT\system32\DRIVERS\sr.sys
2011/06/29 10:43:17.0656 1112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINNT\system32\DRIVERS\srv.sys
2011/06/29 10:43:17.0703 1112 STAC97 (cdbe7738df54d9e869ac32d8cd3dbf47) C:\WINNT\system32\drivers\stac97.sys
2011/06/29 10:43:17.0765 1112 STHDA (a6bb841c40aaa1dc692484bd3912a961) C:\WINNT\system32\drivers\sthda.sys
2011/06/29 10:43:17.0812 1112 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINNT\system32\DRIVERS\StreamIP.sys
2011/06/29 10:43:17.0875 1112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINNT\system32\DRIVERS\swenum.sys
2011/06/29 10:43:17.0906 1112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINNT\system32\drivers\swmidi.sys
2011/06/29 10:43:17.0968 1112 SymEvent (49b20b430a4f219173f823536944474a) C:\WINNT\system32\Drivers\SYMEVENT.SYS
2011/06/29 10:43:18.0015 1112 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINNT\System32\Drivers\SYMREDRV.SYS
2011/06/29 10:43:18.0046 1112 symsnap (66918794b1701990be8510565fbd4bc4) C:\WINNT\system32\DRIVERS\symsnap.sys
2011/06/29 10:43:18.0078 1112 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINNT\System32\Drivers\SYMTDI.SYS
2011/06/29 10:43:18.0125 1112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINNT\system32\drivers\sysaudio.sys
2011/06/29 10:43:18.0171 1112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINNT\system32\DRIVERS\tcpip.sys
2011/06/29 10:43:18.0187 1112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINNT\system32\drivers\TDPIPE.sys
2011/06/29 10:43:18.0203 1112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINNT\system32\drivers\TDTCP.sys
2011/06/29 10:43:18.0250 1112 TermDD (88155247177638048422893737429d9e) C:\WINNT\system32\DRIVERS\termdd.sys
2011/06/29 10:43:18.0281 1112 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINNT\system32\DRIVERS\tifsfilt.sys
2011/06/29 10:43:18.0312 1112 timounter (394fc70b88b7958fa85798bbc76d140a) C:\WINNT\system32\DRIVERS\timntr.sys
2011/06/29 10:43:18.0453 1112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINNT\system32\drivers\Udfs.sys
2011/06/29 10:43:18.0718 1112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINNT\system32\DRIVERS\update.sys
2011/06/29 10:43:18.0781 1112 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINNT\system32\Drivers\usbaapl.sys
2011/06/29 10:43:18.0843 1112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINNT\system32\DRIVERS\usbccgp.sys
2011/06/29 10:43:18.0859 1112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINNT\system32\DRIVERS\usbehci.sys
2011/06/29 10:43:18.0906 1112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINNT\system32\DRIVERS\usbhub.sys
2011/06/29 10:43:18.0968 1112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINNT\system32\DRIVERS\usbprint.sys
2011/06/29 10:43:19.0015 1112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINNT\system32\DRIVERS\usbscan.sys
2011/06/29 10:43:19.0078 1112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINNT\system32\DRIVERS\USBSTOR.SYS
2011/06/29 10:43:19.0125 1112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINNT\system32\DRIVERS\usbuhci.sys
2011/06/29 10:43:19.0171 1112 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINNT\system32\Drivers\usbvideo.sys
2011/06/29 10:43:19.0218 1112 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINNT\system32\DRIVERS\usb8023x.sys
2011/06/29 10:43:19.0296 1112 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINNT\system32\DRIVERS\v2imount.sys
2011/06/29 10:43:19.0312 1112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINNT\System32\drivers\vga.sys
2011/06/29 10:43:19.0375 1112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINNT\system32\drivers\VolSnap.sys
2011/06/29 10:43:19.0437 1112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINNT\system32\DRIVERS\wanarp.sys
2011/06/29 10:43:19.0484 1112 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINNT\system32\DRIVERS\wceusbsh.sys
2011/06/29 10:43:19.0562 1112 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINNT\system32\DRIVERS\Wdf01000.sys
2011/06/29 10:43:19.0609 1112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINNT\system32\drivers\wdmaud.sys
2011/06/29 10:43:19.0671 1112 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINNT\system32\DRIVERS\wmiacpi.sys
2011/06/29 10:43:19.0718 1112 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINNT\system32\Drivers\wpdusb.sys
2011/06/29 10:43:19.0765 1112 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINNT\system32\DRIVERS\WSTCODEC.SYS
2011/06/29 10:43:19.0828 1112 Xgiv3 (ff53e9b88e79514c277d03bd2931b0dd) C:\WINNT\system32\DRIVERS\Xgiv3m.sys
2011/06/29 10:43:19.0921 1112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/29 10:43:20.0015 1112 Boot (0x1200) (fac570e23b366ad6847e8b6396c57be3) \Device\Harddisk0\DR0\Partition0
2011/06/29 10:43:20.0062 1112 Boot (0x1200) (31ce53fcd7b6a5e523f4cd539641daba) \Device\Harddisk0\DR0\Partition1
2011/06/29 10:43:20.0062 1112 ================================================================================
2011/06/29 10:43:20.0062 1112 Scan finished
2011/06/29 10:43:20.0062 1112 ================================================================================
2011/06/29 10:43:20.0093 1956 Detected object count: 0
2011/06/29 10:43:20.0093 1956 Actual detected object count: 0

TDSKILLER still not finding anything new? I will copy and paste the script for OTL next.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:59 AM

