Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Google Virus Oct 2011


  • This topic is locked This topic is locked
18 replies to this topic

#1 Rahbil

Rahbil

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 09 October 2011 - 10:35 PM

Redirect virus that happens in Google, Internet Explorer. Tried several attempts to remove it. It went away for a day, and then returned. I tried several spyware and malware removal programs, but none have worked. I use Vipre as my antivirus program. Malwarebytes did not find a problem, nor did AVG. Cannot log into Facebook, Youtube, and other sites. When logging into FB, I get the message, "Internet Explorer has stopped working...". My wife's pc is having the same redirect problems, but so far she can log into FB and Youtube. Tried Gmer, even in Safe Mode, after several minutes of a scan, it crashes to BSOD. Running Vista on the PC.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120
Run by Ra at 18:40:42 on 2011-10-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.994 [GMT -5:00]
.
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Ra\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {71e473f7-44c5-77b4-0af1-10c542a54e1d} - c:\windows\system32\esentt.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} -
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [Skytel] Skytel.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\ra\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ra\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270980343301
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{A6586777-1402-4990-8A46-60541F991432} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-7-7 20384]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-9-4 78936]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-7-15 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-6-10 74200]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-7-15 181584]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-7-7 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-2 136176]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2011-7-20 69208]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2011-7-20 69208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-9-17 19968]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-5 30192]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-2 136176]
S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-7-7 954368]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
.
=============== Created Last 30 ================
.
2011-10-08 17:48:36 -------- d-----w- c:\windows\system32\wbem\repository
2011-10-08 17:47:59 -------- d-----w- c:\windows\Registration
2011-10-08 09:23:49 -------- d-----w- c:\users\ra\appdata\local\temp
2011-10-04 20:20:13 -------- d-----r- c:\users\ra\Dropbox
2011-10-04 20:15:01 -------- d-----w- c:\users\ra\appdata\roaming\Dropbox
2011-10-02 02:20:35 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-30 20:53:13 -------- d-----w- c:\program files\Conduit
2011-09-30 20:53:05 -------- d-----w- c:\program files\WhiteSmoke_Bar
2011-09-30 20:52:52 723294 ----a-w- c:\windows\unins000.exe
2011-09-30 20:52:34 -------- d-----w- c:\program files\Quick Web Player
2011-09-29 07:38:10 -------- d-----w- c:\program files\Youdagames
2011-09-29 07:33:43 -------- d-----w- c:\program files\Youda Camper
2011-09-29 05:00:32 -------- d-----w- c:\program files\Youda Fisherman
2011-09-28 02:27:23 -------- d-----w- c:\users\ra\appdata\local\Stonetrip
2011-09-28 02:27:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-28 02:27:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-28 02:27:19 -------- d-----w- c:\program files\OpenAL
2011-09-28 02:15:47 -------- d-----w- c:\users\ra\appdata\local\Grubby Games
2011-09-28 02:15:08 -------- d-----w- c:\program files\Fizzball
2011-09-28 02:08:56 -------- d-----w- c:\windows\system32\3048
2011-09-28 01:41:49 -------- d-----r- c:\users\ra\appdata\roaming\Brother
2011-09-26 02:30:32 -------- d-----w- c:\programdata\The Revills Games
2011-09-26 02:14:36 -------- d-----w- c:\windows\system32\1066
2011-09-23 21:49:38 -------- d-----w- c:\users\ra\appdata\roaming\Uniblue
2011-09-23 21:49:10 -------- d-----w- c:\program files\Uniblue
2011-09-23 21:48:40 -------- d-----w- c:\program files\YTDSETUP
2011-09-23 21:48:40 -------- d-----w- c:\program files\Uniblue Registry Booster
2011-09-23 18:02:22 98816 ----a-w- c:\windows\sed.exe
2011-09-23 18:02:22 518144 ----a-w- c:\windows\SWREG.exe
2011-09-23 18:02:22 256000 ----a-w- c:\windows\PEV.exe
2011-09-23 18:02:22 208896 ----a-w- c:\windows\MBR.exe
2011-09-22 05:58:04 -------- d-----w- c:\users\ra\appdata\roaming\funkitron
2011-09-22 05:54:36 -------- d-----w- c:\windows\Governor of Poker
2011-09-22 05:54:36 -------- d-----w- c:\program files\Governor of Poker
2011-09-22 05:54:03 -------- d-----w- c:\windows\system32\3080
2011-09-22 03:02:21 -------- d-----w- c:\program files\Diner Dash 2
2011-09-20 05:48:55 -------- d-----w- c:\program files\Diner Dash
2011-09-20 05:46:03 -------- d-----w- C:\# Max games
2011-09-13 21:06:10 -------- d-----w- C:\EA Sports
2011-09-13 05:05:07 -------- d-----w- c:\users\ra\appdata\roaming\Origin
2011-09-13 05:04:43 -------- d-----w- c:\users\ra\appdata\local\Origin
2011-09-13 05:04:14 -------- d-----w- c:\programdata\Origin
2011-09-13 05:04:13 -------- d-----w- c:\program files\Origin Games
2011-09-13 05:03:32 -------- d-----w- c:\program files\Origin
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 184320 ----a-w- c:\windows\system32\iefraame.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-20 23:09:27 81984 ----a-w- c:\windows\system32\bdod.bin
2011-07-15 23:24:08 42832 ----a-w- c:\windows\system32\sbbd.exe
2007-08-23 17:16:42 17038824 ----a-w- c:\program files\powersuite.exe
.
============= FINISH: 18:42:44.28 ===============



Attached File  Attach.txt   16.66KB   1 downloads

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:08 PM

Posted 14 October 2011 - 10:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422727 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:08 AM

Posted 15 October 2011 - 11:16 AM

Hi there,

It look as though you've run a tool called ComboFix. Could you post me the log - it should be saved at C:\ComboFix.txt

Also, I presume you and your wife share the same internet connection? Is this through a router?

:step1: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

:step2: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 Rahbil

Rahbil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 16 October 2011 - 10:08 PM

Thanks Casey, yes we are on a shared wireless household router. Here are the reports. Thanks for replying.

