Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Malware Attack Aftermath: performance Lag


  • This topic is locked This topic is locked
10 replies to this topic

#1 vdotmatrix

vdotmatrix

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 16 November 2011 - 02:48 AM

I worked closely with BC for the last 2 weeks dealing with malware that would re-direct google searches and we found evidence of a Trojan attack. This all began October 24th.

Though scans using MALWAREBYTES and mr Trend Micro internet sec. 2012 come up negative my system still suffers from an intermittent LAG in response across the board. Sometimes pages are slow or hang, sometime programs say " Not responding" for a while. Seems like after the attack my computer has lost some computing power.

After the all clear from BC, I went ahead and deleted malwarebytes, spybot S&D, Winpatrol anything that is known to interfere with Trend Micro on my computer.

Still the lagging continues.

I am running the WINDOWS FILE PROTECTION to check the integrity of windows files but I am running out of options alone on my end.

Any ideas?

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:49 AM, on 11/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Backblaze\bzserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iHome\Keyboard & Mouse Driver\StartAutorun.exe
C:\Program Files\iHome\Keyboard & Mouse Driver\KMConfig.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iHome\Keyboard & Mouse Driver\KMProcess.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.5\lightroom.exe
C:\Documents and Settings\vincedaddy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\vincedaddy\Desktop\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\iHome\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
O4 - HKCU\..\Run: [Backblaze] "C:\Program Files\Backblaze\bzbui.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Backblaze] "C:\Program Files\Backblaze\bzbui.exe" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe
O4 - Global Startup: NovaBACKUP Tray Control.lnk = C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://novastor.cleverreach.com
O15 - Trusted Zone: http://*.google-analytics.com
O15 - Trusted Zone: http://*.novastor.com
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - https://www.tmremote.com/sdccommon/download/ssrc.cab
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - https://www.tmremote.com/sdccommon/download/sprtctlln.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://picasaweb.google.com/s/v/30.66/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164865209062
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - http://bookmarks.yahoo.com/YbConvFav.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - (no file)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Backup Client Agent Service - NovaStor Corporation - C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Backblaze Service (bzserv) - Unknown owner - C:\Program Files\Backblaze\bzserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (nsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe

--
End of file - 13798 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:50 PM

Posted 20 November 2011 - 09:20 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 vdotmatrix

vdotmatrix
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 20 November 2011 - 10:03 PM

my system still suffers from an intermittent LAG in response across the board. Sometimes pages are slow or hang, sometime programs say " Not responding" for a while. Seems like after the attack my computer has lost some computing power.

After the all clear from BC, I went ahead and deleted malwarebytes, spybot S&D, Winpatrol anything that is known to interfere with Trend Micro on my computer.

Still the lagging continues off and on.

I do not have: Mcafee, Ihome Keyboard & Mouse,Norton ghost hasn't worked in years,KAspersky A/V;panda A/v; symantec A/v;

OTL logfile created on: 11/20/2011 9:20:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\vincedaddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.78% Memory free
4.84 Gb Paging File | 3.31 Gb Available in Paging File | 68.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 171.44 Gb Total Space | 52.63 Gb Free Space | 30.70% Space Free | Partition Type: NTFS
Drive D: | 57.63 Gb Total Space | 57.53 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive E: | 3.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 111.79 Gb Total Space | 26.19 Gb Free Space | 23.43% Space Free | Partition Type: NTFS
Drive L: | 917.07 Gb Total Space | 574.90 Gb Free Space | 62.69% Space Free | Partition Type: NTFS