Posted 29 June 2011 - 03:21 PM

Okay. Then after running the OTL script proceed with the ComboFix scan.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 29 June 2011 - 03:41 PM

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegServer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Trirot deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rapmls.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rapmls.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shortsalebirddogs.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINNT\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\All Users.WINNT\Application Data\7lRL0ux1i.dat moved successfully.
C:\WINNT\Awera.dat moved successfully.
C:\WINNT\Jkubitogolo.bin moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\13.sys moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.24.1 log created on 06292011_133539

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#13 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 29 June 2011 - 03:43 PM

Running ComboFix and will post logs

#14 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 29 June 2011 - 04:02 PM

ComboFix 11-06-29.06 - Matt 06/29/2011 13:47:38.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2458 [GMT -7:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
<pre>
c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl .exe --->c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray .exe --->c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
.
.
2011-06-29 20:35 . 2011-06-29 20:35 -------- d-----w- C:\_OTL
2011-06-09 04:33 . 2011-06-09 04:50 -------- d-----w- c:\program files\RAR Password Unlocker
2011-06-06 19:55 . 2011-06-06 19:55 47512 ----a-w- c:\winnt\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 22936 ----a-w- c:\winnt\system32\AdobePDFUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 19:46 . 2005-08-11 22:14 11848 ----a-w- c:\winnt\system32\Fxxplfnt.tmp
2011-05-29 16:11 . 2008-09-04 20:45 39984 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2008-09-04 20:45 22712 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-05-17 17:17 . 2011-05-17 17:17 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\winnt\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\winnt\system32\dns-sd.exe
2001-09-29 00:00 . 2008-05-22 18:43 164864 ----a-w- c:\program files\UNWISE.EXE
.
<pre>
c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM  .exe
c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\Intel\WiFi\bin\ZCfgSvc .exe
c:\program files\Microsoft ActiveSync\wcescomm  .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Symantec AntiVirus\VPTray .exe
c:\winnt\system32\regserve .exe
c:\winnt\system32\Trirot .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot_2011-05-05_20.43.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-06 00:40 . 2011-03-26 01:49 49544 c:\winnt\system32\spool\drivers\w32x86\SmartSoft PDF Printer UI.dll
+ 2011-05-06 00:40 . 2011-03-26 01:49 39304 c:\winnt\system32\spool\drivers\w32x86\SmartSoft PDF Printer Driver.dll
+ 2011-05-06 00:40 . 2011-03-26 01:49 49544 c:\winnt\system32\spool\drivers\w32x86\3\SmartSoft PDF Printer UI.dll
+ 2011-05-06 00:40 . 2011-03-26 01:49 39304 c:\winnt\system32\spool\drivers\w32x86\3\SmartSoft PDF Printer Driver.dll
+ 2009-08-05 03:53 . 2011-06-06 19:55 34704 c:\winnt\system32\spool\drivers\w32x86\3\ADREGP.DLL
- 2009-08-05 03:53 . 2010-10-25 23:13 22936 c:\winnt\system32\spool\drivers\w32x86\3\AdobePDFUI.dll
+ 2009-08-05 03:53 . 2011-06-06 19:55 22936 c:\winnt\system32\spool\drivers\w32x86\3\AdobePDFUI.dll
+ 2009-08-05 03:53 . 2011-06-06 19:55 47512 c:\winnt\system32\spool\drivers\w32x86\3\AdobePdf.dll
- 2009-08-05 03:53 . 2010-10-25 23:13 47512 c:\winnt\system32\spool\drivers\w32x86\3\AdobePdf.dll
- 1999-12-07 12:00 . 2011-05-05 20:44 99970 c:\winnt\system32\perfc009.dat
+ 1999-12-07 12:00 . 2011-06-29 20:42 99970 c:\winnt\system32\perfc009.dat
+ 2011-05-20 04:24 . 2011-02-18 23:36 41984 c:\winnt\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaapl.sys
+ 2011-05-20 04:24 . 2010-04-20 02:29 18432 c:\winnt\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\netaapl.sys
+ 2011-06-07 20:53 . 2011-06-07 20:53 21504 c:\winnt\Installer\ba112.msi
+ 2011-06-08 01:59 . 2011-06-08 01:59 65536 c:\winnt\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-06-08 01:59 . 2011-06-08 01:59 65536 c:\winnt\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-08 01:59 . 2011-06-08 01:59 65536 c:\winnt\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-08 01:59 . 2011-06-08 01:59 65536 c:\winnt\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-06-08 01:59 . 2011-06-08 01:59 65536 c:\winnt\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-08 01:59 . 2011-06-08 01:59 65536 c:\winnt\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-06-08 01:59 . 2011-06-08 01:59 65536 c:\winnt\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2010-10-25 22:13 . 2010-10-25 22:13 28568 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\FileDlgExt.dll
- 2008-04-21 15:52 . 2011-05-05 20:10 1984 c:\winnt\system32\d3d9caps.dat
+ 2008-04-21 15:52 . 2011-05-05 22:46 1984 c:\winnt\system32\d3d9caps.dat
+ 2011-05-12 21:03 . 2011-05-12 21:03 7680 c:\winnt\assembly\NativeImages1_v1.1.4322\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a_e2fd968e\Microsoft.VisualC.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 626688 c:\winnt\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 856576 c:\winnt\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 10:51 . 2008-07-29 10:51 245760 c:\winnt\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