21:11:53.0150 4820 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
21:11:53.0573 4820 ============================================================
21:11:53.0574 4820 Current date / time: 2011/10/16 21:11:53.0573
21:11:53.0574 4820 SystemInfo:
21:11:53.0574 4820
21:11:53.0574 4820 OS Version: 6.0.6002 ServicePack: 2.0
21:11:53.0574 4820 Product type: Workstation
21:11:53.0574 4820 ComputerName: RA-PC
21:11:53.0575 4820 UserName: Ra
21:11:53.0575 4820 Windows directory: C:\Windows
21:11:53.0575 4820 System windows directory: C:\Windows
21:11:53.0575 4820 Processor architecture: Intel x86
21:11:53.0575 4820 Number of processors: 2
21:11:53.0575 4820 Page size: 0x1000
21:11:53.0575 4820 Boot type: Normal boot
21:11:53.0575 4820 ============================================================
21:11:56.0323 4820 Initialize success
21:12:13.0754 0928 ============================================================
21:12:13.0754 0928 Scan started
21:12:13.0754 0928 Mode: Manual;
21:12:13.0754 0928 ============================================================
21:12:18.0403 0928 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:12:18.0415 0928 ACPI - ok
21:12:18.0484 0928 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:12:18.0502 0928 adp94xx - ok
21:12:18.0639 0928 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:12:18.0653 0928 adpahci - ok
21:12:18.0747 0928 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:12:18.0756 0928 adpu160m - ok
21:12:19.0252 0928 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:12:19.0261 0928 adpu320 - ok
21:12:19.0589 0928 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:12:19.0603 0928 AFD - ok
21:12:19.0812 0928 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
21:12:19.0855 0928 AgereSoftModem - ok
21:12:20.0006 0928 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:12:20.0010 0928 agp440 - ok
21:12:20.0049 0928 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:12:20.0054 0928 aic78xx - ok
21:12:20.0098 0928 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:12:20.0102 0928 aliide - ok
21:12:20.0234 0928 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:12:20.0238 0928 amdagp - ok
21:12:20.0275 0928 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:12:20.0279 0928 amdide - ok
21:12:20.0324 0928 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:12:20.0328 0928 AmdK7 - ok
21:12:20.0483 0928 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:12:20.0488 0928 AmdK8 - ok
21:12:20.0651 0928 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:12:20.0657 0928 arc - ok
21:12:20.0701 0928 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:12:20.0706 0928 arcsas - ok
21:12:20.0895 0928 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:12:20.0898 0928 AsyncMac - ok
21:12:20.0952 0928 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:12:20.0952 0928 atapi - ok
21:12:21.0094 0928 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
21:12:21.0149 0928 athr - ok
21:12:21.0434 0928 atikmdag (582dd4826a7e14241a219ff4b672a12d) C:\Windows\system32\DRIVERS\atikmdag.sys
21:12:21.0602 0928 atikmdag - ok
21:12:21.0748 0928 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:12:21.0751 0928 AtiPcie - ok
21:12:21.0853 0928 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:12:21.0857 0928 Beep - ok
21:12:22.0182 0928 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:12:22.0186 0928 blbdrive - ok
21:12:22.0565 0928 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:12:22.0570 0928 bowser - ok
21:12:22.0656 0928 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:12:22.0659 0928 BrFiltLo - ok
21:12:22.0903 0928 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:12:22.0906 0928 BrFiltUp - ok
21:12:23.0013 0928 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:12:23.0018 0928 Brserid - ok
21:12:24.0044 0928 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:12:24.0144 0928 BrSerWdm - ok
21:12:24.0530 0928 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:12:24.0534 0928 BrUsbMdm - ok
21:12:24.0606 0928 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:12:24.0609 0928 BrUsbSer - ok
21:12:24.0689 0928 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:12:24.0693 0928 BTHMODEM - ok
21:12:24.0982 0928 catchme - ok
21:12:25.0175 0928 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:12:25.0180 0928 cdfs - ok
21:12:25.0906 0928 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:12:25.0915 0928 cdrom - ok
21:12:26.0447 0928 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:12:26.0450 0928 circlass - ok
21:12:26.0754 0928 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:12:26.0763 0928 CLFS - ok
21:12:27.0803 0928 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:12:27.0806 0928 CmBatt - ok
21:12:27.0857 0928 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:12:27.0861 0928 cmdide - ok
21:12:28.0140 0928 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:12:28.0143 0928 Compbatt - ok
21:12:28.0365 0928 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:12:28.0368 0928 crcdisk - ok
21:12:28.0517 0928 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:12:28.0521 0928 Crusoe - ok
21:12:28.0621 0928 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:12:28.0626 0928 DfsC - ok
21:12:28.0675 0928 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:12:28.0680 0928 disk - ok
21:12:28.0831 0928 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:12:28.0840 0928 Dot4 - ok
21:12:28.0903 0928 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:12:28.0907 0928 Dot4Print - ok
21:12:28.0943 0928 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:12:28.0961 0928 dot4usb - ok
21:12:29.0083 0928 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:12:29.0087 0928 drmkaud - ok
21:12:29.0166 0928 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
21:12:29.0191 0928 DXGKrnl - ok
21:12:29.0356 0928 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:12:29.0362 0928 E1G60 - ok
21:12:29.0447 0928 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:12:29.0455 0928 Ecache - ok
21:12:29.0614 0928 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:12:29.0629 0928 elxstor - ok
21:12:29.0824 0928 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:12:29.0826 0928 ErrDev - ok
21:12:29.0918 0928 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:12:29.0926 0928 exfat - ok
21:12:30.0086 0928 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:12:30.0094 0928 fastfat - ok
21:12:30.0158 0928 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:12:30.0161 0928 fdc - ok
21:12:30.0341 0928 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:12:30.0345 0928 FileInfo - ok
21:12:30.0400 0928 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:12:30.0403 0928 Filetrace - ok
21:12:30.0443 0928 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:12:30.0446 0928 flpydisk - ok
21:12:30.0605 0928 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:12:30.0614 0928 FltMgr - ok
21:12:30.0661 0928 fssfltr (574cea4d3510ec905c0163c42d305ba5) C:\Windows\system32\DRIVERS\fssfltr.sys
21:12:30.0666 0928 fssfltr - ok
21:12:30.0730 0928 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:12:30.0733 0928 Fs_Rec - ok
21:12:30.0891 0928 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
21:12:30.0895 0928 FwLnk - ok
21:12:30.0952 0928 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:12:30.0956 0928 gagp30kx - ok
21:12:31.0090 0928 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:12:31.0094 0928 GEARAspiWDM - ok
21:12:31.0240 0928 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:12:31.0251 0928 HdAudAddService - ok
21:12:31.0391 0928 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:12:31.0413 0928 HDAudBus - ok
21:12:31.0496 0928 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:12:31.0499 0928 HidBth - ok
21:12:31.0594 0928 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:12:31.0597 0928 HidIr - ok
21:12:31.0735 0928 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:12:31.0737 0928 HidUsb - ok
21:12:31.0847 0928 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:12:31.0851 0928 HpCISSs - ok
21:12:31.0997 0928 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:12:32.0015 0928 HTTP - ok
21:12:32.0132 0928 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:12:32.0135 0928 i2omp - ok
21:12:32.0219 0928 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:12:32.0224 0928 i8042prt - ok
21:12:32.0286 0928 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:12:32.0297 0928 iaStorV - ok
21:12:32.0425 0928 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:12:32.0429 0928 iirsp - ok
21:12:32.0607 0928 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
21:12:32.0684 0928 IntcAzAudAddService - ok
21:12:32.0818 0928 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:12:32.0821 0928 intelide - ok
21:12:32.0861 0928 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:12:32.0866 0928 intelppm - ok
21:12:32.0924 0928 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:12:32.0928 0928 IpFilterDriver - ok
21:12:33.0044 0928 IpInIp - ok
21:12:33.0103 0928 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:12:33.0107 0928 IPMIDRV - ok
21:12:33.0151 0928 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:12:33.0157 0928 IPNAT - ok
21:12:33.0323 0928 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:12:33.0327 0928 IRENUM - ok
21:12:33.0385 0928 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:12:33.0388 0928 isapnp - ok
21:12:33.0547 0928 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:12:33.0555 0928 iScsiPrt - ok
21:12:33.0607 0928 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:12:33.0611 0928 iteatapi - ok
21:12:33.0719 0928 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:12:33.0723 0928 iteraid - ok
21:12:33.0785 0928 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
21:12:33.0788 0928 jswpslwf - ok
21:12:33.0845 0928 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:12:33.0850 0928 kbdclass - ok
21:12:33.0960 0928 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:12:33.0965 0928 kbdhid - ok
21:12:34.0016 0928 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
21:12:34.0038 0928 KR10I - ok
21:12:34.0100 0928 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
21:12:34.0111 0928 KR10N - ok
21:12:34.0258 0928 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:12:35.0269 0928 KSecDD - ok
21:12:35.0464 0928 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:12:35.0468 0928 lltdio - ok
21:12:35.0558 0928 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:12:35.0569 0928 LSI_FC - ok
21:12:35.0722 0928 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:12:35.0728 0928 LSI_SAS - ok
21:12:35.0767 0928 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:12:35.0773 0928 LSI_SCSI - ok
21:12:35.0926 0928 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:12:35.0931 0928 luafv - ok
21:12:36.0001 0928 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
21:12:36.0009 0928 mcdbus - ok
21:12:36.0153 0928 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:12:36.0157 0928 megasas - ok
21:12:36.0241 0928 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:12:36.0257 0928 MegaSR - ok
21:12:36.0416 0928 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:12:36.0420 0928 Modem - ok
21:12:36.0474 0928 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:12:36.0478 0928 monitor - ok
21:12:36.0614 0928 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:12:36.0617 0928 mouclass - ok
21:12:36.0661 0928 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:12:36.0663 0928 mouhid - ok
21:12:36.0781 0928 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:12:36.0785 0928 MountMgr - ok
21:12:36.0840 0928 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:12:36.0846 0928 mpio - ok
21:12:37.0032 0928 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:12:37.0037 0928 mpsdrv - ok
21:12:37.0279 0928 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:12:37.0286 0928 Mraid35x - ok
21:12:37.0360 0928 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:12:37.0368 0928 MRxDAV - ok
21:12:37.0521 0928 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:12:37.0528 0928 mrxsmb - ok
21:12:37.0596 0928 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:12:37.0607 0928 mrxsmb10 - ok
21:12:37.0740 0928 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:12:37.0745 0928 mrxsmb20 - ok
21:12:37.0795 0928 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:12:37.0799 0928 msahci - ok
21:12:37.0970 0928 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:12:37.0976 0928 msdsm - ok
21:12:38.0063 0928 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:12:38.0066 0928 Msfs - ok
21:12:38.0182 0928 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:12:38.0186 0928 msisadrv - ok
21:12:38.0265 0928 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:12:38.0268 0928 MSKSSRV - ok
21:12:38.0395 0928 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:12:38.0398 0928 MSPCLOCK - ok
21:12:38.0424 0928 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:12:38.0428 0928 MSPQM - ok
21:12:38.0502 0928 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:12:38.0510 0928 MsRPC - ok
21:12:38.0634 0928 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:12:38.0638 0928 mssmbios - ok
21:12:38.0700 0928 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:12:38.0703 0928 MSTEE - ok
21:12:38.0779 0928 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:12:38.0783 0928 Mup - ok
21:12:38.0923 0928 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:12:38.0931 0928 NativeWifiP - ok
21:12:39.0005 0928 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:12:39.0026 0928 NDIS - ok
21:12:39.0144 0928 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:12:39.0147 0928 NdisTapi - ok