Computer Name: 5G415C1 | User Name: vincedaddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 21:15:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vincedaddy\desktop\OTL.exe
PRC - [2011/11/17 11:05:32 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2011/11/17 11:05:32 | 000,129,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/11/17 11:01:19 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/11/17 11:01:19 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2011/11/16 15:53:06 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/11/11 18:33:16 | 000,371,856 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2011/11/11 18:20:34 | 000,222,352 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
PRC - [2011/11/08 14:06:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 20:55:37 | 000,533,800 | ---- | M] () -- C:\Program Files\Backblaze\bzbui.exe
PRC - [2011/06/15 20:55:37 | 000,343,848 | ---- | M] () -- C:\Program Files\Backblaze\bzfilelist.exe
PRC - [2011/06/15 20:55:37 | 000,269,096 | ---- | M] () -- C:\Program Files\Backblaze\bzserv.exe
PRC - [2009/05/15 05:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009/05/15 05:36:50 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassche.exe
PRC - [2008/07/06 16:31:02 | 000,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome\Keyboard & Mouse Driver\KMProcess.exe
PRC - [2008/06/14 00:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome\Keyboard & Mouse Driver\KMCONFIG.exe
PRC - [2008/05/30 00:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome\Keyboard & Mouse Driver\StartAutorun.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/17 10:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2008/01/17 10:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/12/19 09:31:34 | 000,286,720 | ---- | M] () -- C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
PRC - [2006/11/15 12:22:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 11:05:55 | 000,174,624 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
MOD - [2011/11/17 11:02:55 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2011/11/17 11:02:01 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2011/11/17 11:01:19 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/11/17 11:01:19 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2011/11/17 11:01:19 | 000,012,288 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_36.dll
MOD - [2011/11/11 18:35:56 | 002,463,888 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsAppRes409.dll
MOD - [2011/11/11 18:32:48 | 000,124,560 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsSQLBackupRestore.dll
MOD - [2011/11/11 18:20:52 | 000,014,848 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\WindowsEventLogWriter.dll
MOD - [2011/11/11 18:17:12 | 000,179,344 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll
MOD - [2011/11/08 14:05:52 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/07 04:38:43 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/11/01 06:32:43 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/16 15:40:14 | 000,005,120 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\throttle.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/15 20:55:37 | 000,533,800 | ---- | M] () -- C:\Program Files\Backblaze\bzbui.exe
MOD - [2011/06/15 20:55:37 | 000,343,848 | ---- | M] () -- C:\Program Files\Backblaze\bzfilelist.exe
MOD - [2011/06/15 20:55:37 | 000,269,096 | ---- | M] () -- C:\Program Files\Backblaze\bzserv.exe
MOD - [2010/08/25 23:12:26 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2008/06/16 08:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files\iHome\Keyboard & Mouse Driver\MouseHook.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/03/29 11:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\iHome\Keyboard & Mouse Driver\keydll.dll
MOD - [2006/12/19 09:31:34 | 000,286,720 | ---- | M] () -- C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
MOD - [2006/11/15 12:22:24 | 000,069,632 | ---- | M] () -- C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
MOD - [2005/08/24 11:47:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin Bulldog Plus\HIDDelta.dll
MOD - [2002/05/03 04:10:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2001/08/17 22:36:16 | 000,165,888 | ---- | M] () -- C:\WINDOWS\system32\hpgt53.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (KodakCCS)
SRV - [2011/11/17 11:01:19 | 000,200,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2011/11/11 18:33:16 | 000,371,856 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2011/11/08 04:40:16 | 000,217,600 | ---- | M] (NovaStor Corporation) [On_Demand | Stopped] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)
SRV - [2011/06/15 20:55:37 | 000,269,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Backblaze\bzserv.exe -- (bzserv)
SRV - [2010/09/29 22:51:06 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2009/11/20 10:27:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/15 05:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/18 15:57:54 | 005,750,784 | ---- | M] () [Disabled | Stopped] -- c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2008/01/17 23:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache)
SRV - [2008/01/17 10:42:04 | 000,181,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/01/17 10:42:04 | 000,079,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2008/01/17 10:42:02 | 000,197,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/09/05 21:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/07/19 23:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/19 23:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/19 23:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/04/10 12:01:16 | 002,066,024 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2006/12/27 05:09:58 | 000,822,424 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/12/19 09:31:34 | 000,286,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe -- (UPSentry_Smart)
SRV - [2006/11/22 20:38:26 | 000,069,632 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/09/09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Disabled | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - [2011/11/17 11:03:54 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/11/17 11:03:54 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/11/17 11:03:51 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/11/17 11:03:51 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/11/12 23:53:31 | 000,019,572 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FNETDEVI.SYS -- (FNETDEVI)
DRV - [2008/09/23 22:00:02 | 000,023,712 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008/09/23 22:00:02 | 000,023,712 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/08 09:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 13:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/03/12 02:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/03/12 02:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/12/04 16:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/08/01 17:04:40 | 000,015,872 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2007/07/19 23:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/19 23:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 19:44:22 | 003,599,000 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2007/07/18 19:44:22 | 000,022,296 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/07/18 19:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 19:42:29 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/07/18 16:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/04/10 16:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2007/04/10 12:00:52 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2006/12/27 05:09:58 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/11/22 20:42:13 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/10/24 17:52:50 | 000,146,960 | R--- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2006/05/11 16:14:40 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/08/02 10:06:57 | 000,016,512 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2005/05/25 16:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 17:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 17:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/12/16 16:41:30 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2004/10/15 07:54:56 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i1display.sys -- (i1display)
DRV - [2004/03/11 16:24:14 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) CP2101 USB Composite Device driver (WDM)
DRV - [2002/10/02 16:47:04 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/10/02 16:46:58 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/10/02 16:46:52 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/10/02 16:43:20 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/10/02 16:42:00 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/02 15:30:16 | 000,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2)
DRV - [2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 19:07:00 | 000,080,449 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\spkpnt.sys -- (SpeakerPhone)
DRV - [2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061122
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B4 21 DA 02 76 8B E0 41 B1 BA CB 04 2D 47 3E 1E [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061122
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B4 21 DA 02 76 8B E0 41 B1 BA CB 04 2D 47 3E 1E [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B4 21 DA 02 76 8B E0 41 B1 BA CB 04 2D 47 3E 1E [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B4 21 DA 02 76 8B E0 41 B1 BA CB 04 2D 47 3E 1E [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B4 21 DA 02 76 8B E0 41 B1 BA CB 04 2D 47 3E 1E [binary data]
IE - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2010/09/07 00:11:48 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2010/09/07 00:11:48 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\vincedaddy\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\vincedaddy\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\vincedaddy\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\vincedaddy\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\vincedaddy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\firefoxextension [2011/11/17 11:59:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2011/11/17 11:59:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 14:06:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/04 12:07:02 | 000,000,000 | ---D | M]