- 2005-08-01 20:13 . 2004-10-01 19:16 191516 c:\winnt\system32\spool\drivers\w32x86\acpdfui210.dll
+ 2005-08-01 20:13 . 2004-10-01 18:16 191516 c:\winnt\system32\spool\drivers\w32x86\acpdfui210.dll
+ 2005-08-01 20:13 . 2004-10-01 18:16 163789 c:\winnt\system32\spool\drivers\w32x86\acpdf210.dll
- 2005-08-01 20:13 . 2004-10-01 19:16 163789 c:\winnt\system32\spool\drivers\w32x86\acpdf210.dll
- 2009-08-05 03:53 . 2010-10-25 23:13 446864 c:\winnt\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2009-08-05 03:53 . 2011-06-06 19:55 446864 c:\winnt\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 1999-12-07 12:00 . 2011-06-29 20:42 515608 c:\winnt\system32\perfh009.dat
- 1999-12-07 12:00 . 2011-05-05 20:44 515608 c:\winnt\system32\perfh009.dat
+ 2011-05-17 17:17 . 2011-05-17 17:17 240288 c:\winnt\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
+ 2011-05-17 17:17 . 2011-05-17 17:17 321184 c:\winnt\system32\Macromed\Flash\FlashUtil10q_ActiveX.dll
+ 2011-05-12 21:03 . 2011-05-12 21:03 167424 c:\winnt\Installer\efa155.msi
+ 2011-05-12 21:03 . 2011-05-12 21:03 157184 c:\winnt\Installer\efa14f.msi
+ 2011-05-06 00:40 . 2011-05-06 00:40 123904 c:\winnt\Installer\8a577.msi
+ 2011-05-20 04:20 . 2011-05-20 04:20 811520 c:\winnt\Installer\2b93829.msi
+ 2011-05-20 04:43 . 2011-05-20 04:43 380928 c:\winnt\Installer\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}\iTunesIco.exe
+ 2011-03-18 19:38 . 2011-06-23 00:06 335872 c:\winnt\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
- 2011-03-18 19:38 . 2011-05-04 19:45 335872 c:\winnt\Installer\{AC76BA86-1033-F400-7760-000000000005}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2010-10-25 22:13 . 2010-10-25 22:13 249232 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\sqlite.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 108864 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\spal.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 905536 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\solidcore.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 133440 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\solid_wxbase_xml.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 404800 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\securepdfsdk.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 147776 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\scpdfbridge.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 319808 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\pdfmeta.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 435520 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ocr.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 858944 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\imagetool.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 143168 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\dbcore.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 170816 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\convertercorelight.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 222920 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\ahclient.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 226200 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\adobeafp.dll
+ 2011-05-12 21:03 . 2011-05-12 21:03 843776 c:\winnt\assembly\NativeImages1_v1.1.4322\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a_356bc460\System.Web.Services.dll
+ 2011-05-12 21:03 . 2011-05-12 21:03 192512 c:\winnt\assembly\NativeImages1_v1.1.4322\PointReport\1.0.2063.17278__0ca8877e5830dba7_e0e303b3\PointReport.exe
+ 2011-05-12 21:03 . 2011-05-12 21:03 847872 c:\winnt\assembly\NativeImages1_v1.1.4322\C1.Win.C1FlexGrid\2.5.20051.200__c9c7ad9c0a5706c9_fc31c801\C1.Win.C1FlexGrid.dll
+ 2011-05-12 21:03 . 2011-05-12 21:03 847872 c:\winnt\assembly\NativeImages1_v1.1.4322\C1.Win.C1FlexGrid\2.5.20051.200__c9c7ad9c0a5706c9_8b159710\C1.Win.C1FlexGrid.dll
+ 2011-05-12 21:03 . 2011-05-12 21:03 147456 c:\winnt\assembly\NativeImages1_v1.1.4322\C1.Common\1.0.20031.116__e272bb32d11b1948_508a64b2\C1.Common.dll
+ 2011-05-20 04:24 . 2011-02-18 23:36 4184352 c:\winnt\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaaplrc.dll
+ 2011-05-20 04:24 . 2010-04-20 02:29 1461992 c:\winnt\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\wdfcoinstaller01009.dll
+ 2011-05-20 04:43 . 2011-05-20 04:43 6523904 c:\winnt\Installer\2b94321.msi
+ 2011-05-20 04:31 . 2011-05-20 04:31 9472000 c:\winnt\Installer\2b93b23.msi
+ 2011-05-20 04:25 . 2011-05-20 04:25 3085312 c:\winnt\Installer\2b9386e.msi
+ 2011-05-20 04:23 . 2011-05-20 04:23 1984000 c:\winnt\Installer\2b93867.msi
+ 2011-06-08 01:59 . 2011-06-08 01:59 1529344 c:\winnt\Installer\122b4c8.msi
+ 2010-10-25 22:13 . 2010-10-25 22:13 1876288 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\solid_wxbase.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 1054096 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\pdfport.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 2033040 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PDFMLotus_Lcppn30.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 6445376 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\pdflibtool.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 5002632 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\MPS.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 6654360 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\AdobePDFL.dll
+ 2011-05-12 21:03 . 2011-05-12 21:03 2072576 c:\winnt\assembly\NativeImages1_v1.1.4322\System.Data\1.0.5000.0__b77a5c561934e089_0bdcef46\System.Data.dll
+ 2011-05-12 21:03 . 2011-05-12 21:03 1073152 c:\winnt\assembly\NativeImages1_v1.1.4322\C1.Win.C1Report\2.5.20051.166__c9c7ad9c0a5706c9_8caec8cd\C1.Win.C1Report.dll