21:12:39.0193 0928 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:12:39.0196 0928 Ndisuio - ok
21:12:39.0279 0928 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:12:39.0285 0928 NdisWan - ok
21:12:39.0378 0928 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:12:39.0382 0928 NDProxy - ok
21:12:39.0452 0928 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:12:39.0456 0928 NetBIOS - ok
21:12:39.0555 0928 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:12:39.0564 0928 netbt - ok
21:12:39.0701 0928 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:12:39.0704 0928 nfrd960 - ok
21:12:39.0890 0928 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:12:39.0895 0928 Npfs - ok
21:12:39.0956 0928 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:12:39.0960 0928 nsiproxy - ok
21:12:40.0067 0928 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:12:40.0438 0928 Ntfs - ok
21:12:40.0596 0928 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:12:40.0599 0928 ntrigdigi - ok
21:12:40.0659 0928 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:12:40.0663 0928 Null - ok
21:12:40.0748 0928 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:12:40.0754 0928 nvraid - ok
21:12:40.0828 0928 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:12:40.0832 0928 nvstor - ok
21:12:40.0979 0928 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:12:40.0986 0928 nv_agp - ok
21:12:41.0034 0928 NwlnkFlt - ok
21:12:41.0068 0928 NwlnkFwd - ok
21:12:41.0141 0928 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:12:41.0145 0928 ohci1394 - ok
21:12:41.0279 0928 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:12:41.0285 0928 Parport - ok
21:12:41.0342 0928 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:12:41.0346 0928 partmgr - ok
21:12:41.0428 0928 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:12:41.0432 0928 Parvdm - ok
21:12:41.0572 0928 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:12:41.0580 0928 pci - ok
21:12:41.0655 0928 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:12:41.0658 0928 pciide - ok
21:12:41.0723 0928 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:12:41.0732 0928 pcmcia - ok
21:12:41.0887 0928 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:12:41.0919 0928 PEAUTH - ok
21:12:42.0029 0928 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
21:12:42.0031 0928 pgfilter - ok
21:12:42.0248 0928 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:12:42.0252 0928 PptpMiniport - ok
21:12:42.0296 0928 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
21:12:42.0301 0928 Processor - ok
21:12:42.0455 0928 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:12:42.0460 0928 PSched - ok
21:12:42.0508 0928 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:12:42.0513 0928 PxHelp20 - ok
21:12:42.0611 0928 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:12:42.0654 0928 ql2300 - ok
21:12:42.0801 0928 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:12:42.0807 0928 ql40xx - ok
21:12:42.0858 0928 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:12:42.0862 0928 QWAVEdrv - ok
21:12:42.0924 0928 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:12:42.0927 0928 RasAcd - ok
21:12:43.0103 0928 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:12:43.0108 0928 Rasl2tp - ok
21:12:43.0186 0928 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:12:43.0188 0928 RasPppoe - ok
21:12:43.0232 0928 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:12:43.0237 0928 RasSstp - ok
21:12:43.0367 0928 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:12:43.0377 0928 rdbss - ok
21:12:43.0423 0928 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:12:43.0425 0928 RDPCDD - ok
21:12:43.0585 0928 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:12:43.0597 0928 rdpdr - ok
21:12:43.0664 0928 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:12:43.0667 0928 RDPENCDD - ok
21:12:43.0743 0928 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:12:43.0749 0928 RDPWD - ok
21:12:43.0956 0928 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:12:43.0959 0928 rspndr - ok
21:12:44.0105 0928 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:12:44.0113 0928 RTL8169 - ok
21:12:44.0239 0928 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
21:12:44.0244 0928 RTSTOR - ok
21:12:44.0461 0928 sbapifs (76dddc213e8259b74978733640703ec1) C:\Windows\system32\DRIVERS\sbapifs.sys
21:12:44.0468 0928 sbapifs - ok
21:12:44.0514 0928 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
21:12:44.0520 0928 SBFWIMCL - ok
21:12:44.0686 0928 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
21:12:44.0687 0928 SBFWIMCLMP - ok
21:12:44.0904 0928 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:12:44.0908 0928 sbp2port - ok
21:12:45.0098 0928 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
21:12:45.0106 0928 SBRE - ok
21:12:45.0326 0928 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
21:12:45.0333 0928 SbTis - ok
21:12:45.0886 0928 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
21:12:45.0891 0928 SCDEmu - ok
21:12:46.0509 0928 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:12:46.0513 0928 secdrv - ok
21:12:46.0851 0928 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:12:46.0854 0928 Serenum - ok
21:12:47.0142 0928 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:12:47.0148 0928 Serial - ok
21:12:47.0297 0928 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:12:47.0300 0928 sermouse - ok
21:12:47.0393 0928 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:12:47.0396 0928 sffdisk - ok
21:12:47.0434 0928 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:12:47.0437 0928 sffp_mmc - ok
21:12:47.0555 0928 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:12:47.0558 0928 sffp_sd - ok
21:12:47.0657 0928 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:12:47.0659 0928 sfloppy - ok
21:12:47.0795 0928 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:12:47.0800 0928 sisagp - ok
21:12:47.0898 0928 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:12:47.0902 0928 SiSRaid2 - ok
21:12:48.0014 0928 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:12:48.0020 0928 SiSRaid4 - ok
21:12:48.0097 0928 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:12:48.0103 0928 Smb - ok
21:12:48.0237 0928 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:12:48.0241 0928 spldr - ok
21:12:48.0408 0928 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
21:12:48.0408 0928 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
21:12:48.0414 0928 sptd ( LockedFile.Multi.Generic ) - warning
21:12:48.0414 0928 sptd - detected LockedFile.Multi.Generic (1)
21:12:48.0508 0928 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:12:48.0522 0928 srv - ok
21:12:48.0663 0928 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:12:48.0672 0928 srv2 - ok
21:12:48.0745 0928 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:12:48.0752 0928 srvnet - ok
21:12:48.0933 0928 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:12:48.0936 0928 swenum - ok
21:12:49.0030 0928 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:12:49.0034 0928 Symc8xx - ok
21:12:49.0153 0928 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:12:49.0157 0928 Sym_hi - ok
21:12:49.0203 0928 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:12:49.0207 0928 Sym_u3 - ok
21:12:49.0265 0928 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
21:12:49.0275 0928 SynTP - ok
21:12:49.0486 0928 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
21:12:49.0520 0928 Tcpip - ok
21:12:49.0728 0928 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
21:12:49.0741 0928 Tcpip6 - ok
21:12:49.0901 0928 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:12:49.0905 0928 tcpipreg - ok
21:12:49.0939 0928 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:12:49.0943 0928 tdcmdpst - ok
21:12:49.0996 0928 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:12:50.0000 0928 TDPIPE - ok
21:12:50.0126 0928 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:12:50.0130 0928 TDTCP - ok
21:12:50.0195 0928 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:12:50.0201 0928 tdx - ok
21:12:50.0261 0928 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:12:50.0265 0928 TermDD - ok
21:12:50.0432 0928 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
21:12:50.0464 0928 tos_sps32 - ok
21:12:50.0553 0928 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:12:50.0557 0928 tssecsrv - ok
21:12:50.0660 0928 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:12:50.0663 0928 tunmp - ok
21:12:50.0747 0928 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:12:50.0752 0928 tunnel - ok
21:12:50.0797 0928 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:12:50.0800 0928 TVALZ - ok
21:12:50.0895 0928 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:12:50.0899 0928 uagp35 - ok
21:12:50.0995 0928 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:12:51.0005 0928 udfs - ok
21:12:51.0080 0928 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:12:51.0084 0928 uliagpkx - ok
21:12:51.0176 0928 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:12:51.0184 0928 uliahci - ok
21:12:51.0235 0928 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:12:51.0240 0928 UlSata - ok
21:12:51.0275 0928 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:12:51.0280 0928 ulsata2 - ok
21:12:51.0319 0928 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:12:51.0321 0928 umbus - ok
21:12:51.0492 0928 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:12:51.0498 0928 usbccgp - ok
21:12:51.0589 0928 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:12:51.0595 0928 usbcir - ok
21:12:51.0716 0928 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:12:51.0721 0928 usbehci - ok
21:12:51.0832 0928 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:12:51.0842 0928 usbhub - ok
21:12:52.0009 0928 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:12:52.0013 0928 usbohci - ok
21:12:52.0112 0928 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:12:52.0116 0928 usbprint - ok
21:12:52.0184 0928 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:12:52.0188 0928 usbscan - ok
21:12:52.0265 0928 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:12:52.0270 0928 USBSTOR - ok
21:12:52.0365 0928 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:12:52.0369 0928 usbuhci - ok
21:12:52.0425 0928 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:12:52.0432 0928 usbvideo - ok
21:12:52.0503 0928 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
21:12:52.0507 0928 UVCFTR - ok
21:12:52.0624 0928 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:12:52.0627 0928 vga - ok
21:12:52.0669 0928 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:12:52.0672 0928 VgaSave - ok
21:12:52.0723 0928 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:12:52.0728 0928 viaagp - ok
21:12:52.0775 0928 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:12:52.0779 0928 ViaC7 - ok
21:12:52.0892 0928 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:12:52.0896 0928 viaide - ok
21:12:52.0981 0928 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\Windows\system32\DRIVERS\VNUSB.sys
21:12:52.0985 0928 VNUSB - ok
21:12:53.0077 0928 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:12:53.0081 0928 volmgr - ok
21:12:53.0211 0928 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:12:53.0225 0928 volmgrx - ok
21:12:53.0294 0928 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:12:53.0305 0928 volsnap - ok
21:12:53.0452 0928 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:12:53.0459 0928 vsmraid - ok
21:12:53.0647 0928 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:12:53.0651 0928 WacomPen - ok
21:12:53.0698 0928 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:12:53.0703 0928 Wanarp - ok
21:12:53.0713 0928 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:12:53.0715 0928 Wanarpv6 - ok
21:12:53.0783 0928 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:12:53.0787 0928 Wd - ok
21:12:53.0975 0928 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:12:53.0995 0928 Wdf01000 - ok
21:12:54.0258 0928 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
21:12:54.0261 0928 winusb - ok
21:12:54.0309 0928 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:12:54.0312 0928 WmiAcpi - ok
21:12:54.0398 0928 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:12:54.0401 0928 WpdUsb - ok
21:12:54.0523 0928 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:12:54.0527 0928 ws2ifsl - ok
21:12:54.0635 0928 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:12:54.0638 0928 WSDPrintDevice - ok
21:12:54.0760 0928 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
21:12:54.0763 0928 WSDScan - ok
21:12:54.0871 0928 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:12:54.0877 0928 WUDFRd - ok
21:12:54.0953 0928 MBR (0x1B8) (0684f431230ab4e2a2ac34f5b5be936e) \Device\Harddisk0\DR0
21:12:54.0954 0928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:12:54.0954 0928 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:12:54.0981 0928 Boot (0x1200) (29ddcd78356ccdace4549caae1ec1d0c) \Device\Harddisk0\DR0\Partition0
21:12:54.0983 0928 \Device\Harddisk0\DR0\Partition0 - ok
21:12:54.0984 0928 ============================================================
21:12:54.0984 0928 Scan finished
21:12:54.0984 0928 ============================================================
21:12:55.0014 4688 Detected object count: 2
21:12:55.0014 4688 Actual detected object count: 2
21:13:15.0181 4688 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:13:15.0181 4688 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:13:15.0260 4688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:13:15.0261 4688 \Device\Harddisk0\DR0 - ok
21:13:15.0262 4688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:13:19.0213 2900 Deinitialize success