[2008/08/29 19:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vincedaddy\Application Data\Mozilla\Extensions
[2011/11/18 10:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vincedaddy\Application Data\Mozilla\Firefox\Profiles\5zy2wjab.default\extensions
[2011/09/30 07:13:29 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\vincedaddy\Application Data\Mozilla\Firefox\Profiles\5zy2wjab.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/11/18 10:10:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\vincedaddy\Application Data\Mozilla\Firefox\Profiles\5zy2wjab.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/04 12:00:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\vincedaddy\Application Data\Mozilla\Firefox\Profiles\5zy2wjab.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/12/13 03:36:53 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Documents and Settings\vincedaddy\Application Data\Mozilla\Firefox\Profiles\5zy2wjab.default\extensions\el-GR@dictionaries.addons.mozilla(2).org
[2008/12/13 03:36:53 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Documents and Settings\vincedaddy\Application Data\Mozilla\Firefox\Profiles\5zy2wjab.default\extensions\en-US@dictionaries.addons.mozilla(2).org
[2008/12/13 03:36:53 | 000,000,000 | ---D | M] (Kempelton) -- C:\Documents and Settings\vincedaddy\Application Data\Mozilla\Firefox\Profiles\5zy2wjab.default\extensions\kempelton-fx@arvidaxelsson(2).se
[2011/11/04 12:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/03 09:04:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2007/08/26 20:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2008/12/13 03:34:57 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2008/12/13 03:34:57 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Program Files\Mozilla Firefox\extensions(2)\inspector@mozilla.org
[2008/12/13 03:34:57 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions(2)\talkback@mozilla(2).org
[2011/11/08 14:06:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/11/04 12:11:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 14:06:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2011/11/02 17:47:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\iHome\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot File not found
O4 - HKU\.DEFAULT..\Run: [Backblaze] C:\Program Files\Backblaze\bzbui.exe ()
O4 - HKU\S-1-5-18..\Run: [Backblaze] C:\Program Files\Backblaze\bzbui.exe ()
O4 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006..\Run: [Backblaze] C:\Program Files\Backblaze\bzbui.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk = C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor)
O4 - Startup: C:\Documents and Settings\vincedaddy\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Documents and Settings\vincedaddy\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1901060476-2160935586-1665064021-1006\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} https://www.tmremote.com/sdccommon/download/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} https://www.tmremote.com/sdccommon/download/sprtctlln.cab (SupportSoft Listener Control)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (Reg Error: Key error.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Reg Error: Key error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/30.66/uploader2.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164865209062 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} http://bookmarks.yahoo.com/YbConvFav.CAB (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDD2A0B7-E6AA-440E-B819-358E44220E0E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\vincedaddy\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vincedaddy\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 01:58:12 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2008/01/25 15:10:40 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/03/06 01:37:52 | 000,165,136 | R--- | M] (Electronic Arts Inc.) - E:\autorun.exe -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "AOL ACS"
MsConfig - Services: "WLSetupSvc"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "MemeoBackgroundService"
MsConfig - Services: "Fax"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "WinDefend"
MsConfig - Services: "wampmysqld"
MsConfig - Services: "wampapache"
MsConfig - Services: "Viewpoint Manager Service"
MsConfig - Services: "UPSentry_Smart"
MsConfig - Services: "Symantec Core LC"
MsConfig - Services: "STacSV"
MsConfig - Services: "sprtsvc_dellsupportcenter"
MsConfig - Services: "Pml Driver HPZ12"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "NVSvc"
MsConfig - Services: "Norton Ghost"
MsConfig - Services: "MDM"
MsConfig - Services: "KodakCCS"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "iPod Service"
MsConfig - Services: "ioloSystemService"
MsConfig - Services: "ioloFileInfoList"
MsConfig - Services: "idsvc"
MsConfig - Services: "IDriverT"
MsConfig - Services: "IAANTMON"
MsConfig - Services: "gusvc"
MsConfig - Services: "GoToAssist"
MsConfig - Services: "GEARSecurity"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "Creative Service for CDROM Access"
MsConfig - Services: "Creative Labs Licensing Service"
MsConfig - Services: "Adobe LM Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Desktop Application Director 8.LNK - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe - (PalmSource, Inc)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe - (PalmSource, Inc)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe - (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MUPS.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCCloneEX.LNK - C:\Program Files\PCCloneEX\PCCloneEX.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe - (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
MsConfig - StartUpFolder: C:^Documents and Settings^vincedaddy^Start Menu^Programs^Startup^Adobe Gamma.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^vincedaddy^Start Menu^Programs^Startup^BUFFALO NAS Navigator.lnk - C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe - (BUFFALO INC.)
MsConfig - StartUpFolder: C:^Documents and Settings^vincedaddy^Start Menu^Programs^Startup^CNET TechTracker.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^vincedaddy^Start Menu^Programs^Startup^DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe - (Southwest Airlines)
MsConfig - StartUpFolder: C:^Documents and Settings^vincedaddy^Start Menu^Programs^Startup^HotSync Manager.LNK - C:\Program Files\Palm\Hotsync.exe - (PalmSource, Inc)
MsConfig - StartUpFolder: C:^Documents and Settings^vincedaddy^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: AdaptecDirectCD - hkey= - key= - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CTSysVol - hkey= - key= - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: eFax 4.2 - hkey= - key= - C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe (j2 Global Communications, Inc.)