+ 2011-05-12 21:03 . 2011-05-12 21:03 1163264 c:\winnt\assembly\NativeImages1_v1.1.4322\C1.Win.C1Command\1.0.20051.103__e808566f358766d8_6cd6300b\C1.Win.C1Command.dll
+ 2010-10-25 22:13 . 2010-10-25 22:13 51284384 c:\winnt\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\PreflightLib.dll
+ 2011-05-12 21:03 . 2011-05-12 21:03 34226176 c:\winnt\assembly\NativeImages1_v1.1.4322\Winpoint\5.1.2160.24016__0ca8877e5830dba7_4f178466\Winpoint.exe
+ 2011-06-07 00:04 . 2011-06-07 00:04 111505408 c:\winnt\Installer\3af8e7.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"AESTFltr"="c:\winnt\system32\AESTFltr.exe" [2008-07-11 466944]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-21 442460]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe" [2011-03-26 50568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\winnt\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-02-23 03:41 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-02-23 03:43 884696 ----a-w- c:\program files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2008-08-01 05:05 393216 ----a-w- c:\program files\ACT\ACT for Windows\ActSage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2008-08-01 05:04 28672 ----a-w- c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACT_APL]
c:\program files\ACT\ACT for Windows\ACT_APL.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2008-07-11 19:15 466944 ----a-w- c:\winnt\system32\AESTFltr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-08-28 05:20 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 11:59 122880 ----a-w- c:\winnt\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 06:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ------w- c:\winnt\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
c:\program files\Microsoft ActiveSync\wcescomm.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\winnt\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 20:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-30 01:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 12:42 143360 ----a-w- c:\winnt\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-02-23 19:28 1274744 ----a-w- c:\program files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare9"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"RegSrvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"MSSQL$ACT7"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\WINNT\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINNT\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"c:\\Program Files\\ACT\\ACT for Windows\\ActSage.exe"=
"c:\\Program Files\\Adobe\\Acrobat 10.0\\Acrobat\\Acrobat.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R3 AESTAud;AE Audio Service;c:\winnt\system32\drivers\AESTAud.sys [5/16/2009 9:36 PM 108160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/25/2011 9:09 AM 105592]
R3 itecir;ITECIR Infrared Receiver;c:\winnt\system32\drivers\itecir.sys [5/16/2009 7:51 PM 54784]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\winnt\system32\drivers\k57xp32.sys [5/16/2009 7:45 PM 174592]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\winnt\system32\drivers\OA001Ufd.sys [5/16/2009 8:27 PM 133472]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\winnt\system32\drivers\OA001Vid.sys [5/16/2009 8:27 PM 279488]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\ACT for Windows\Act.Scheduler.exe [7/31/2008 10:04 PM 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/7/2010 10:35 PM 136176]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\winnt\system32\AWINDIS5.SYS [8/8/2005 1:08 PM 16194]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/7/2010 10:35 PM 136176]
S3 hcdriver;EHCI;c:\winnt\system32\drivers\hcdriver.sys [12/2/2005 12:46 PM 46080]
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;c:\winnt\system32\DRIVERS\wg511nd5.sys --> c:\winnt\system32\DRIVERS\wg511nd5.sys [?]
S3 ptiusbf;PTI USB Filter;c:\winnt\system32\DRIVERS\PTIUSBF.SYS --> c:\winnt\system32\DRIVERS\PTIUSBF.SYS [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 9:48 PM 116664]
S3 Xgiv3;Xgiv3;c:\winnt\system32\drivers\Xgiv3m.sys [5/24/2005 3:32 PM 337408]
S4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 4:27 AM 29262680]
S4 RT80x86;Ralink 802.11n Wireless Driver;c:\winnt\system32\DRIVERS\RT2860.sys --> c:\winnt\system32\DRIVERS\RT2860.sys [?]
S4 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [8/27/2009 10:12 PM 716272]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/25/2008 3:31 PM 24652]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-25 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
.
2011-06-29 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-10 02:50]
.
2011-06-29 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 05:35]
.
2011-06-29 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 05:35]
.
2011-06-29 c:\winnt\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-06-29 17:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: uspto.gov
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-29 13:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1993962763-1844237615-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8C0B0701-6A33-7AD8-CDD1-91A3D55087AC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\winnt\system32\Ati2evxx.dll
.
Completion time: 2011-06-29 13:56:18
ComboFix-quarantined-files.txt 2011-06-29 20:56
ComboFix2.txt 2011-05-05 20:50
ComboFix3.txt 2009-11-10 04:36
ComboFix4.txt 2009-11-10 04:05
ComboFix5.txt 2011-06-29 20:45
.
Pre-Run: 60,717,883,392 bytes free
Post-Run: 61,336,485,888 bytes free
.
- - End Of File - - 5642C81F03ECBA300C8023A5EC3905F3