OTL logfile created on: 10/16/2011 9:44:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\# Downloads\# Redirect Virus Stuff
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 27.58% Memory free
3.74 Gb Paging File | 2.52 Gb Available in Paging File | 67.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.95 Gb Total Space | 10.91 Gb Free Space | 6.10% Space Free | Partition Type: NTFS
Drive E: | 479.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RA-PC | User Name: Ra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 21:11:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\# Downloads\# Redirect Virus Stuff\OTL.exe
PRC - [2011/10/16 21:07:34 | 000,120,320 | -HS- | M] () -- C:\Users\Ra\AppData\Local\temp\winupd.exe
PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ra\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/07/15 18:38:28 | 001,353,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2011/07/15 18:23:16 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2011/07/15 18:22:50 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/18 08:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/07 17:01:07 | 000,277,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/03 15:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2008/05/24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/16 21:07:34 | 000,120,320 | -HS- | M] () -- C:\Users\Ra\AppData\Local\temp\winupd.exe
MOD - [2011/10/12 04:07:28 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/12 04:07:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 04:06:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 04:06:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/10/12 04:02:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 04:01:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 04:01:28 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 03:59:13 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 03:58:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/02/26 12:56:56 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3359.38649__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:56 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3359.38669__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3359.38663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:55 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3359.38668__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:55 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3359.38743__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:55 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3359.38724__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:55 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3359.38706__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3359.38693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3359.38658__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:54 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3359.38744__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:54 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3359.38658__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:53 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3359.38711__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:53 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3359.38712__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:53 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3359.38711__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:53 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3359.38742__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:50 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3359.38695__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3359.38659__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3359.38670__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3359.38719__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:50 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3359.38669__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3359.38704__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3359.38695__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:50 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3359.38704__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:49 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3359.38694__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:49 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3359.38706__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:49 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3359.38674__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:49 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3359.38694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3359.38674__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3359.38694__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3359.38705__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/02/26 12:56:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/02/26 12:56:47 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/02/26 12:56:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/02/26 12:56:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/02/26 12:56:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/02/26 12:56:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/02/26 12:56:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/02/26 12:56:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011/02/26 12:56:45 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/02/26 12:56:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/02/26 12:56:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/02/26 12:56:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/02/26 12:56:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/02/26 12:56:44 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/02/26 12:56:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/02/26 12:56:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/02/26 12:56:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/02/26 12:56:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/02/26 12:56:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3359.38752__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/02/26 12:56:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/02/26 12:56:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/02/26 12:56:41 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/02/26 12:56:41 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/02/26 12:56:41 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3359.38760__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2011/02/26 12:56:41 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3359.38646__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/02/26 12:56:40 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3359.38663__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/02/26 12:56:40 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3359.38738__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/02/26 12:56:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3359.38737__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/02/26 12:56:40 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3359.38648__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/02/26 12:56:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/02/26 12:56:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/02/26 12:56:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/02/26 12:56:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/02/26 12:56:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2011/02/26 12:56:39 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3359.38654__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/02/26 12:56:39 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3359.38647__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/02/26 12:56:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/02/26 12:56:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/02/26 12:56:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3359.38647__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/02/26 12:56:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3359.38645__90ba9c70f846762e\APM.Server.dll
MOD - [2011/02/26 12:56:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3359.38646__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/02/26 12:56:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/02/26 12:56:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/02/26 12:56:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3359.38738__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/02/26 12:56:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/03/14 00:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - [2011/07/15 18:23:16 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/07/15 18:22:50 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/17 09:48:28 | 000,541,080 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009/09/27 14:51:55 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/12/16 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/30 09:30:39 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcjcoms.exe -- (lxcj_device)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/06/10 10:23:50 | 000,074,200 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/04/29 14:01:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/05 16:57:56 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2009/07/07 23:16:24 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/03/14 05:43:42 | 004,173,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/02 03:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/28 18:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/18 02:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/10 23:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-572903933-928196625-178814278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-572903933-928196625-178814278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-572903933-928196625-178814278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 62 8F BA 74 D6 CA 01 [binary data]
IE - HKU\S-1-5-21-572903933-928196625-178814278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-572903933-928196625-178814278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-572903933-928196625-178814278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ra\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ra\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/08 10:03:53 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/01 21:20:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {71E473F7-44C5-77B4-0AF1-10C542A54E1D} - C:\Windows\System32\esentt.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
O3 - HKU\S-1-5-21-572903933-928196625-178814278-1000\..\Toolbar\WebBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKU\S-1-5-21-572903933-928196625-178814278-1000..\Run: [winupd] C:\Users\Ra\AppData\Local\temp\winupd.exe ()
O4 - Startup: C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk = C:\Users\Ra\AppData\Local\temp\winupd.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-572903933-928196625-178814278-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-572903933-928196625-178814278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-572903933-928196625-178814278-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-572903933-928196625-178814278-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270980343301 (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6586777-1402-4990-8A46-60541F991432}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\African Wolves, Perfectly Positioned.jpg
O24 - Desktop BackupWallPaper: C:\African Wolves, Perfectly Positioned.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1996/09/29 20:00:10 | 000,000,168 | RH-- | M] () - E:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/16 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\kELL9gqjYCwIrl
[2011/10/16 21:18:03 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\o11uuvDbFp5sJ6
[2011/10/16 21:18:01 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\o11uuvDbFpm5sJ
[2011/10/16 21:07:42 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\t11uuvDD2ob4pG5
[2011/10/16 21:07:36 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\DZhCr0SiDoFaHJ
[2011/10/16 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\pAAuvD22obFpsJE
[2011/10/16 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\aBrzzPNyxA1uS2b
[2011/10/16 21:07:11 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud Protection
[2011/10/16 21:07:10 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\s66ssWKK7fE9gZq
[2011/10/16 21:07:10 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\HwwwkIIVrlO
[2011/10/16 21:07:04 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\zhhTTXqqjUCkI
[2011/10/16 21:07:03 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\zYYYXwwjUVelBtP
[2011/10/16 21:07:03 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\EFFF4ppmH5
[2011/10/15 19:30:00 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2011/10/15 13:32:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/15 13:10:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/14 17:17:21 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Kids
[2011/10/14 17:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Kids
[2011/10/14 17:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Kids
[2011/10/12 00:54:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 00:54:27 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 00:54:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 00:54:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/12 00:54:21 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/12 00:54:11 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/12 00:54:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/12 00:54:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/12 00:54:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/12 00:54:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/12 00:54:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/12 00:54:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/12 00:54:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/12 00:54:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/12 00:54:07 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/12 00:54:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/12 00:54:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/12 00:54:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/12 00:54:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/12 00:54:05 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/12 00:54:05 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/12 00:54:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/12 00:54:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/12 00:53:30 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/12 00:53:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/08 12:47:59 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/10/08 04:23:49 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Local\temp
[2011/10/04 15:20:13 | 000,000,000 | R--D | C] -- C:\Users\Ra\Dropbox
[2011/10/04 15:16:03 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/10/04 15:15:01 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Dropbox
[2011/09/30 15:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/09/30 15:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_Bar
[2011/09/30 15:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Web Player
[2011/09/30 15:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2011/09/30 01:17:21 | 000,000,000 | ---D | C] -- C:\Users\Ra\Desktop\Important Court and etc
[2011/09/29 02:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youdagames
[2011/09/29 02:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames
[2011/09/29 02:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youda Camper
[2011/09/29 02:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Youda Camper
[2011/09/29 00:00:42 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Youda Fisherman
[2011/09/29 00:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Youda Fisherman
[2011/09/27 21:27:23 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Local\Stonetrip
[2011/09/27 21:27:19 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/09/27 21:27:19 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/09/27 21:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/09/27 21:15:47 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Local\Grubby Games
[2011/09/27 21:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fizzball
[2011/09/27 21:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Fizzball
[2011/09/27 21:08:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\3048
[2011/09/27 20:41:49 | 000,000,000 | R--D | C] -- C:\Users\Ra\AppData\Roaming\Brother
[2011/09/25 21:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\The Revills Games
[2011/09/25 21:14:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\1066
[2011/09/23 16:49:38 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Uniblue
[2011/09/23 16:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue PowerSuite
[2011/09/23 16:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/09/23 16:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\YTDSETUP
[2011/09/23 16:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue Registry Booster
[2011/09/23 16:48:37 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uniblue Registry Booster
[2011/09/23 16:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue Registry Booster
[2011/09/23 13:02:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/23 13:02:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/23 13:02:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/23 13:02:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/23 12:45:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/22 00:58:04 | 000,000,000 | ---D | C] -- C:\Users\Ra\Documents\Slingo Quest Egypt Documents
[2011/09/22 00:58:04 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\funkitron
[2011/09/22 00:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Governor of Poker
[2011/09/22 00:54:36 | 000,000,000 | ---D | C] -- C:\Windows\Governor of Poker
[2011/09/22 00:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Governor of Poker
[2011/09/22 00:54:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\3080
[2011/09/21 22:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diner Dash 2
[2011/09/21 22:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Diner Dash 2
[2011/09/20 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Diner Dash
[2011/09/20 00:46:03 | 000,000,000 | ---D | C] -- C:\# Max games
[2011/04/21 19:13:49 | 000,761,152 | ---- | C] (Microsoft Corporation) -- C:\Users\Ra\AppData\Roaming\msvcr100.dll
[2010/05/18 17:41:00 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Users\Ra\AppData\Roaming\mswinsck.ocx
[2010/02/13 13:03:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcjinpa.dll
[2010/02/13 13:03:51 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcjhcp.dll
[2010/02/13 13:03:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcjserv.dll
[2010/02/13 13:03:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcjusb1.dll
[2010/02/13 13:03:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcjiesc.dll
[2010/02/13 13:03:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcjpmui.dll
[2010/02/13 13:03:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcjlmpm.dll
[2010/02/13 13:03:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcjprox.dll
[2010/02/13 13:03:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcjpplc.dll
[2010/02/13 13:03:48 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcjhbn3.dll
[2010/02/13 13:03:48 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcjih.exe
[2010/02/13 13:03:47 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcjcomc.dll
[2010/02/13 13:03:47 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcjcoms.exe
[2010/02/13 13:03:47 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcjcomm.dll
[2010/02/13 13:03:47 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcjcfg.exe
[2007/08/23 12:16:42 | 017,038,824 | ---- | C] (Uniblue ) -- C:\Program Files\powersuite.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/16 21:30:06 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/16 21:24:43 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E688A46F-3982-4BE4-B13C-1EE1B6A45DF8}.job
[2011/10/16 21:22:40 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/16 21:22:40 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/16 21:22:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572903933-928196625-178814278-1000UA.job
[2011/10/16 21:18:10 | 000,001,875 | ---- | M] () -- C:\Users\Ra\Desktop\Cloud Protection.lnk
[2011/10/16 21:16:02 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/16 21:15:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 21:15:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 21:15:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/16 21:15:45 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/16 21:08:04 | 000,000,851 | R-S- | M] () -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
[2011/10/16 21:07:32 | 000,001,213 | ---- | M] () -- C:\Users\Ra\AppData\Roaming\ldr.ini
[2011/10/16 08:22:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572903933-928196625-178814278-1000Core.job
[2011/10/16 03:43:40 | 000,009,728 | ---- | M] () -- C:\Users\Ra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/14 17:06:00 | 000,001,080 | ---- | M] () -- C:\Users\Ra\Desktop\Operation.lnk
[2011/10/14 17:06:00 | 000,000,434 | ---- | M] () -- C:\Windows\Operation.ini
[2011/10/12 03:57:08 | 000,381,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/09 22:18:23 | 208,596,400 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/06 02:17:48 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/10/04 15:20:13 | 000,000,981 | ---- | M] () -- C:\Users\Ra\Desktop\Dropbox.lnk
[2011/10/04 15:16:30 | 000,000,961 | ---- | M] () -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/10/01 21:20:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/01 20:11:25 | 000,007,473 | ---- | M] () -- C:\Users\Ra\Documents\Rahbil redirect attempt fix notes.rtf
[2011/10/01 18:26:16 | 000,047,352 | ---- | M] () -- C:\Users\Ra\Documents\Rahbil - Car insurance ID.pdf
[2011/09/30 18:37:45 | 000,001,919 | ---- | M] () -- C:\Users\Ra\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9 (2).lnk
[2011/09/30 18:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/09/30 18:03:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/09/30 18:02:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/09/30 18:02:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/09/30 18:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/09/30 18:01:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/09/30 18:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/09/30 18:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/09/30 18:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/09/30 18:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/09/30 18:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/09/30 18:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/09/30 18:01:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/09/30 17:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/30 16:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/30 16:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/30 16:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/09/30 16:28:36 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/09/30 15:52:52 | 000,137,763 | ---- | M] () -- C:\Windows\unins000.dat
[2011/09/30 15:52:52 | 000,000,909 | ---- | M] () -- C:\Users\Ra\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Web Player.lnk
[2011/09/30 15:52:52 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Quick Web Player.lnk
[2011/09/30 15:52:34 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2011/09/27 21:27:19 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/09/27 21:27:19 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/09/23 18:48:22 | 001,674,880 | ---- | M] () -- C:\Users\Ra\Desktop\Pam ConversationDW_C2031 617pm 9-23-11.wav
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/16 21:08:04 | 000,000,851 | R-S- | C] () -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
[2011/10/16 21:07:11 | 000,001,875 | ---- | C] () -- C:\Users\Ra\Desktop\Cloud Protection.lnk
[2011/10/16 21:07:11 | 000,001,213 | ---- | C] () -- C:\Users\Ra\AppData\Roaming\ldr.ini
[2011/10/14 17:06:00 | 000,001,080 | ---- | C] () -- C:\Users\Ra\Desktop\Operation.lnk
[2011/10/14 17:05:57 | 000,000,434 | ---- | C] () -- C:\Windows\Operation.ini
[2011/10/09 22:18:28 | 1876,783,104 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/09 20:52:57 | 208,596,400 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/04 15:20:13 | 000,000,981 | ---- | C] () -- C:\Users\Ra\Desktop\Dropbox.lnk
[2011/10/04 15:16:30 | 000,000,961 | ---- | C] () -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/10/01 20:11:25 | 000,007,473 | ---- | C] () -- C:\Users\Ra\Documents\Rahbil redirect attempt fix notes.rtf
[2011/10/01 18:26:16 | 000,047,352 | ---- | C] () -- C:\Users\Ra\Documents\Rahbil - Car insurance ID.pdf
[2011/09/30 18:37:45 | 000,001,919 | ---- | C] () -- C:\Users\Ra\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9 (2).lnk
[2011/09/30 15:52:52 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011/09/30 15:52:52 | 000,137,763 | ---- | C] () -- C:\Windows\unins000.dat
[2011/09/30 15:52:52 | 000,000,909 | ---- | C] () -- C:\Users\Ra\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Web Player.lnk
[2011/09/30 15:52:52 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\Quick Web Player.lnk
[2011/09/23 18:53:19 | 001,674,880 | ---- | C] () -- C:\Users\Ra\Desktop\Pam ConversationDW_C2031 617pm 9-23-11.wav
[2011/09/23 13:02:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/23 13:02:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/23 13:02:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/23 13:02:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/23 13:02:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/02 03:02:22 | 000,000,000 | ---- | C] () -- C:\Users\Ra\AppData\Local\{292E2C43-28B9-4129-8839-6896947594C6}
[2011/06/14 08:27:57 | 000,000,000 | ---- | C] () -- C:\Users\Ra\AppData\Local\{FD1D6454-51E2-4F41-B9C6-1DAB8AE87C91}
[2011/06/10 20:49:23 | 000,000,000 | ---- | C] () -- C:\Users\Ra\AppData\Local\{EF9BAF0F-E10A-4870-B8ED-7BABA4FD0755}
[2011/06/07 14:02:32 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/06/07 14:02:32 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/06/07 14:02:32 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/06/07 14:02:32 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/06/07 14:02:32 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/06/07 14:02:32 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/06/07 14:02:32 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/06/07 14:02:32 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/06/07 14:02:32 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/06/07 14:02:32 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/06/07 14:02:32 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/06/07 14:02:32 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/06/07 14:02:32 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/06/07 14:02:32 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/06/07 14:02:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/06/07 14:02:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/06/07 13:57:33 | 000,000,090 | ---- | C] () -- C:\Windows\EPART810.ini
[2011/05/12 00:11:24 | 000,047,104 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2011/05/09 21:43:45 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/04/21 19:14:22 | 000,000,358 | ---- | C] () -- C:\Users\Ra\AppData\Roaming\config.lua
[2011/03/23 11:05:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2011/03/23 11:05:42 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2011/03/05 18:18:49 | 000,050,168 | ---- | C] () -- C:\Windows\System32\fckvnbliqamnqyblf.exe
[2011/02/08 13:12:56 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/06 23:46:46 | 000,472,576 | ---- | C] () -- C:\Windows\uninstall.exe
[2011/01/06 23:46:45 | 000,069,736 | ---- | C] () -- C:\Windows\uninstall.dat
[2010/12/22 19:07:09 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/12/22 14:12:04 | 000,000,231 | ---- | C] () -- C:\Windows\SCANFX.INI
[2010/12/03 19:03:17 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/11/22 12:47:09 | 000,000,393 | ---- | C] () -- C:\Windows\smsafari.ini
[2010/08/31 11:23:38 | 000,037,295 | ---- | C] () -- C:\Windows\GEARHEAD.INI
[2010/08/31 11:23:38 | 000,002,555 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2010/03/29 07:56:31 | 000,000,020 | ---- | C] () -- C:\Windows\prefs_bg.dll
[2010/03/26 12:21:19 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/03/26 11:33:54 | 000,000,023 | ---- | C] () -- C:\Windows\SpaceTaxi.INI
[2010/03/25 21:24:36 | 000,000,377 | ---- | C] () -- C:\Windows\hegames.ini
[2010/03/23 00:04:48 | 000,000,407 | ---- | C] () -- C:\Users\Ra\AppData\Local\Win7_Upgrade.bat
[2010/03/17 21:43:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/16 22:42:02 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/15 22:51:07 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2010/02/16 14:06:37 | 000,150,294 | ---- | C] () -- C:\Windows\hpwins05.dat
[2010/02/16 14:06:02 | 000,016,050 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2010/02/16 14:06:02 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2010/02/13 13:13:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2010/02/13 13:10:14 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2010/02/13 13:05:58 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcjcoin.dll
[2010/02/13 13:03:51 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcjinst.dll
[2010/01/01 16:08:03 | 000,000,966 | ---- | C] () -- C:\Windows\CDRip.INI
[2010/01/01 16:08:01 | 000,000,612 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2010/01/01 16:07:41 | 000,151,040 | ---- | C] () -- C:\Windows\System32\wimadll.dll
[2010/01/01 16:05:53 | 001,163,264 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2010/01/01 16:05:53 | 001,015,808 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/01/01 16:05:53 | 000,220,160 | ---- | C] () -- C:\Windows\System32\WnASPI32.dll
[2010/01/01 16:05:53 | 000,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/01/01 16:05:53 | 000,061,440 | ---- | C] () -- C:\Windows\System32\libfaac.dll
[2010/01/01 16:05:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2010/01/01 16:05:53 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DGRip.dll
[2010/01/01 16:05:53 | 000,036,352 | ---- | C] () -- C:\Windows\System32\MP2enc.dll
[2009/12/04 16:28:27 | 000,000,055 | ---- | C] () -- C:\Windows\Maris.ini
[2009/11/06 23:30:50 | 000,000,221 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/09/17 23:59:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 23:59:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 23:58:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/30 20:21:08 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009/08/30 20:02:00 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/07/12 13:46:20 | 000,009,728 | ---- | C] () -- C:\Users\Ra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 04:08:49 | 000,001,356 | ---- | C] () -- C:\Users\Ra\AppData\Local\d3d9caps.dat
[2009/07/07 16:56:53 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/07/07 16:08:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/07 16:02:02 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/07/07 16:02:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/07/07 16:02:02 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/07/07 16:02:02 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/07/07 15:53:12 | 000,000,005 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/10/30 10:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/05/05 13:41:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/05/05 04:49:37 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/05/05 04:49:37 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/04/24 20:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 20:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 20:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 20:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 20:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 20:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/04/23 00:05:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/22 23:35:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/04 21:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/01/20 21:24:27 | 000,065,536 | ---- | C] () -- C:\Windows\System32\efssadu.dll
[2008/01/20 21:23:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\caclss.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,381,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/18 05:26:45 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcjvs.dll
[2005/08/08 09:01:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcjcnv4.dll
[2005/01/17 02:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2004/08/09 02:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2000/07/14 23:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe
[1999/10/26 11:00:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CC4C59B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C2AD09C0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:94A19129
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