MsConfig - StartUpReg: Garmin Lifetime Updater - hkey= - key= - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MBMon - hkey= - key= - File not found
MsConfig - StartUpReg: MsmqIntCert - hkey= - key= - C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NetZero_uoltray - hkey= - key= - C:\Program Files\NetZero\exec.exe (NetZero, Inc.)
MsConfig - StartUpReg: Norton Ghost 10.0 - hkey= - key= - C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: SetDefaultMIDI - hkey= - key= - C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: UpdReg - hkey= - key= - C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
MsConfig - StartUpReg: VoiceCenter - hkey= - key= - C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation)
MsConfig - StartUpReg: VX3000 - hkey= - key= - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} -
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {D6C3355F-B31E-E788-6459-C7C55C52868C} - Outlook Express
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 21:15:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vincedaddy\Desktop\OTL.exe
[2011/11/18 08:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NovaBACKUP
[2011/11/18 08:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\NovaStor
[2011/11/17 11:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Start Menu\Programs\Trend Micro Titanium Internet Security 2012
[2011/11/17 11:39:07 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2011/11/17 11:38:51 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/17 11:38:51 | 000,081,168 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011/11/17 11:38:51 | 000,068,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011/11/16 21:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2011/11/16 21:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/11/16 18:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Desktop\SHORTCUTS to Programs
[2011/11/13 20:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Desktop\Word Document RTF
[2011/11/13 20:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Desktop\text documents
[2011/11/13 20:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Desktop\JPGS
[2011/11/12 01:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Application Data\WinPatrol
[2011/11/12 01:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011/11/11 21:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\My Documents\NovaBACKUP
[2011/11/11 12:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Belkin Bulldog Plus
[2011/11/09 08:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\Microsoft Corporation
[2011/11/09 08:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/11/07 21:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\NovaStor
[2011/11/07 21:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NovaStor
[2011/11/06 02:28:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/11/06 02:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/11/06 02:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/11/05 01:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Photomatix Pro 4.1
[2011/11/04 12:29:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vincedaddy\Recent
[2011/11/03 09:04:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/03 09:04:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/03 09:04:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/03 07:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\Solid State Networks
[2011/11/02 18:15:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/02 07:39:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/02 07:18:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/11/02 07:17:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/11/01 07:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\Desktop\DDS logs 11.1.11
[2011/10/28 14:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/28 14:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/26 20:50:38 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4003.exe
[2011/10/26 19:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vincedaddy\My Documents\NasNavi
[2011/10/26 18:49:47 | 012,919,368 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\vincedaddy\My Documents\SUPERAntiSpyware.exe
[2011/10/26 07:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/26 07:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/25 18:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/25 18:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/24 11:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/24 11:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/10/24 11:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/05 16:25:58 | 000,069,632 | ---- | C] ( ) -- C:\WINDOWS\System32\DVDRead.dll
[2007/12/11 23:08:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\vincedaddy\Application Data\pcouffin.sys
[2006/12/15 00:40:03 | 000,118,867 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK175.dll
[2004/04/05 07:44:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2011/11/20 21:26:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1901060476-2160935586-1665064021-1006UA.job
[2011/11/20 21:23:00 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB247319-2232-43C6-9B7E-D6A74CF0E2D2}.job
[2011/11/20 21:15:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vincedaddy\Desktop\OTL.exe
[2011/11/20 21:08:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 20:08:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/20 08:26:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1901060476-2160935586-1665064021-1006Core.job
[2011/11/19 09:24:43 | 000,082,246 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Desktop\windows-7 report.mht
[2011/11/19 08:55:44 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/11/19 08:55:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/19 02:19:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/19 02:19:54 | 3219,046,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/18 15:40:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/18 08:42:54 | 000,005,011 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2011/11/18 08:42:25 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NovaBACKUP.lnk
[2011/11/18 08:42:25 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk
[2011/11/18 08:22:44 | 000,000,053 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\1.12.5.lic
[2011/11/17 11:43:43 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Desktop\Trend Micro Titanium Internet Security 2012.lnk
[2011/11/17 11:38:42 | 000,533,998 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/17 11:38:42 | 000,103,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/17 11:29:58 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2011/11/17 11:03:54 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2011/11/17 11:03:54 | 000,068,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011/11/17 11:03:51 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/17 11:03:51 | 000,081,168 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011/11/14 12:26:05 | 000,001,880 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2011/11/11 21:20:25 | 000,000,097 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\1.12.2.lic