Working on new OTL report and will post findings

#15 Explicit1

Explicit1
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 29 June 2011 - 04:08 PM

OTL logfile created on: 6/29/2011 2:03:34 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 77.31% Memory free
7.33 Gb Paging File | 6.87 Gb Available in Paging File | 93.68% Paging File free
Paging file location(s): C:\pagefile.sys 4599 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 57.16 Gb Free Space | 58.53% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 51.22 Gb Free Space | 25.55% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 15:30:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
PRC - [2011/03/25 18:49:16 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
PRC - [2009/11/03 16:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 16:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/21 10:44:12 | 000,225,362 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\XPM09_6047v002\WDM\stacsv.exe
PRC - [2008/07/21 10:42:16 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/07/11 12:15:06 | 000,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINNT\system32\AESTFltr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2008/02/08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/10/07 20:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 16:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 15:30:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2009/11/03 16:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/11/03 16:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/11/03 16:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/07/27 22:42:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/31 22:04:38 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2008/07/21 10:44:12 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\XPM09_6047v002\WDM\stacsv.exe -- (STacSV)
SRV - [2008/04/14 05:42:40 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2008/02/22 20:41:54 | 000,423,192 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/02/21 15:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/21 15:02:44 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/08 08:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/10/07 21:48:36 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 21:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 21:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/08/27 18:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 20:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/05/29 17:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 17:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/16 01:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/18 01:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110504.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110504.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/02/21 12:07:00 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/26 06:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/28 05:12:49 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINNT\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/15 21:51:45 | 000,132,352 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/05/15 10:56:03 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/05/15 10:56:03 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/04/01 04:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/27 01:05:00 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/12/01 15:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/26 14:02:04 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/21 10:46:18 | 001,384,595 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/07/11 12:15:10 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/05/07 12:30:54 | 000,137,952 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINNT\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/29 20:04:04 | 000,174,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink ™
DRV - [2008/01/19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2007/12/26 20:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/08/27 18:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 18:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/26 20:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/03/14 18:25:00 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\itecir.sys -- (itecir)
DRV - [2006/12/28 09:44:44 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/11/20 22:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/07/14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/02/28 21:27:08 | 000,337,408 | ---- | M] (XGI Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Xgiv3m.sys -- (Xgiv3)
DRV - [2004/09/15 23:53:06 | 000,263,608 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/04/23 13:59:44 | 000,044,032 | R--- | M] (Broadcom Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/04/25 23:16:30 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\hcdriver.sys -- (hcdriver)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINNT\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2000/09/07 11:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/22 17:06:11 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/29 13:54:39 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINNT\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKU\S-1-5-21-1993962763-1844237615-725345543-1000\..Trusted Domains: uspto.gov ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1243218437625 (MUCatalogWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://ml.sitexdata.com/mortgageleads/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} https://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab (PtClickLoan Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://naasystem.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/24 14:24:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/29 13:56:20 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2011/06/29 13:35:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/29 10:41:33 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matt\Desktop\TDSSKiller.exe
[2011/06/28 15:30:10 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/06/27 21:26:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matt\Recent
[2011/06/08 21:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\RAR Password Unlocker