OTL Extras logfile created on: 10/16/2011 9:44:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\# Downloads\# Redirect Virus Stuff
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 27.58% Memory free
3.74 Gb Paging File | 2.52 Gb Available in Paging File | 67.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.95 Gb Total Space | 10.91 Gb Free Space | 6.10% Space Free | Partition Type: NTFS
Drive E: | 479.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RA-PC | User Name: Ra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-572903933-928196625-178814278-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0122523F-9EF1-4A71-A39B-602A92737D12}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{077E6E69-6DE4-4DAB-BCA1-DB1241DBB6A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{08C2E2F9-C2D7-404D-B026-87144D5844B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{08EAE540-CE31-4E53-BFB8-3AAA3CE2A479}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FDD451B-ED68-4609-8F53-555E6F844BE4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36E0811C-7CF4-47D6-AD71-89FBEFCD747D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{386C5A76-5CCD-433C-B72B-9C541161F6DD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{41198326-CBEE-4565-9F87-A401AF63D029}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{441E000A-7213-4D18-B03A-CE9FA60533BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{4F8C16E6-50AD-4E10-87C1-059AD2923AE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A12FA67-1E54-41AB-A15F-050E531D3DC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AA71CBF-C1CA-4E3E-B1B4-05C252998B35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{701827FC-E9A4-401C-8085-9A4BB64AB31D}" = rport=137 | protocol=17 | dir=out | app=system |
"{728C0359-A135-4E28-AA9B-AE3368430E49}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73A8583D-83C7-40CF-9041-9E1AE807880F}" = lport=445 | protocol=6 | dir=in | app=system |
"{74114FCB-6D6C-41CD-A1B3-3D9101CC3C26}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7B0DF3B2-4E4A-4571-BC1C-7B80975AE82D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B31548F-B98A-49E3-8D82-FE7268902B4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7B927C18-5CC1-4B0A-AA0E-82D88F3A3863}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{828BAF94-A9C2-44B3-A874-96E50E143AD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E6BBA2D-15B3-4273-AE9B-562ECD47BC1A}" = lport=137 | protocol=17 | dir=in | app=system |
"{95D4BC6B-8D28-4E35-A06D-D74AA0FA60DA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{97A067DE-C386-498E-A97E-2B5B287E11F8}" = rport=139 | protocol=6 | dir=out | app=system |
"{AA5A7E94-47BF-428A-A84D-FB2DADA07226}" = rport=138 | protocol=17 | dir=out | app=system |
"{AE0313E0-0044-458B-87F5-AFA9413CF4F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2E02641-D16A-4820-ADD3-B203E0919CEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD3AE85C-2BF1-41E1-B099-029819571417}" = rport=2869 | protocol=6 | dir=out | app=system |
"{BE0E2932-21B3-43B5-ADE9-B0D089F12F04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C0F0A094-9A28-4190-A2BF-CC4DBD6B59E2}" = rport=445 | protocol=6 | dir=out | app=system |
"{C7F9648B-0D6E-49B2-8E96-3F555E8235AD}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5A7A0C3-1D00-4D58-9240-117966E7738D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DD30D9FE-ACDC-470E-9C78-2BD16F5DD0C2}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{DD3BCC23-1356-4CF1-8365-EB0BE7D7D7BA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E672EEF2-2AFE-4340-ABC1-F58432D153A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EAEABEDF-978B-4637-B875-EF75D248C769}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF43E6E2-1A08-4C32-89E6-7D065DDD618D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F082C586-CA83-4917-9F0B-FE6BF7A96432}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2ADC0DD-197D-420D-A367-3986FD16FAF5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F5117CDA-0DAF-46CA-B932-8A04CC519804}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C20EE23-4136-433A-9FA2-2911B64CFB20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10BDEF68-C921-443B-A51A-BC28F1EBD997}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E3176EC-2439-4D05-95A6-F8EF2AD31AFF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{2743812D-F4FB-46B4-AAFD-5EBEF7B548EB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2918CA27-5632-4C8D-94E3-024417461F33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{316CEC6C-14C0-48BD-9E89-443B345582B7}" = protocol=6 | dir=out | app=system |
"{31D21F8C-6809-4F3C-8DB3-71043E79A862}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32F5F583-5CD0-4DC2-A498-1C11A57444FF}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{362D0BB4-0EB5-4E95-AC99-23EA3C9682A4}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{367D9ACF-95FD-4FB6-87C1-4CF91B5B0B31}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3A671F55-CAE4-4B23-B42B-05629DD59BE2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C9E1BA8-05B6-4DAA-96F3-92269CE9ECBE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{46624D43-89B7-4524-99A9-6C32EF4D2575}" = protocol=6 | dir=in | app=c:\windows\system32\lxcjcoms.exe |
"{46AC626D-83CB-490D-81CF-3A434328B777}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe |
"{4A066965-CD6B-4CA1-99CE-9A57C0ED15FA}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{4FA34213-B91E-4B3D-B3CD-5F6919CF65C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{503A57AA-35BE-47E9-A2B2-1EB90AF62C03}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{5AB6736D-B677-4E59-9310-4CFB7E50DCB0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B2CB090-080F-4AAB-B2BC-C6B755C2799A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61BF1E5C-E953-4328-B61D-F316545D8375}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{6206647C-5A96-4C54-92FE-8CDE45909BFE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{639D2AFE-CCB3-4071-B2DB-5E828F12539C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{67E071CC-789D-4DF9-BD43-A2724523B547}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{6B02A04A-D33B-43A5-97D8-727237311870}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DCAD49D-BA49-43CA-B6D4-FB35C0D99872}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7C8CCEAF-490F-4A35-843B-EDD0DFEEED44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{870C0F51-4336-444C-B8B0-CD905D630763}" = dir=in | app=support inrosettastoneltdservices.exe |
"{91787B87-BAFF-4667-9993-FA3621F51C00}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{94173B7C-6C29-41C5-8415-08580353066F}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{9BA58F61-23E7-443D-AAFE-737B28FCBFCC}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{A7B8B9DF-1768-4DD1-8CC1-A2D28B0C5CFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A8792244-00CC-4AFB-9028-B40A13D7CFC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9867A8B-77E8-41E3-8700-C4B740AC255B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA1B2F84-17FD-4E7C-ACD0-7FC6E5CD3948}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B2999122-A84E-46D5-962E-9672D8B791AA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcjpswx.exe |
"{B82236B2-61A1-448D-95F5-472C93A89BFC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BC7E468A-3BBC-42BB-B237-76585A00DC62}" = protocol=6 | dir=in | app=c:\users\ra\appdata\roaming\dropbox\bin\dropbox.exe |
"{C245E3EF-3CD4-46E5-8FD1-37CEEBBC58A1}" = protocol=17 | dir=in | app=c:\windows\system32\lxcjcoms.exe |
"{C67D331A-00F9-4637-8BEA-135BCAAA4DA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C884FF03-E4B6-4598-8EA3-BDCB027E2787}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C8ECB8C1-D2D9-4044-8A6E-6F22AF114EAB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{CE3CBBE6-AAEE-4945-86D6-7BC5C1DC846D}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{CF87D6DD-FA37-42A8-A071-378B0B89DF4B}" = protocol=17 | dir=in | app=c:\users\ra\appdata\roaming\dropbox\bin\dropbox.exe |
"{D1193C0D-16F8-420A-856F-90643EBDB61D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D126ABA3-9634-4109-A08D-B801F2B48D91}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DD147D1F-A825-427D-8A00-6404217281AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF83034E-92B0-4BA4-AA23-246A3882A836}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E08E5CB3-324B-4C10-BD7E-0E1F3299DE9E}" = dir=in | app=rosettastoneversion3.exe |
"{E27732B7-8AE0-4DD8-8557-ED5FB5B6795E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E442268A-51B1-4695-8A20-B856C3C84093}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E600EFF9-0141-4C28-801D-7AB36AE99632}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{F0AE4FA2-B263-4548-947F-E07EED416463}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{F8113401-FBCE-4350-8B93-14CA83A1C1FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FFDA975F-0A38-4D88-AF40-5BE7E244106B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{1900EF9F-AD8B-4E2D-89E2-B99027DFB2D6}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{2AAD055A-FAB4-4D25-9310-23501142DA72}C:\program files\paradox interactive\east india company\eastindia.exe" = protocol=6 | dir=in | app=c:\program files\paradox interactive\east india company\eastindia.exe |
"TCP Query User{4462F622-C1B9-49D5-8B4C-F8BC2BE1FE03}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{68FA20D5-459A-4070-BE2A-7AEB83D50D42}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{71A3EA5C-F2F8-4208-9939-19B4B901D34D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A2C85A7F-8E97-4237-9861-3F9A18DEEE14}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{A5D7869F-A9C0-4910-B3BF-11329DE2961C}C:\program files\stacked\stacked.exe" = protocol=6 | dir=in | app=c:\program files\stacked\stacked.exe |
"TCP Query User{ABBABEDC-1955-4246-9607-C0BE3F329149}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{B7B80F82-5F23-4563-8F41-E9179A18F196}C:\program files\paradox interactive\east india company\piratebay.exe" = protocol=6 | dir=in | app=c:\program files\paradox interactive\east india company\piratebay.exe |
"TCP Query User{BCA0268C-4365-4070-9980-39F94F0E0C04}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{E766D38C-694B-43BE-92FE-4C94C213347B}C:\program files\2k sports\mlb 2k10\mlb2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\mlb 2k10\mlb2k10.exe |
"TCP Query User{F3FC75F5-4D1F-4EE9-B769-23FF6BBD2009}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F920E353-852E-4E0F-911A-52958CAFAA6C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{18AE3891-5B4C-4CDE-A218-90CE2C815EA2}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{1FF0F603-6582-45D5-B297-20041FDB07D5}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{482BAEC0-FD2D-4E32-81AC-6D6369B8610D}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{491770C5-8363-4E6E-8C70-AB55FB2AF59E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5E27420E-F97A-44B3-B53A-C22873491D26}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{6E783391-8152-4594-9F28-A0DAB94AE892}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{8D97AD8C-04B6-454E-8C3D-1E9EDA6F0453}C:\program files\paradox interactive\east india company\eastindia.exe" = protocol=17 | dir=in | app=c:\program files\paradox interactive\east india company\eastindia.exe |
"UDP Query User{9CAC84A5-8715-4F08-AB92-46F17E196A8D}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{A3E75985-E4C2-4B85-9C3D-E840D694C362}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B9EAD52D-5D70-4BD0-9407-68A626401285}C:\program files\stacked\stacked.exe" = protocol=17 | dir=in | app=c:\program files\stacked\stacked.exe |
"UDP Query User{C5F1AFA4-47AD-4CE0-A79D-CEAD96CA8BEC}C:\program files\2k sports\mlb 2k10\mlb2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\mlb 2k10\mlb2k10.exe |
"UDP Query User{E51C39E5-A4CE-4C29-B7FB-F978475E1691}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{FCC4540A-3829-428B-959F-E37BDAFE95D2}C:\program files\paradox interactive\east india company\piratebay.exe" = protocol=17 | dir=in | app=c:\program files\paradox interactive\east india company\piratebay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}" = Nostromo Array Programming Software
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24E439E1-02B6-40E8-82A8-2E2033B62A9E}" = Eagle Lander 3D v212
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29B11F9F-5E2D-11D4-8BA5-0050BAAA20E2}" = Wheel of Fortune 2nd Edition
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{377C9E1B-28E9-40C3-836C-85F8E839D4E6}" = John Deere Drive Green
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{5453E446-58CE-16B5-F9C4-FFDDD84AA1F6}" = ccc-utility
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D2590-4737-01A6-8CD1-5AE6A83A4A5A}" = ccc-core-static
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{637C1366-AFB3-2785-9882-F71B465ABF97}" = Catalyst Control Center Core Implementation
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}" = Memeo AutoBackup
"{69EA986B-B172-4FAA-B54D-853BD3A2B264}" = Popcap Game Collection
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}" = Windows Live Movie Maker Beta
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1" = Quick Web Player
"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE
"{757E0E87-8F54-46FD-BA00-54CCF341F4A9}" = ArcSoft Print Creations
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79345C32-178F-873A-930D-824D1CAD6F77}" = Catalyst Control Center Graphics Full New
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7CE0803C-CA6A-4D7A-8FB8-055EBB4AF141}" = The Typing of The Dead US
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87175DA3-891C-4BD5-49ED-08D3A9D4DE78}" = Catalyst Control Center InstallProxy
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97512669-DB28-9779-25CE-47C7EE7F12AE}" = Catalyst Control Center Graphics Full Existing
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A233E825-D334-08E8-442F-7D47875101D5}" = Catalyst Control Center Graphics Light
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC8F8E57-72D7-20B1-EDE4-2C3BDE3C8857}" = ATI Catalyst Install Manager
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B1F42D68-8E6A-3617-43BB-22910D45BF76}" = Catalyst Control Center Graphics Previews Vista
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.50.02
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3E98E64-683E-4271-9D39-88B1AAB1AE7B}" = L7600
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4F3D6A2-1214-4307-B43B-2C123AE931EC}" = Eagle Lander 3D 212 Vista Patch
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CA256FA1-4CF9-492C-98A6-6E451F83AEC3}" = Youda Farmer
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBA2E782-C278-4B81-008D-4703FCBC1A2E}" = SimCity 4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D9EE791A-60CD-F291-2CD6-2110CCD2A3A5}" = CCC Help English
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E960C31B-B5B5-43BB-A0E6-A413FBC0BDAA}" = VIPRE Antivirus
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9D84B40-BAA9-64CC-3FD3-0F6454D203AD}" = Skins
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"16 Big Fish Games" = 16 Big Fish Games
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Airport Mania 1.1.3" = Airport Mania 1.1.3
"Airport Mania_is1" = Airport Mania
"Applet Effects Factory" = Applet Effects Factory
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3 Plugin
"Austin Powers Pinball_is1" = Austin Powers Pinball
"Azkend" = Azkend
"Bastion_is1" = Bastion
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BitLord" = BitLord 0.56
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"BookWorm Deluxe 1.02" = BookWorm Deluxe 1.02
"Cactus Bruce and the Corporate Monkeys_is1" = Cactus Bruce and the Corporate Monkeys
"Catan" = Catan (remove only)
"CCleaner" = CCleaner
"Curling 1.00" = Curling 1.00
"Diner Dash 2_is1" = Diner Dash 2
"Dracula Files 1.00" = Dracula Files 1.00
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Escape Rosecliff Island 1.00" = Escape Rosecliff Island 1.00
"fckvnbliqamnqyblf" = Advanced Performance Platform Revenuestreaming.
"Fishdom1.0" = Fishdom
"Fizzball_is1" = Fizzball
"G.H.O.S.T Chronicles - Phantom of the Renaissance Faire1.5.0" = G.H.O.S.T Chronicles - Phantom of the Renaissance Faire
"GameSpy Arcade" = GameSpy Arcade
"GearheadDeinstKey" = Gearheads
"Go-Go Gourmet 2 - Chef of the Year1.0" = Go-Go Gourmet 2 - Chef of the Year
"Gold Miner_is1" = Gold Miner
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Governor of Poker1.0" = Governor of Poker
"Hidden Expedition - Titanic 1.00" = Hidden Expedition - Titanic 1.00
"Hidden Mysteries Buckingham Palace1.0" = Hidden Mysteries Buckingham Palace
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Indeo® software" = Indeo® software
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{68BEE9AE-D577-4CFA-9201-02B0CF288FC5}" = Memeo AutoBackup
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Interpol 2 Most Wanted1.024" = Interpol 2 Most Wanted
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Standard)
"Laura Jones and the Gates of Good and Evil1.0" = Laura Jones and the Gates of Good and Evil
"Lemmings Revolution" = Lemmings Revolution
"Lexmark 8300 Series" = Lexmark 8300 Series
"Little Shop Of Treasures" = Little Shop Of Treasures
"Love and Death - Bitten 1.0" = Love and Death - Bitten 1.0
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Magic Match Adventures ." = Magic Match Adventures .
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Moonbase Commander" = Moonbase Commander
"Mortimer Beckett and the Secrets of Spooky Manor 1.1.0" = Mortimer Beckett and the Secrets of Spooky Manor 1.1.0
"Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
"mpegable DS" = mpegable DS decoder
"MSBTLClimb" = Microsoft Beyond the Limit: Ultimate Climb
"Mushroom Age1.0" = Mushroom Age
"Mystery P I The New York Fortune1.0.0" = Mystery P I The New York Fortune
"OpDKey" = Operation
"OpenAL" = OpenAL
"Origin" = Origin
"Paperball" = Chicken Attack Deluxe
"Paranormal Agency 1.00" = Paranormal Agency 1.00
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa2" = Picasa 2
"Pirate Solitaire 1.00" = Pirate Solitaire 1.00
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PowerISO" = PowerISO
"Princess Isabella A Witch's Curse 1.00" = Princess Isabella A Witch's Curse 1.00
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"RealPlayer 12.0" = RealPlayer
"Reflexive Arcade Games - Action" = Reflexive Arcade Games - Action
"Reflexive Arcade Games - Break Out" = Reflexive Arcade Games - Break Out
"Reflexive Arcade Games - Card" = Reflexive Arcade Games - Card
"Reflexive Arcade Games - Puzzle" = Reflexive Arcade Games - Puzzle
"Reflexive Arcade Games - Shooter" = Reflexive Arcade Games - Shooter
"Reflexive Arcade Games - Strategy" = Reflexive Arcade Games - Strategy
"Reflexive Arcade Games - Word" = Reflexive Arcade Games - Word
"SkyBase" = SkyBase
"Slingo Quest Egypt 1.00" = Slingo Quest Egypt 1.00
"SoapRET" = Kai's Photo Soap
"Space Taxi 2_is1" = Space Taxi 2
"Spin & Win_is1" = Spin & Win
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1" = Uniblue PowerSuite
"Takeout Weight Curling 2" = Take-Out Weight Curling 2
"The Clockwork Man 1.00" = The Clockwork Man 1.00
"The Hidden Object Show - Season 2 2.00" = The Hidden Object Show - Season 2 2.00
"The Mysterious City Golden Prague1.0" = The Mysterious City Golden Prague
"The Stroke of Midnight and Guide1.0" = The Stroke of Midnight and Guide
"Think Tanks_is1" = Think Tanks
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trivia Machine_is1" = Trivia Machine
"Uniblue Registry Booster" = Uniblue Registry Booster PRO
"Video Edit Magic_is1" = Video Edit Magic 4
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"Vivitar Experience Image Manager - TARGET Edition" = Vivitar Experience Image Manager - TARGET Edition
"Voodoo Dice 1.00" = Voodoo Dice 1.00
"WhiteSmoke_Bar Toolbar" = WhiteSmoke Bar Toolbar
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder
"Youda Camper_is1" = Youda Camper
"Youda Fisherman1.0" = Youda Fisherman
"Youda Sushi Chef1.3.0.0" = Youda Sushi Chef
"Zombie Bowl-O-Rama1.0" = Zombie Bowl-O-Rama