[2011/11/11 21:16:19 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Desktop\NovaBACKUP.lnk
[2011/11/11 09:42:55 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/11/09 15:53:07 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/09 15:53:07 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/09 15:52:27 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/07 23:38:51 | 000,000,533 | ---- | M] () -- C:\Documents and Settings\vincedaddy\My Documents\Shortcut to guitar chords and lyrics.lnk
[2011/11/07 22:07:04 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Desktop\LS-CHL28D.lnk
[2011/11/07 21:45:54 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
[2011/11/07 21:45:54 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Start Menu\Programs\Startup\NAS Scheduler.lnk
[2011/11/07 21:45:54 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Desktop\BUFFALO NAS Navigator2.lnk
[2011/11/06 04:08:29 | 002,545,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 01:27:10 | 000,001,530 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad (2).lnk
[2011/11/02 17:47:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/02 12:38:51 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/11/02 07:40:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/01 06:32:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/30 01:48:00 | 000,000,056 | -H-- | M] () -- C:\Documents and Settings\vincedaddy\My Documents\.picasa.ini
[2011/10/27 19:24:50 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/26 20:50:01 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF4003.exe
[2011/10/26 19:23:08 | 000,245,871 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\census.cache
[2011/10/26 19:23:07 | 000,278,520 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\ars.cache
[2011/10/26 19:16:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\housecall.guid.cache
[2011/10/26 17:27:54 | 012,919,368 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\vincedaddy\My Documents\SUPERAntiSpyware.exe
[2011/10/26 07:26:26 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Application Data\27dbb2bb
[2011/10/26 07:22:48 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Application Data\c7064d44
[2011/10/26 00:11:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Application Data\d0a3c541
[2011/10/25 20:18:07 | 000,438,245 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111025-211850.backup
[2011/10/25 10:47:17 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\vincedaddy\Application Data\pcouffin.sys
[2011/10/25 10:47:17 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Application Data\pcouffin.cat
[2011/10/25 10:47:17 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\vincedaddy\Application Data\pcouffin.inf
[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2011/11/19 09:24:43 | 000,082,246 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Desktop\windows-7 report.mht
[2011/11/18 08:42:25 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NovaBACKUP.lnk
[2011/11/18 08:42:25 | 000,000,965 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk
[2011/11/18 08:22:44 | 000,000,053 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1.12.5.lic
[2011/11/17 11:43:09 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Desktop\Trend Micro Titanium Internet Security 2012.lnk
[2011/11/16 08:19:43 | 3219,046,400 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/11 21:16:38 | 000,005,011 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2011/11/11 21:16:19 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Desktop\NovaBACKUP.lnk
[2011/11/11 21:06:01 | 000,000,097 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1.12.2.lic
[2011/11/11 09:42:55 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/11/09 08:53:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/11/07 23:38:51 | 000,000,533 | ---- | C] () -- C:\Documents and Settings\vincedaddy\My Documents\Shortcut to guitar chords and lyrics.lnk
[2011/11/07 22:07:04 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Desktop\LS-CHL28D.lnk
[2011/11/07 21:45:54 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
[2011/11/07 21:45:54 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Start Menu\Programs\Startup\NAS Scheduler.lnk
[2011/11/07 06:58:19 | 000,135,089 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2011/11/04 12:07:21 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/03 08:14:17 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/02 17:28:20 | 000,001,530 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad (2).lnk
[2011/10/30 01:48:00 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\vincedaddy\My Documents\.picasa.ini
[2011/10/25 12:52:10 | 000,245,871 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\census.cache
[2011/10/25 12:52:06 | 000,278,520 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\ars.cache
[2011/10/25 12:42:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\housecall.guid.cache
[2011/10/19 22:26:05 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\Eaexec1.dll
[2011/10/19 22:05:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\d0a3c541
[2011/10/19 21:40:35 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\c7064d44
[2011/10/19 21:39:33 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\27dbb2bb
[2011/10/04 07:27:42 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2010/11/21 23:26:21 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\setup_ldm.iss
[2010/10/27 16:33:07 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/10/27 16:26:57 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/27 16:26:54 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/27 16:26:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/27 16:26:35 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/10/21 08:22:35 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/10 21:48:21 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat-nv7658
[2010/04/28 10:16:11 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\i1display.sys
[2010/04/28 10:01:50 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2010/04/10 20:29:55 | 000,004,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SkyGol
[2010/03/23 07:46:04 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2010/03/11 23:03:19 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/03/05 16:14:19 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\nO4L
[2009/12/12 10:31:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/22 16:00:34 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater6.rbt
[2009/10/03 09:06:07 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/08/03 22:00:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\PUTTY.RND
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/15 05:36:50 | 000,004,398 | ---- | C] () -- C:\WINDOWS\UN090415.INI