[2011/06/08 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2011/06/07 18:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Google Earth
[2011/06/06 12:55:34 | 000,047,512 | ---- | C] (Adobe Systems Inc) -- C:\WINNT\System32\AdobePDF.dll
[2011/06/06 12:55:32 | 000,022,936 | ---- | C] (Adobe Systems Inc.) -- C:\WINNT\System32\AdobePDFUI.dll
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\Documents and Settings\Matt\My Documents\*.tmp files -> C:\Documents and Settings\Matt\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/29 13:57:00 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/29 13:57:00 | 000,000,878 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/29 13:54:39 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2011/06/29 13:44:10 | 000,000,868 | ---- | M] () -- C:\WINNT\tasks\Google Software Updater.job
[2011/06/29 13:42:25 | 000,515,608 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/06/29 13:42:25 | 000,099,970 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011/06/29 13:40:46 | 004,129,550 | R--- | M] (Swearware) -- C:\Documents and Settings\Matt\Desktop\ComboFix.exe
[2011/06/29 13:38:31 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Microsoft Office Outlook 2007.lnk
[2011/06/29 13:38:26 | 000,000,470 | ---- | M] () -- C:\WINNT\tasks\SDMsgUpdate (TE).job
[2011/06/29 13:37:22 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/06/29 10:42:58 | 001,315,769 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\tdsskiller.zip
[2011/06/28 19:13:00 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matt\Desktop\TDSSKiller.exe
[2011/06/28 15:30:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/06/28 15:29:41 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\RKUnhookerLE.EXE
[2011/06/27 11:12:14 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/06/25 23:45:56 | 000,256,000 | ---- | M] () -- C:\WINNT\PEV.exe
[2011/06/25 16:53:02 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/06/22 17:06:27 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Adobe Acrobat X Pro.lnk
[2011/06/15 15:47:00 | 000,095,867 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Model Info Large.jpg
[2011/06/15 15:45:00 | 000,103,518 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Model Info.jpg
[2011/06/10 14:37:51 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 14:37:51 | 000,000,049 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2011/06/10 13:44:51 | 000,008,113 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Berlynn Bubble Gum.jpg
[2011/06/08 22:02:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/08 21:32:43 | 000,000,405 | ---- | M] () -- C:\WINNT\crackpdf.INI
[2011/06/08 21:25:24 | 076,732,804 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\ATPCF-327-Jamey_Johnson_-_That_Lonesome_Song-07-08-2008.rar
[2011/06/07 18:59:32 | 000,001,911 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Google Earth.lnk
[2011/06/06 20:32:42 | 028,125,116 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Coldwell-Banker-Commercial_2010-Year-End-Report.pdf
[2011/06/06 12:55:34 | 000,047,512 | ---- | M] (Adobe Systems Inc) -- C:\WINNT\System32\AdobePDF.dll
[2011/06/06 12:55:32 | 000,022,936 | ---- | M] (Adobe Systems Inc.) -- C:\WINNT\System32\AdobePDFUI.dll
[2011/05/31 11:34:17 | 000,306,777 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\SingleReport.pdf
[2011/05/31 11:34:01 | 000,592,377 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\TripleReport.pdf
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\Documents and Settings\Matt\My Documents\*.tmp files -> C:\Documents and Settings\Matt\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/28 15:29:48 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\RKUnhookerLE.EXE
[2011/06/15 15:47:00 | 000,095,867 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Model Info Large.jpg
[2011/06/15 15:45:00 | 000,103,518 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Model Info.jpg
[2011/06/10 13:45:13 | 000,008,113 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Berlynn Bubble Gum.jpg
[2011/06/08 22:02:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/08 21:25:24 | 076,732,804 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\ATPCF-327-Jamey_Johnson_-_That_Lonesome_Song-07-08-2008.rar
[2011/06/07 18:59:32 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Google Earth.lnk
[2011/06/06 20:28:25 | 028,125,116 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Coldwell-Banker-Commercial_2010-Year-End-Report.pdf
[2011/05/31 11:34:17 | 000,306,777 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\SingleReport.pdf
[2011/05/31 11:34:01 | 000,592,377 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\TripleReport.pdf
[2011/05/12 13:56:48 | 000,000,042 | ---- | C] () -- C:\WINNT\POINTHelp.INI
[2011/05/04 11:13:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\SMRBackup162.dat
[2011/03/26 18:52:55 | 000,503,808 | ---- | C] () -- C:\WINNT\System32\tiff2pdf.dll
[2011/03/09 12:02:46 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2011/02/26 17:20:41 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\KGyGaAvL.sys
[2011/02/26 17:20:41 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\C6FF29E281.sys
[2011/02/23 21:12:47 | 000,000,008 | RHS- | C] () -- C:\WINNT\System32\81E229FFC6.sys
[2010/06/11 10:33:24 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat
[2010/05/29 08:34:24 | 000,122,771 | ---- | C] () -- C:\WINNT\hpoins14.dat
[2010/05/29 08:34:24 | 000,001,996 | ---- | C] () -- C:\WINNT\hpomdl14.dat
[2010/05/11 10:28:08 | 000,000,024 | ---- | C] () -- C:\WINNT\popcinfot.dat
[2010/05/11 10:28:08 | 000,000,000 | ---- | C] () -- C:\WINNT\popcreg.dat
[2010/04/21 23:23:27 | 000,072,856 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2010/04/09 19:55:47 | 000,010,752 | ---- | C] () -- C:\WINNT\System32\BASSMOD.dll
[2010/04/09 19:54:49 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\fusioncache.dat
[2010/02/21 19:49:02 | 000,000,000 | ---- | C] () -- C:\WINNT\vpc32.INI
[2009/12/30 20:40:53 | 000,593,920 | ---- | C] () -- C:\WINNT\System32\ati2sgag.exe
[2009/11/09 17:33:26 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2009/11/09 17:33:26 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2009/11/09 17:33:26 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2009/11/09 17:33:25 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2009/11/09 17:33:25 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2009/10/29 09:32:22 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\pool.bin