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-572903933-928196625-178814278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:08 AM

Posted 17 October 2011 - 07:43 AM

Hi,

:step1: It looks as though you've run ComboFix before. Could you post me the log, it will be saved at C:\Combofix.txt

:step2: P2P Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case BitLord). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

I strongly recommend that you uninstall these programs, however, should you decide to keep this program please refrain from using it until we get your computer clean and always show caution in any files you download.

:step3: WhiteSmoke Toolbar
I recommend that you uninstall the WhiteSmoke toolbar, as per the details here. See if you can find it in Add/Remove programs.

:step4: We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :processes
    killallprocesses
    
    :otl
    IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
    O3 - HKLM\..\Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
    O3 - HKU\S-1-5-21-572903933-928196625-178814278-1000\..\Toolbar\WebBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKU\S-1-5-21-572903933-928196625-178814278-1000..\Run: [winupd] C:\Users\Ra\AppData\Local\temp\winupd.exe ()
    O4 - Startup: C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk = C:\Users\Ra\AppData\Local\temp\winupd.exe ()
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [1996/09/29 20:00:10 | 000,000,168 | RH-- | M] () - E:\AutoRun.inf -- [ CDFS ]
    [2011/10/16 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\kELL9gqjYCwIrl
    [2011/10/16 21:18:03 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\o11uuvDbFp5sJ6
    [2011/10/16 21:18:01 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\o11uuvDbFpm5sJ
    [2011/10/16 21:07:42 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\t11uuvDD2ob4pG5
    [2011/10/16 21:07:36 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\DZhCr0SiDoFaHJ
    [2011/10/16 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\pAAuvD22obFpsJE
    [2011/10/16 21:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\aBrzzPNyxA1uS2b
    [2011/10/16 21:07:11 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud Protection
    [2011/10/16 21:07:10 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\s66ssWKK7fE9gZq
    [2011/10/16 21:07:10 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\HwwwkIIVrlO
    [2011/10/16 21:07:04 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\zhhTTXqqjUCkI
    [2011/10/16 21:07:03 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\zYYYXwwjUVelBtP
    [2011/10/16 21:07:03 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\EFFF4ppmH5
    [2011/09/30 15:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2011/09/30 15:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_Bar
    [2011/10/16 21:18:10 | 000,001,875 | ---- | M] () -- C:\Users\Ra\Desktop\Cloud Protection.lnk
    [2011/10/16 21:08:04 | 000,000,851 | R-S- | M] () -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
    [2011/10/16 21:07:32 | 000,001,213 | ---- | M] () -- C:\Users\Ra\AppData\Roaming\ldr.ini
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:090FB735
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CC4C59B4
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:ECF54A0E
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:517B507A
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C2AD09C0
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:77A023CE
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:94A19129
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:28CDD861
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    [PURITY]
    [REBOOT]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Finally, please let me know how your PC is now running.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 Rahbil

Rahbil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 17 October 2011 - 08:55 AM

Problem is still present. Still have redirect and cannot log into Youtube or Facebook.

#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:08 AM

Posted 17 October 2011 - 08:58 AM

Have you done all of the above steps? If so, could you post me the logs please.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 Rahbil

Rahbil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 17 October 2011 - 02:34 PM

Here is my ComboFix from 10-15 and a new OTL after you sent me the OTL fix previously.