[2009/02/19 21:19:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lecqwrt.sys
[2008/12/30 04:52:32 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/12/30 04:51:11 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a0.dll
[2008/12/14 12:49:29 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/12/12 20:20:02 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/11/03 08:54:28 | 000,016,384 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2008/05/28 07:52:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/27 22:23:33 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/25 16:01:26 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/01/24 00:31:15 | 000,111,376 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2008/01/24 00:31:15 | 000,040,352 | ---- | C] () -- C:\WINDOWS\System32\agcrypto.dll
[2008/01/18 23:20:45 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/01/18 23:20:45 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/01/18 23:20:10 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/01/18 23:20:10 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/01/18 23:20:09 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/12/11 23:08:14 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\pcouffin.cat
[2007/12/11 23:08:14 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\pcouffin.inf
[2007/12/07 10:33:36 | 000,571,320 | ---- | C] () -- C:\WINDOWS\HPISExe.dat
[2007/10/18 18:59:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2007/09/15 17:00:40 | 000,015,046 | ---- | C] () -- C:\WINDOWS\UN060501.INI
[2007/09/05 17:56:00 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/07/18 16:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/07/10 21:19:01 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\wklnhst.dat
[2007/06/28 23:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin-nv7658
[2007/06/28 23:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll-nv7655
[2007/06/21 12:57:40 | 000,006,618 | ---- | C] () -- C:\WINDOWS\UN070410.INI
[2007/06/18 22:18:57 | 000,003,197 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/17 00:07:59 | 000,075,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/06/14 22:47:50 | 000,000,045 | ---- | C] () -- C:\WINDOWS\Instant3D.INI
[2007/06/14 22:47:45 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\gpzlib4cs.dll
[2007/06/14 22:47:44 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\AdminNTEC.dll
[2007/04/27 18:13:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/04/10 03:58:27 | 000,003,703 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/29 23:50:54 | 000,003,764 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/29 23:50:54 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2EF7BCFEAB.sys
[2007/03/29 23:30:49 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2007/03/29 10:47:16 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2007/03/29 10:47:13 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2007/03/28 09:43:00 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\vista_tmp1.htm
[2007/03/17 09:03:07 | 000,000,073 | ---- | C] () -- C:\WINDOWS\ORG2.INI
[2007/03/17 09:03:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\LOTUS.INI
[2007/03/13 13:49:52 | 000,000,435 | ---- | C] () -- C:\WINDOWS\RMAK30.INI
[2007/03/13 13:39:04 | 000,000,208 | ---- | C] () -- C:\WINDOWS\rmaker.ini
[2007/03/05 23:10:48 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\kodakpcd.ini
[2007/01/11 22:35:33 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2006/12/28 19:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EAREMOVE.INI
[2006/12/21 01:03:25 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ealtest.exe
[2006/12/19 02:28:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/12/07 08:38:58 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\a_jumtmp.dll
[2006/12/05 08:08:26 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/12/05 08:08:26 | 000,147,715 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2006/12/05 08:08:26 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/12/02 23:44:07 | 000,001,577 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/12/01 12:58:06 | 000,000,187 | ---- | C] () -- C:\WINDOWS\123CopyDVD.INI
[2006/12/01 12:56:49 | 000,000,084 | ---- | C] () -- C:\WINDOWS\XCopyPro.INI
[2006/12/01 12:15:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/01 11:58:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.vincedaddy.ini
[2006/12/01 11:12:19 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Application Data\dvd.bmk
[2006/12/01 11:09:41 | 000,000,143 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/01 02:35:44 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2006/11/29 01:08:16 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/11/28 21:37:29 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\fusioncache.dat
[2006/11/28 03:27:25 | 000,208,384 | ---- | C] () -- C:\Documents and Settings\vincedaddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/28 03:18:31 | 000,000,598 | ---- | C] () -- C:\WINDOWS\csreg.dat
[2006/11/28 02:57:44 | 000,000,009 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2006/11/28 02:55:32 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2006/11/22 20:54:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/22 20:50:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/22 20:45:20 | 000,000,341 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/22 20:43:49 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/11/22 20:41:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/22 20:38:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/11/22 20:38:14 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/11/22 20:19:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/22 20:18:24 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/15 19:15:52 | 001,355,468 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/01/17 09:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 002,545,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,533,998 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,103,102 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/15 14:29:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\uninstall.ini
[2002/05/03 04:10:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/03/01 22:47:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\RemoveFiles.exe
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/11/12 20:25:14 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre-6u22-windows-i586-iftw-rv.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WININIT.EXE >
[2006/11/02 04:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\$WINDOWS.~BT\Windows\System32\wininit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\$WINDOWS.~BT\Windows\System32\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 1116 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:zrpam19vq7Uv07ig4J8h2B6oZw
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1085 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Y1UsI4CUZfC1tg5E8gVfoeQt6hw