[2009/05/18 18:47:13 | 000,000,010 | ---- | C] () -- C:\WINNT\WININIT.INI
[2009/05/16 19:24:45 | 000,000,000 | ---- | C] () -- C:\WINNT\ativpsrm.bin
[2009/05/14 19:17:31 | 000,012,576 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\LuUninstall.LiveUpdate
[2009/04/19 20:32:22 | 000,155,745 | ---- | C] () -- C:\WINNT\System32\installservice.exe
[2008/12/10 13:33:36 | 000,002,464 | ---- | C] () -- C:\WINNT\aopr.ini
[2008/12/10 13:26:17 | 000,000,844 | ---- | C] () -- C:\WINNT\avpr.ini
[2008/12/01 13:11:21 | 003,107,788 | ---- | C] () -- C:\WINNT\System32\ativvaxx.dat
[2008/12/01 13:11:21 | 003,107,788 | ---- | C] () -- C:\WINNT\System32\ativva5x.dat
[2008/12/01 13:11:21 | 000,887,724 | ---- | C] () -- C:\WINNT\System32\ativva6x.dat
[2008/10/30 07:45:42 | 000,180,720 | ---- | C] () -- C:\WINNT\System32\atiicdxx.dat
[2008/05/22 11:43:51 | 000,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/05/13 17:12:19 | 000,000,436 | ---- | C] () -- C:\WINNT\dvdtompegconverter.ini
[2008/05/13 17:10:59 | 000,000,001 | ---- | C] () -- C:\WINNT\System32\SysDVDtoMPeg.dat
[2008/04/21 08:52:34 | 000,001,984 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2008/04/03 20:54:38 | 000,242,176 | ---- | C] () -- C:\WINNT\System32\fixflash.exe
[2008/04/03 20:54:37 | 000,129,024 | ---- | C] () -- C:\WINNT\System32\AVERM.dll
[2008/04/03 20:54:37 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\AVEQT.dll
[2008/04/03 20:28:05 | 000,000,067 | ---- | C] () -- C:\WINNT\#1 DVD Ripper.INI
[2008/01/04 14:58:50 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2008/01/04 14:56:24 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll
[2007/03/30 17:54:31 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\QTSBandwidthCache
[2007/01/29 10:41:58 | 000,000,405 | ---- | C] () -- C:\WINNT\crackpdf.INI
[2007/01/19 13:26:34 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\$_hpcst$.hpc
[2007/01/06 20:22:26 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/13 06:36:36 | 001,167,360 | ---- | C] () -- C:\WINNT\System32\acAuth.dll
[2006/06/20 22:53:34 | 000,319,488 | ---- | C] () -- C:\WINNT\System32\AegisI5.exe
[2006/05/04 14:14:27 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\Zlib.dll
[2006/05/04 14:14:23 | 000,041,984 | ---- | C] () -- C:\WINNT\System32\ZFExt.dll
[2006/05/04 14:14:20 | 000,000,026 | ---- | C] () -- C:\WINNT\SYSINF~1.INI
[2006/04/10 19:22:55 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\ScheduledItems
[2006/04/10 19:21:21 | 000,002,620 | -HS- | C] () -- C:\WINNT\System32\KGyGaAvL.sys
[2006/04/10 19:21:21 | 000,000,056 | RHS- | C] () -- C:\WINNT\System32\4994F12BB5.sys
[2006/02/21 13:30:02 | 000,000,058 | ---- | C] () -- C:\WINNT\mchguid.ini
[2006/02/18 15:26:14 | 000,000,000 | ---- | C] () -- C:\WINNT\PNTINFO.INI
[2005/12/30 13:18:26 | 000,180,224 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2005/12/30 13:10:30 | 000,761,856 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2005/12/02 12:45:55 | 000,007,140 | ---- | C] () -- C:\WINNT\System32\drivers\cvintdrv.sys
[2005/12/02 12:45:51 | 000,000,029 | ---- | C] () -- C:\WINNT\cviinst.ini
[2005/08/01 13:13:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\fusioncache.dat
[2005/08/01 13:13:42 | 000,184,320 | ---- | C] () -- C:\WINNT\System32\EmbeddedDX.dll
[2005/08/01 13:13:42 | 000,010,875 | ---- | C] () -- C:\WINNT\ESOA.INI
[2005/08/01 13:13:42 | 000,003,679 | ---- | C] () -- C:\WINNT\GrAddrBk.ini
[2005/08/01 13:13:42 | 000,000,995 | ---- | C] () -- C:\WINNT\GRACE.INI
[2005/08/01 13:13:42 | 000,000,053 | ---- | C] () -- C:\WINNT\PRSRVDLL.INI
[2005/08/01 13:11:34 | 000,001,327 | ---- | C] () -- C:\WINNT\winpoint.ini
[2005/07/25 12:15:54 | 000,000,049 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2005/07/12 11:34:30 | 000,005,632 | R--- | C] () -- C:\WINNT\System32\CNMVSya.DLL
[2005/07/12 11:33:52 | 000,000,356 | R--- | C] () -- C:\WINNT\System32\CNCASv50.ini
[2005/07/12 11:33:41 | 000,000,462 | R--- | C] () -- C:\WINNT\System32\CNCMP50.INI
[2005/06/14 20:43:12 | 000,000,626 | ---- | C] () -- C:\WINNT\ODBC.INI
[2005/06/09 11:14:04 | 000,000,027 | ---- | C] () -- C:\WINNT\GenSet.ini
[2005/06/09 11:13:39 | 000,626,688 | ---- | C] () -- C:\WINNT\System32\GENSYSIE.DLL
[2005/06/09 11:13:37 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\GNS2KZIP.DLL
[2005/06/09 11:13:37 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\GENFON32.DLL
[2005/06/09 11:13:37 | 000,001,327 | ---- | C] () -- C:\WINNT\GOLDCOM.INI
[2005/06/09 11:13:36 | 000,398,336 | ---- | C] () -- C:\WINNT\System32\TX32.DLL
[2005/06/09 11:13:36 | 000,000,151 | ---- | C] () -- C:\WINNT\System32\IC32.INI
[2005/06/09 11:12:52 | 000,225,280 | ---- | C] () -- C:\WINNT\System32\Gn32.dll
[2005/05/30 13:40:28 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2005/05/24 16:36:35 | 000,094,208 | ---- | C] () -- C:\WINNT\System32\NTDisUn.dll
[2005/05/24 16:36:35 | 000,004,404 | ---- | C] () -- C:\WINNT\System32\SIMPLDRV.SYS
[2005/05/24 15:24:28 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2005/05/24 15:16:29 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2005/05/24 14:23:03 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2005/05/24 14:22:08 | 000,022,192 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2005/05/24 07:12:46 | 000,303,354 | ---- | C] () -- C:\WINNT\System32\PerfStringBackup_001.INI
[2005/05/24 06:56:14 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2005/05/24 06:55:22 | 002,205,544 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2001/08/23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[2001/08/23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2001/08/23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2001/08/23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2001/08/23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2001/08/23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2001/08/23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[2001/08/23 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1999/12/07 05:00:00 | 000,515,608 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1999/12/07 05:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/12/07 05:00:00 | 000,099,970 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1999/12/07 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[1999/09/25 03:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