ComboFix 11-10-15.04 - Ra 10/15/2011 13:14:53.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.976 [GMT -5:00]
Running from: c:\# downloads\## DONE\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))
.
.
2011-10-15 18:28 . 2011-10-15 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 22:17 . 2011-10-14 22:17 -------- d-----w- c:\program files\Microsoft Kids
2011-10-12 05:53 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 05:53 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 05:53 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 05:53 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-08 17:48 . 2011-10-13 02:09 -------- d-----w- c:\windows\system32\wbem\repository
2011-10-08 09:23 . 2011-10-15 18:28 -------- d-----w- c:\users\Ra\AppData\Local\temp
2011-10-04 20:20 . 2011-10-13 02:11 -------- d-----r- c:\users\Ra\Dropbox
2011-10-04 20:15 . 2011-10-13 02:11 -------- d-----w- c:\users\Ra\AppData\Roaming\Dropbox
2011-09-30 20:53 . 2011-09-30 20:53 -------- d-----w- c:\program files\Conduit
2011-09-30 20:53 . 2011-09-30 20:53 -------- d-----w- c:\program files\WhiteSmoke_Bar
2011-09-30 20:52 . 2011-09-30 20:52 723294 ----a-w- c:\windows\unins000.exe
2011-09-30 20:52 . 2011-09-30 20:52 -------- d-----w- c:\program files\Quick Web Player
2011-09-29 07:38 . 2011-09-29 07:38 -------- d-----w- c:\program files\Youdagames
2011-09-29 07:33 . 2011-09-29 07:33 -------- d-----w- c:\program files\Youda Camper
2011-09-29 05:00 . 2011-09-29 05:00 -------- d-----w- c:\program files\Youda Fisherman
2011-09-28 02:27 . 2011-09-28 02:27 -------- d-----w- c:\users\Ra\AppData\Local\Stonetrip
2011-09-28 02:27 . 2011-09-28 02:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-28 02:27 . 2011-09-28 02:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-28 02:27 . 2011-09-28 02:27 -------- d-----w- c:\program files\OpenAL
2011-09-28 02:15 . 2011-09-28 02:15 -------- d-----w- c:\users\Ra\AppData\Local\Grubby Games
2011-09-28 02:15 . 2011-09-28 02:20 -------- d-----w- c:\program files\Fizzball
2011-09-28 02:08 . 2011-09-28 02:08 -------- d-----w- c:\windows\system32\3048
2011-09-28 01:41 . 2011-09-28 01:41 -------- d-----r- c:\users\Ra\AppData\Roaming\Brother
2011-09-26 02:30 . 2011-09-26 02:30 -------- d-----w- c:\programdata\The Revills Games
2011-09-26 02:14 . 2011-09-28 16:50 -------- d-----w- c:\windows\system32\1066
2011-09-23 21:49 . 2011-09-23 22:00 -------- d-----w- c:\users\Ra\AppData\Roaming\Uniblue
2011-09-23 21:49 . 2011-09-23 21:49 -------- d-----w- c:\program files\Uniblue
2011-09-23 21:48 . 2011-10-08 15:03 -------- d-----w- c:\program files\YTDSETUP
2011-09-23 21:48 . 2011-09-23 21:48 -------- d-----w- c:\program files\Uniblue Registry Booster
2011-09-22 05:58 . 2011-09-22 05:58 -------- d-----w- c:\users\Ra\AppData\Roaming\funkitron
2011-09-22 05:54 . 2011-09-22 05:54 -------- d-----w- c:\program files\Governor of Poker
2011-09-22 05:54 . 2011-09-22 05:54 -------- d-----w- c:\windows\Governor of Poker
2011-09-22 05:54 . 2011-09-26 02:14 -------- d-----w- c:\windows\system32\3080
2011-09-22 03:02 . 2011-10-08 15:03 -------- d-----w- c:\program files\Diner Dash 2
2011-09-20 05:48 . 2011-10-09 08:51 -------- d-----w- c:\program files\Diner Dash
2011-09-20 05:46 . 2011-09-20 05:46 -------- d-----w- C:\# Max games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 13:48 . 2011-09-02 22:22 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60A09548-CCF2-4E52-8A4D-A1E704258FFE}\mpengine.dll
2011-07-23 10:59 . 2011-08-18 02:39 184320 ----a-w- c:\windows\system32\iefraame.dll
2007-08-23 17:16 . 2007-08-23 17:16 17038824 ----a-w- c:\program files\powersuite.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71E473F7-44C5-77B4-0AF1-10C542A54E1D}]
2009-04-11 06:28 65536 ----a-w- c:\windows\System32\esentt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2007-08-16 99608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-07-15 1353040]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"NDSTray.exe"="NDSTray.exe" [BU]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
.
c:\users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ra\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk]
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
backup=c:\windows\pss\Free WebSite Tools.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Loadout Manager.lnk]
backup=c:\windows\pss\Loadout Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-03-19 20:35 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-02-10 23:43 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 01:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 17:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON01A9F4]
2009-02-23 06:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFRA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-01-30 14:35 103344 ----a-w- c:\program files\Lexmark 8300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-06-05 05:00 843776 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-16 01:45 30192 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 03:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2010-03-17 14:48 1141144 ----a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCJCATS]
2006-11-21 17:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcjtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcjmon.exe]
2007-01-30 14:32 205744 ----a-w- c:\program files\Lexmark 8300 Series\lxcjmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-21 00:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ------w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMSpeed]
2008-12-09 14:32 55120 ----a-w- c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-07 22:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-07 01:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 20:52 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouSendIt.exe]
2010-03-15 21:38 82432 ----a-w- c:\program files\YouSendIt\Express\YouSendIt.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 136176]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
R4 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
R4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 136176]
R4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
R4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-08 721904]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 101720]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-07-15 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-06-10 74200]
S2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-07-15 181584]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 16:14]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-02 16:14]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-572903933-928196625-178814278-1000Core.job
- c:\users\Ra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-31 15:58]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-572903933-928196625-178814278-1000UA.job
- c:\users\Ra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-31 15:58]
.
2011-10-15 c:\windows\Tasks\User_Feed_Synchronization-{E688A46F-3982-4BE4-B13C-1EE1B6A45DF8}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes -------------------
- - - - - - - > 'Explorer.exe'(4912)
c:\users\Ra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2011-10-15 13:36:54
ComboFix-quarantined-files.txt 2011-10-15 18:36
ComboFix2.txt 2011-10-08 09:23
ComboFix3.txt 2011-10-07 17:50
ComboFix4.txt 2011-10-02 02:39
ComboFix5.txt 2011-10-15 18:10
.
Pre-Run: 14,004,473,856 bytes free
Post-Run: 13,775,192,064 bytes free
.
- - End Of File - - B1421FD00202F9C0D9A552E69B3CDC25

OTL logfile created on: 10/17/2011 12:06:50 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\# Downloads\# Redirect Virus Stuff
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 41.09% Memory free
3.74 Gb Paging File | 2.50 Gb Available in Paging File | 66.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.95 Gb Total Space | 9.75 Gb Free Space | 5.45% Space Free | Partition Type: NTFS
Drive E: | 479.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RA-PC | User Name: Ra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 21:11:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\# Downloads\# Redirect Virus Stuff\OTL.exe
PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ra\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/07/15 18:38:28 | 001,353,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2011/07/15 18:23:16 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2011/07/15 18:22:50 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/07 17:01:07 | 000,277,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/03 15:21:18 | 000,030,544 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2008/05/24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 04:07:28 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/12 04:07:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 04:06:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 04:06:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/10/12 04:02:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 04:01:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 04:01:28 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 03:59:13 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 03:58:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/02/26 12:56:56 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3359.38649__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:56 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3359.38669__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3359.38663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:55 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3359.38668__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:55 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3359.38743__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:55 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3359.38724__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:55 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3359.38706__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3359.38693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3359.38658__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:54 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3359.38744__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:54 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3359.38658__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:53 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3359.38711__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:53 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3359.38712__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:53 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3359.38711__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:53 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3359.38742__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:50 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3359.38695__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3359.38659__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3359.38670__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3359.38719__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:50 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3359.38669__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3359.38704__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:50 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3359.38695__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:50 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3359.38704__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:49 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3359.38694__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:49 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3359.38706__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011/02/26 12:56:49 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3359.38674__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011/02/26 12:56:49 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3359.38694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3359.38674__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3359.38694__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3359.38705__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/02/26 12:56:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/02/26 12:56:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/02/26 12:56:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/02/26 12:56:47 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/02/26 12:56:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/02/26 12:56:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/02/26 12:56:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/02/26 12:56:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/02/26 12:56:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/02/26 12:56:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011/02/26 12:56:45 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/02/26 12:56:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/02/26 12:56:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/02/26 12:56:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/02/26 12:56:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/02/26 12:56:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/02/26 12:56:44 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/02/26 12:56:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/02/26 12:56:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/02/26 12:56:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/02/26 12:56:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/02/26 12:56:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/02/26 12:56:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3359.38752__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/02/26 12:56:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/02/26 12:56:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/02/26 12:56:41 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/02/26 12:56:41 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/02/26 12:56:41 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3359.38760__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2011/02/26 12:56:41 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3359.38646__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/02/26 12:56:40 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3359.38663__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/02/26 12:56:40 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3359.38738__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/02/26 12:56:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3359.38737__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/02/26 12:56:40 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3359.38648__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/02/26 12:56:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/02/26 12:56:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/02/26 12:56:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/02/26 12:56:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/02/26 12:56:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2011/02/26 12:56:39 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3359.38654__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/02/26 12:56:39 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3359.38647__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/02/26 12:56:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/02/26 12:56:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/02/26 12:56:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3359.38647__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/02/26 12:56:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3359.38645__90ba9c70f846762e\APM.Server.dll
MOD - [2011/02/26 12:56:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3359.38646__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/02/26 12:56:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/02/26 12:56:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/02/26 12:56:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3359.38738__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/02/26 12:56:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/03/14 00:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - [2011/07/15 18:23:16 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/07/15 18:22:50 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/17 09:48:28 | 000,541,080 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009/09/27 14:51:55 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 17:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 02:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/12/16 23:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 18:27:16 | 000,066,928 | ---- | M] () [Disabled | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/30 09:30:39 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcjcoms.exe -- (lxcj_device)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/10 23:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/06/10 10:23:50 | 000,074,200 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/04/29 14:01:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/05 16:57:56 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2009/07/07 23:16:24 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/03/14 05:43:42 | 004,173,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/02 03:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/28 18:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/18 02:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/10 23:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 62 8F BA 74 D6 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ra\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ra\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/08 10:03:53 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Poppit = C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/01 21:20:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {71E473F7-44C5-77B4-0AF1-10C542A54E1D} - C:\Windows\System32\esentt.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - Startup: C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270980343301 (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6586777-1402-4990-8A46-60541F991432}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\African Wolves, Perfectly Positioned.jpg
O24 - Desktop BackupWallPaper: C:\African Wolves, Perfectly Positioned.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1996/09/29 20:00:10 | 000,000,168 | RH-- | M] () - E:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/17 08:39:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/15 19:30:00 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2011/10/15 13:32:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/15 13:10:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/14 17:17:21 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Kids
[2011/10/14 17:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Kids
[2011/10/14 17:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Kids
[2011/10/12 00:54:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 00:54:27 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 00:54:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 00:54:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/12 00:54:21 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/12 00:54:11 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/12 00:54:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/12 00:54:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/12 00:54:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/12 00:54:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/12 00:54:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/12 00:54:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/12 00:54:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/12 00:54:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/12 00:54:07 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/12 00:54:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/12 00:54:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/12 00:54:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/12 00:54:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/12 00:54:05 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/12 00:54:05 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/12 00:54:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/12 00:54:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/12 00:53:30 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/12 00:53:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/08 12:47:59 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/10/08 04:23:49 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Local\temp
[2011/10/04 15:20:13 | 000,000,000 | R--D | C] -- C:\Users\Ra\Dropbox
[2011/10/04 15:16:03 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/10/04 15:15:01 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Dropbox
[2011/09/30 15:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Web Player
[2011/09/30 15:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Web Player
[2011/09/30 01:17:21 | 000,000,000 | ---D | C] -- C:\Users\Ra\Desktop\Important Court and etc
[2011/09/29 02:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youdagames
[2011/09/29 02:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames
[2011/09/29 02:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youda Camper
[2011/09/29 02:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Youda Camper
[2011/09/29 00:00:42 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Youda Fisherman
[2011/09/29 00:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Youda Fisherman
[2011/09/27 21:27:23 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Local\Stonetrip
[2011/09/27 21:27:19 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/09/27 21:27:19 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/09/27 21:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/09/27 21:15:47 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Local\Grubby Games
[2011/09/27 21:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fizzball
[2011/09/27 21:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Fizzball
[2011/09/27 21:08:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\3048
[2011/09/27 20:41:49 | 000,000,000 | R--D | C] -- C:\Users\Ra\AppData\Roaming\Brother
[2011/09/25 21:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\The Revills Games
[2011/09/25 21:14:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\1066
[2011/09/23 16:49:38 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Uniblue
[2011/09/23 16:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue PowerSuite
[2011/09/23 16:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/09/23 16:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\YTDSETUP
[2011/09/23 16:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue Registry Booster
[2011/09/23 16:48:37 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uniblue Registry Booster
[2011/09/23 16:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue Registry Booster
[2011/09/23 13:02:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/23 13:02:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/23 13:02:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/23 13:02:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/23 12:45:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/22 00:58:04 | 000,000,000 | ---D | C] -- C:\Users\Ra\Documents\Slingo Quest Egypt Documents
[2011/09/22 00:58:04 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Roaming\funkitron
[2011/09/22 00:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Governor of Poker
[2011/09/22 00:54:36 | 000,000,000 | ---D | C] -- C:\Windows\Governor of Poker
[2011/09/22 00:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Governor of Poker
[2011/09/22 00:54:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\3080
[2011/09/21 22:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diner Dash 2
[2011/09/21 22:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Diner Dash 2
[2011/09/20 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Diner Dash
[2011/09/20 00:46:03 | 000,000,000 | ---D | C] -- C:\# Max games
[2011/04/21 19:13:49 | 000,761,152 | ---- | C] (Microsoft Corporation) -- C:\Users\Ra\AppData\Roaming\msvcr100.dll
[2010/05/18 17:41:00 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Users\Ra\AppData\Roaming\mswinsck.ocx
[2010/02/13 13:03:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcjinpa.dll
[2010/02/13 13:03:51 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcjhcp.dll
[2010/02/13 13:03:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcjserv.dll
[2010/02/13 13:03:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcjusb1.dll
[2010/02/13 13:03:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcjiesc.dll
[2010/02/13 13:03:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcjpmui.dll
[2010/02/13 13:03:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcjlmpm.dll
[2010/02/13 13:03:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcjprox.dll
[2010/02/13 13:03:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcjpplc.dll
[2010/02/13 13:03:48 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcjhbn3.dll
[2010/02/13 13:03:48 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcjih.exe
[2010/02/13 13:03:47 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcjcomc.dll
[2010/02/13 13:03:47 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcjcoms.exe
[2010/02/13 13:03:47 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcjcomm.dll
[2010/02/13 13:03:47 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcjcfg.exe
[2007/08/23 12:16:42 | 017,038,824 | ---- | C] (Uniblue ) -- C:\Program Files\powersuite.exe