< End of report >

OTL Extras logfile created on: 11/20/2011 9:20:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\vincedaddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.78% Memory free
4.84 Gb Paging File | 3.31 Gb Available in Paging File | 68.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 171.44 Gb Total Space | 52.63 Gb Free Space | 30.70% Space Free | Partition Type: NTFS
Drive D: | 57.63 Gb Total Space | 57.53 Gb Free Space | 99.84% Space Free | Partition Type: NTFS
Drive E: | 3.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 111.79 Gb Total Space | 26.19 Gb Free Space | 23.43% Space Free | Partition Type: NTFS
Drive L: | 917.07 Gb Total Space | 574.90 Gb Free Space | 62.69% Space Free | Partition Type: NTFS

Computer Name: 5G415C1 | User Name: vincedaddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = jsfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Palm\Hotsync.exe" = C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
"C:\Documents and Settings\vincedaddy\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Documents and Settings\vincedaddy\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.2\cnc3ep1.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.2\cnc3ep1.dat:*:Enabled:Command & Conquer™ 3: Kane's Wrath -- (Electronic Arts Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\123CopyDVD 2009\123CopyDVD.exe" = C:\Program Files\123CopyDVD 2009\123CopyDVD.exe:*:Enabled:123CopyDVD 2009 -- ()
"C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe" = C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe:*:Enabled:SkyCaddie Desktop -- (Skyhawke Technologies)
"C:\Documents and Settings\vincedaddy\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\vincedaddy\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\vincedaddy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\vincedaddy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{12477249-21F7-49D4-8693-2CD364E0D93F}" = PalmPod
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DD47D49-F046-4919-831F-EE576A04D5B2}" = EOS Capture 1.1
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 29
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2E56A14B-A38A-3AD6-B06D-4A0DCC0F2F2C}" = Google Talk Plugin
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DEE5725-339C-4812-A401-DCCE20AF9D72}" = iHome Keyboard & Mouse Driver
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{443DC1E4-965E-EA2C-3BA2-5BEA7C00E353}" = Adobe Support Advisor
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{57E3A168-AA5C-4C2D-B9B5-24B7A1AF8DA4}" = USB Scale Reader
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85A52A89-81D8-4736-BF5D-032AC2CD61E5}" = eFax Messenger 4.2
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
"{8D3EDC18-A829-4860-A6FB-805A19E9EDE1}" = Garmin Lifetime Updater
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}" = AvantGo Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96D3ED0-E7B3-41F6-8BB5-F3C63D80901D}" = SplashPhoto
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B66899F2-C58D-4CEC-9FA8-867883FFB707}" = CoffeeCup Free FTP
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB46245B-CECA-406F-8790-3ABA0D01012F}" = Roxio VideoWave Movie Creator
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C89588E4-A151-489E-A393-066E503FC549}" = Dell DataSafe
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D1CA45BE-431A-4FA7-8E98-AFE546F96D58}" = EOS Viewer Utility 1.1
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E071691D-20E6-4C2B-9A04-FE41C0FDC367}" = Adobe Photoshop Lightroom 3.5
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}" = Belkin Bulldog Plus
"{E83C2D54-5E65-4595-B59D-601B4467DDB1}" = NovaBACKUP
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"123 CopyDVD 2009" = 123 CopyDVD 2009
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AdobeSupportAdvisor.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Support Advisor
"AviSynth" = AviSynth 2.5
"Backblaze" = Backblaze
"CaddieSync Express" = CaddieSync Express 1.0.1