< End of report >

OTL Extras logfile created on: 6/29/2011 2:03:34 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 77.31% Memory free
7.33 Gb Paging File | 6.87 Gb Available in Paging File | 93.68% Paging File free
Paging file location(s): C:\pagefile.sys 4599 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 57.16 Gb Free Space | 58.53% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 51.22 Gb Free Space | 25.55% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINNT\system32\mmc.exe" = C:\WINNT\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINNT\system32\dpvsetup.exe" = C:\WINNT\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\ACT\ACT for Windows\Act8.exe" = C:\Program Files\ACT\ACT for Windows\Act8.exe:*:Enabled:ACT! 8.x/2006 -- (Sage Software, Inc)
"C:\Program Files\ACT\ACT for Windows\ActSage.exe" = C:\Program Files\ACT\ACT for Windows\ActSage.exe:*:Enabled:ACT! by Sage -- (Sage Software, Inc.)
"C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe" = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe:*:Enabled:Acrobat.exe -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#1 DVD Ripper" = #1 DVD Ripper 7.2.1
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A3445-56FC-47B3-B706-17D599E3B630}" = CalyxLoanBridge11
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1" = AeroSnap 0.61
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}" = Catalyst Control Center Graphics Light
"{1EF6FE22-477E-4C34-BF09-C2E5A3953D3E}" = Acronis True Image Echo Workstation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{2555F283-A782-4F9F-829F-268A9B0F9CC1}" = POINT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D316CFB-1825-4030-A13A-29D18DC6B177}" = OfficeSharedAddInSetup
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}" = Catalyst Control Center Graphics Full Existing
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{4669544E-20E4-4E56-8B44-2E6E1200051F}" = Canon MP Toolbox 4.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53952F34-D003-4854-B260-4361F0E323D9}" = LoanAmortizer Enterprise Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{580E3E43-F5EB-41C9-A348-1B7DCF002C2C}" = Dell 5530 Wireless Broadband Package
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Canon MP Drivers
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{5EC634FA-5047-38B2-A53A-15963D9BD872}" = CCC Help English
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{651AFCC8-2F1A-8132-0A33-FA5F041380BA}" = Catalyst Control Center Graphics Full New
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}" = ccc-utility
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{715549E5-7FC1-44c7-88FB-9BA1052C57C5}" = XGI Volari-XP5 Display Driver
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{7510EF8C-99B9-8533-524E-BF41BDC04188}" = Skins
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773040E1-3B60-6507-C387-71F8F0A03C59}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7CF7C4D5-D30C-4ABA-A287-369B043087E8}" = Acronis Universal Restore for Acronis True Image Echo Workstation
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel® PROSet/Wireless WiFi Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85BC5C08-E73D-11D2-964D-444553540000}" = Point
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92DEC792-A722-5991-2607-3EE3A4BD502B}" = Catalyst Control Center HydraVision Full
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93737301-0D25-4E94-97F0-997815933757}" = interneTIFF 9.0-FREE (IE Browser)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96793032-8651-805A-67EF-E1759C1A8E3D}" = Catalyst Control Center Graphics Previews Common
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2C82F57-F312-4525-A19C-40E228E09939}" = Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Franēais, Deutsch
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B094F70F-2CC2-5062-8534-D3830FC4B018}" = Catalyst Control Center Core Implementation
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B789FA51-6A71-408F-92DE-EDE4A517B8F6}_is1" = RAR Password Unlocker 3.0
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC467935-A9A5-4D0F-BD89-94F36CDF0524}" = Adobe Stock Photos 1.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA42C38C-B369-B190-AD06-76D3AC95CFAC}" = ccc-core-preinstall
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D9952F01-1EBB-494B-AD8C-36BCA14B0FC4}" = POINT
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Aarons Advanced Cliker_is1" = Aarons Advanced Cliker Version 3.05
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_d2f336b2c5feeb945c28b7a0a45170f" = Adobe Creative Suite 4 Master Collection
"Advanced GIF Animator_is1" = Advanced GIF Animator 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"Allok Video to FLV Converter_is1" = Allok Video to FLV Converter 4.7.1202
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Bejeweled Blitz" = Bejeweled Blitz
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"BSPlayerp" = BS.Player PRO
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CoffeeCup Flash Form Builder - Registered" = CoffeeCup Flash Form Builder - Registered
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"DVD Shrink_is1" = DVD Shrink 3.1.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"FileZilla Client" = FileZilla Client 3.0.9.3
"Genesis 2000" = Genesis 2000
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Loan Tracker_is1" = Loan Tracker
"Lotto Hat v3.5_is1" = Lotto Hat v3.5
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"mIRC" = mIRC
"MobilityDotNET" = DH Mobility Modder.NET
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NTFS4DOS" = NTFS4DOS
"PDF Password Cracker Pro v2.0_is1" = PDF Password Cracker Pro v2.0
"PIXresizer_is1" = PIXresizer 2.0.4
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"ResumeMaker" = ResumeMaker
"Smart PDF Creator Pro_is1" = Smart PDF Creator Pro 6.1.0.426
"SmartDraw VP" = SmartDraw VP
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Tutor System 3.0" = Virtual Tutor System 3.0
"VLC media player" = VLC media player 1.0.5
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebFormDesigner" = WebFormDesigner
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WINForms® Desktop" = WINForms® Desktop
"WinRAR archiver" = WinRAR archiver
"Wondershare Flash Gallery Factory Deluxe_is1" = Wondershare Flash Gallery Factory Deluxe 5.0.2
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YouTube FLV to AVI Suite Enterprise_is1" = YouTube FLV to AVI Suite Enterprise 2.3.9
"zipForm6" = zipForm6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1993962763-1844237615-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2011 8:32:07 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/25/2011 1:13:10 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/25/2011 5:44:09 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/27/2011 2:12:51 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/27/2011 10:41:01 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/28/2011 11:52:35 AM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/28/2011 5:02:33 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/29/2011 1:30:07 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/29/2011 4:37:51 PM | Computer Name = LAPTOP | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/29/2011 4:52:09 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ OSession Events ]
Error - 1/20/2010 4:50:52 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/22/2010 11:52:03 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/29/2011 4:35:41 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Adobe LM Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/29/2011 4:35:41 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/29/2011 4:35:41 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/29/2011 4:35:41 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/29/2011 4:35:41 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Protexis Licensing V2 service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/29/2011 4:35:41 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 6/29/2011 4:37:31 PM | Computer Name = LAPTOP | Source = NIC1394 | ID = 5002
Description = 1394 Net Adapter #2 : Has determined that the adapter is not functioning
properly.

Error - 6/29/2011 4:38:24 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service
to connect.

Error - 6/29/2011 4:38:24 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 6/29/2011 4:38:24 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Symantec AntiVirus Definition Watcher service terminated unexpectedly.
It has done this 1 time(s).


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users