========== Files - Modified Within 30 Days ==========

[2011/10/17 11:30:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/17 11:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572903933-928196625-178814278-1000UA.job
[2011/10/17 10:45:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/17 10:45:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/17 09:16:28 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E688A46F-3982-4BE4-B13C-1EE1B6A45DF8}.job
[2011/10/17 08:52:03 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/17 08:52:03 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/17 08:45:32 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/17 08:45:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/17 08:45:18 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/17 08:22:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-572903933-928196625-178814278-1000Core.job
[2011/10/16 03:43:40 | 000,009,728 | ---- | M] () -- C:\Users\Ra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/14 17:06:00 | 000,001,080 | ---- | M] () -- C:\Users\Ra\Desktop\Operation.lnk
[2011/10/14 17:06:00 | 000,000,434 | ---- | M] () -- C:\Windows\Operation.ini
[2011/10/12 03:57:08 | 000,381,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/09 22:18:23 | 208,596,400 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/06 02:17:48 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/10/04 15:20:13 | 000,000,981 | ---- | M] () -- C:\Users\Ra\Desktop\Dropbox.lnk
[2011/10/04 15:16:30 | 000,000,961 | ---- | M] () -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/10/01 21:20:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/01 20:11:25 | 000,007,473 | ---- | M] () -- C:\Users\Ra\Documents\Rahbil redirect attempt fix notes.rtf
[2011/10/01 18:26:16 | 000,047,352 | ---- | M] () -- C:\Users\Ra\Documents\Rahbil - Car insurance ID.pdf
[2011/09/30 18:37:45 | 000,001,919 | ---- | M] () -- C:\Users\Ra\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9 (2).lnk
[2011/09/30 18:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/09/30 18:03:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/09/30 18:02:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/09/30 18:02:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/09/30 18:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/09/30 18:01:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/09/30 18:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/09/30 18:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/09/30 18:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/09/30 18:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/09/30 18:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/09/30 18:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/09/30 18:01:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/09/30 17:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/30 16:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/30 16:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/30 16:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/09/30 16:28:36 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/09/30 15:52:52 | 000,137,763 | ---- | M] () -- C:\Windows\unins000.dat
[2011/09/30 15:52:52 | 000,000,909 | ---- | M] () -- C:\Users\Ra\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Web Player.lnk
[2011/09/30 15:52:52 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Quick Web Player.lnk
[2011/09/30 15:52:34 | 000,723,294 | ---- | M] () -- C:\Windows\unins000.exe
[2011/09/27 21:27:19 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/09/27 21:27:19 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/09/23 18:48:22 | 001,674,880 | ---- | M] () -- C:\Users\Ra\Desktop\Pam ConversationDW_C2031 617pm 9-23-11.wav

========== Files Created - No Company Name ==========

[2011/10/14 17:06:00 | 000,001,080 | ---- | C] () -- C:\Users\Ra\Desktop\Operation.lnk
[2011/10/14 17:05:57 | 000,000,434 | ---- | C] () -- C:\Windows\Operation.ini
[2011/10/09 22:18:28 | 1876,783,104 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/09 20:52:57 | 208,596,400 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/04 15:20:13 | 000,000,981 | ---- | C] () -- C:\Users\Ra\Desktop\Dropbox.lnk
[2011/10/04 15:16:30 | 000,000,961 | ---- | C] () -- C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/10/01 20:11:25 | 000,007,473 | ---- | C] () -- C:\Users\Ra\Documents\Rahbil redirect attempt fix notes.rtf
[2011/10/01 18:26:16 | 000,047,352 | ---- | C] () -- C:\Users\Ra\Documents\Rahbil - Car insurance ID.pdf
[2011/09/30 18:37:45 | 000,001,919 | ---- | C] () -- C:\Users\Ra\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 9 (2).lnk
[2011/09/30 15:52:52 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011/09/30 15:52:52 | 000,137,763 | ---- | C] () -- C:\Windows\unins000.dat
[2011/09/30 15:52:52 | 000,000,909 | ---- | C] () -- C:\Users\Ra\Application Data\Microsoft\Internet Explorer\Quick Launch\Quick Web Player.lnk
[2011/09/30 15:52:52 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\Quick Web Player.lnk
[2011/09/23 18:53:19 | 001,674,880 | ---- | C] () -- C:\Users\Ra\Desktop\Pam ConversationDW_C2031 617pm 9-23-11.wav
[2011/09/23 13:02:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/23 13:02:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/23 13:02:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/23 13:02:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/23 13:02:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/02 03:02:22 | 000,000,000 | ---- | C] () -- C:\Users\Ra\AppData\Local\{292E2C43-28B9-4129-8839-6896947594C6}
[2011/06/14 08:27:57 | 000,000,000 | ---- | C] () -- C:\Users\Ra\AppData\Local\{FD1D6454-51E2-4F41-B9C6-1DAB8AE87C91}
[2011/06/10 20:49:23 | 000,000,000 | ---- | C] () -- C:\Users\Ra\AppData\Local\{EF9BAF0F-E10A-4870-B8ED-7BABA4FD0755}
[2011/06/07 14:02:32 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/06/07 14:02:32 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/06/07 14:02:32 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/06/07 14:02:32 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/06/07 14:02:32 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/06/07 14:02:32 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/06/07 14:02:32 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/06/07 14:02:32 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/06/07 14:02:32 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/06/07 14:02:32 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/06/07 14:02:32 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/06/07 14:02:32 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/06/07 14:02:32 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/06/07 14:02:32 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/06/07 14:02:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/06/07 14:02:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/06/07 13:57:33 | 000,000,090 | ---- | C] () -- C:\Windows\EPART810.ini
[2011/05/12 00:11:24 | 000,047,104 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2011/05/09 21:43:45 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/04/21 19:14:22 | 000,000,358 | ---- | C] () -- C:\Users\Ra\AppData\Roaming\config.lua
[2011/03/23 11:05:42 | 000,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2011/03/23 11:05:42 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2011/03/05 18:18:49 | 000,050,168 | ---- | C] () -- C:\Windows\System32\fckvnbliqamnqyblf.exe
[2011/02/08 13:12:56 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/06 23:46:46 | 000,472,576 | ---- | C] () -- C:\Windows\uninstall.exe
[2011/01/06 23:46:45 | 000,069,736 | ---- | C] () -- C:\Windows\uninstall.dat
[2010/12/22 19:07:09 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/12/22 14:12:04 | 000,000,231 | ---- | C] () -- C:\Windows\SCANFX.INI
[2010/12/03 19:03:17 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/11/22 12:47:09 | 000,000,393 | ---- | C] () -- C:\Windows\smsafari.ini
[2010/08/31 11:23:38 | 000,037,295 | ---- | C] () -- C:\Windows\GEARHEAD.INI
[2010/08/31 11:23:38 | 000,002,555 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2010/03/29 07:56:31 | 000,000,020 | ---- | C] () -- C:\Windows\prefs_bg.dll
[2010/03/26 12:21:19 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/03/26 11:33:54 | 000,000,023 | ---- | C] () -- C:\Windows\SpaceTaxi.INI
[2010/03/25 21:24:36 | 000,000,377 | ---- | C] () -- C:\Windows\hegames.ini
[2010/03/23 00:04:48 | 000,000,407 | ---- | C] () -- C:\Users\Ra\AppData\Local\Win7_Upgrade.bat
[2010/03/17 21:43:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/16 22:42:02 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/15 22:51:07 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2010/02/16 14:06:37 | 000,150,294 | ---- | C] () -- C:\Windows\hpwins05.dat
[2010/02/16 14:06:02 | 000,016,050 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2010/02/16 14:06:02 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2010/02/13 13:13:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2010/02/13 13:10:14 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2010/02/13 13:05:58 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcjcoin.dll
[2010/02/13 13:03:51 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcjinst.dll
[2010/01/01 16:08:03 | 000,000,966 | ---- | C] () -- C:\Windows\CDRip.INI
[2010/01/01 16:08:01 | 000,000,612 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2010/01/01 16:07:41 | 000,151,040 | ---- | C] () -- C:\Windows\System32\wimadll.dll
[2010/01/01 16:05:53 | 001,163,264 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2010/01/01 16:05:53 | 001,015,808 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/01/01 16:05:53 | 000,220,160 | ---- | C] () -- C:\Windows\System32\WnASPI32.dll
[2010/01/01 16:05:53 | 000,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/01/01 16:05:53 | 000,061,440 | ---- | C] () -- C:\Windows\System32\libfaac.dll
[2010/01/01 16:05:53 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2010/01/01 16:05:53 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DGRip.dll
[2010/01/01 16:05:53 | 000,036,352 | ---- | C] () -- C:\Windows\System32\MP2enc.dll
[2009/12/04 16:28:27 | 000,000,055 | ---- | C] () -- C:\Windows\Maris.ini
[2009/11/06 23:30:50 | 000,000,221 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/09/17 23:59:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 23:59:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 23:58:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/30 20:21:08 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2009/08/30 20:02:00 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/07/12 13:46:20 | 000,009,728 | ---- | C] () -- C:\Users\Ra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 04:08:49 | 000,001,356 | ---- | C] () -- C:\Users\Ra\AppData\Local\d3d9caps.dat
[2009/07/07 16:56:53 | 000,000,015 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/07/07 16:08:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/07 16:02:02 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009/07/07 16:02:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009/07/07 16:02:02 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009/07/07 16:02:02 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2009/07/07 15:53:12 | 000,000,005 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/10/30 10:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/05/05 13:41:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/05/05 04:49:37 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.exe
[2008/05/05 04:49:37 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/04/24 20:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 20:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 20:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 20:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 20:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 20:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/04/23 00:05:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/04/22 23:35:14 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/04 21:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/01/20 21:24:27 | 000,065,536 | ---- | C] () -- C:\Windows\System32\efssadu.dll
[2008/01/20 21:23:43 | 000,040,960 | ---- | C] () -- C:\Windows\System32\caclss.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,381,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/18 05:26:45 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcjvs.dll
[2005/08/08 09:01:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcjcnv4.dll
[2005/01/17 02:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2004/08/09 02:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2000/07/14 23:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe
[1999/10/26 11:00:00 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT

< End of report >

#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:08 AM

Posted 18 October 2011 - 06:33 AM

Hi,

Please visit the online Jotti Virus Scanner Posted Image<--link
  • Browse to the following filepath:

    C:\Windows\System32\fckvnbliqamnqyblf.exe

  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.
  • Repeat this for all the file listed above

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 Rahbil

Rahbil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 18 October 2011 - 09:51 AM

Filename: fckvnbliqamnqyblf.exe
Status: Scan finished. 2 out of 20 scanners reported malware.
Scan taken on: Tue 18 Oct 2011 16:44:27 (CET) Permalink


File size: 50168 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: b223e4b8f0ab005dc8a10b76674e74e3
SHA1: 645bd62284229cb9120df146822489af4c0434de

Scanners
2011-10-18 Found nothing 2011-10-17 Found nothing
2011-10-18 Found nothing 2011-10-18 Found nothing
2011-10-18 Found nothing 2011-10-18 Found nothing
2011-10-18 Adware/RON.FSV.150 2011-10-18 Found nothing
2011-10-18 Found nothing 2011-10-18 Found nothing
2011-10-18 Found nothing 2011-10-18 Found nothing
2011-10-18 Found nothing 2011-10-18 Found nothing
2011-10-18 Found nothing 2011-10-18 Found nothing
2011-10-18 Found nothing 2011-10-16 Found nothing
2011-10-18 Win32/Adware.RON.FSV 2011-10-18 Found nothing

#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:08 AM

Posted 18 October 2011 - 02:06 PM

Hi,

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :files
    C:\Windows\System32\3048
    C:\Windows\System32\1066
    C:\Windows\System32\3080
    C:\Windows\System32\fckvnbliqamnqyblf.exe
    
    :commands
    [CREATERESTOREPOINT]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 Rahbil

Rahbil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 18 October 2011 - 04:26 PM

========== FILES ==========
C:\Windows\System32\3048 folder moved successfully.
C:\Windows\System32\1066 folder moved successfully.
C:\Windows\System32\3080 folder moved successfully.
C:\Windows\System32\fckvnbliqamnqyblf.exe moved successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 1018201

#13 Rahbil

Rahbil
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 18 October 2011 - 06:01 PM

Redirect has stopped and I can log into Youtube. Don't know if that means it is cured....but it looks to be working well...

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:08 AM

Posted 19 October 2011 - 06:19 AM

Good :)

Run a scan with MBAM
Please update and run a full scan with MalwareByte's AntiMalware. Post me the log.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:08 AM

Posted 22 October 2011 - 10:13 AM

Hi,

This is a 3 day bump.

Hopefully you're still with us but please be aware that if there is no reply within two days, then this topic will be closed as stale.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users