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Audio Pack" = Creative Audio Pack
"Dell Game Console" = Dell Game Console
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DVDFab 8 Qt_is1" = DVDFab 8.1.2.5 (29/09/2011) Qt
"EOS Utility" = Canon Utilities EOS Utility
"Eye-One Match_is1" = Eye-One Match 3.6.2
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.0
"Glary Utilities_is1" = Glary Utilities 2.32.0.1126
"GoToAssist" = GoToAssist Corporate
"HijackThis" = HijackThis 2.0.2
"HP PrecisionScan" = HP PrecisionScan
"i1_driver_installer_utility_i1Match_is1" = i1_driver_installer_utility_i1Match version 1.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1DD47D49-F046-4919-831F-EE576A04D5B2}" = Canon Utilities EOS Capture 1.1
"InstallShield_{3DEE5725-339C-4812-A401-DCCE20AF9D72}" = iHome Keyboard & Mouse Driver
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}" = iPod for Windows 2005-06-26
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{D1CA45BE-431A-4FA7-8E98-AFE546F96D58}" = Canon Utilities EOS Viewer Utility 1.1
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA Driver
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NovaBACKUP" = NovaBACKUP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCCloneEX" = PCCloneEX
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.1
"PhotomatixPro41x32_is1" = Photomatix Pro version 4.1.3
"Picasa 3" = Picasa 3
"PUBLISHER" = Microsoft Office Publisher 2007
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer Basic
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"SEF4_is1" = SizeExplorer Free 4.1
"SkyCaddieDesktop" = SkyCaddie Desktop
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SystemRequirementsLab" = System Requirements Lab
"UN060501" = BUFFALO NAS Navigator2
"UN070410" = BUFFALO TurboUSB for FLASH/HDD
"UN090415" = BUFFALO LinkStation(LS-CHL) Setup Guide
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoMach" = VideoMach
"WampServer 2_is1" = WampServer 2.0
"Wave Corrector DeClick_is1" = Wave Corrector DeClick version 1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1901060476-2160935586-1665064021-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Miller's Remote Suite (PLUS)" = Miller's Remote Suite (PLUS)
"Miller's Remote Suite (PLUS) Order Migration Tool" = Miller's Remote Suite (PLUS) Order Migration Tool
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2011 11:50:25 AM | Computer Name = 5G415C1 | Source = NovaBACKUP | ID = 1
Description = Word Documents Folder Job [Completed with errors], Thursday, November
17, 2011 Objects Selected : 0 Bytes Selected : 0 KB Objects Completed :
0 Bytes Completed : 0 KB Start Time : 11/17/2011, 10:50:14 AM End Time
: 11/17/2011, 10:50:25 AM Elapsed Time : 00:00:11 1 Informational
message(s), 1 warning(s), 1 error(s) Log file: C:\Documents and Settings\All Users\Application
Data\NovaStor\NovaStor NovaBACKUP\Logs\4ec52d36.txt

Error - 11/17/2011 11:58:48 AM | Computer Name = 5G415C1 | Source = NovaBACKUP | ID = 1
Description = LIGHTROOM Backup Job [Completed with errors], Thursday, November 17,
2011 Objects Selected : 0 Bytes Selected : 0 KB Objects Completed : 0 Bytes
Completed : 0 KB Start Time : 11/17/2011, 10:58:36 AM End Time
: 11/17/2011, 10:58:48 AM Elapsed Time : 00:00:12 1 Informational message(s),
1 warning(s), 1 error(s) Log file: C:\Documents and Settings\All Users\Application
Data\NovaStor\NovaStor NovaBACKUP\Logs\4ec52f2c.txt

Error - 11/17/2011 11:18:42 PM | Computer Name = 5G415C1 | Source = NovaBACKUP | ID = 1
Description = Word Documents Folder Job [Completed with errors], Thursday, November
17, 2011 Objects Selected : 0 Bytes Selected : 0 KB Objects Completed :
0 Bytes Completed : 0 KB Start Time : 11/17/2011, 10:18:33 PM End Time
: 11/17/2011, 10:18:42 PM Elapsed Time : 00:00:09 1 Informational
message(s), 1 warning(s), 1 error(s) Log file: C:\Documents and Settings\All Users\Application
Data\NovaStor\NovaStor NovaBACKUP\Logs\4ec5ce89.txt

Error - 11/18/2011 3:49:52 AM | Computer Name = 5G415C1 | Source = NovaBACKUP | ID = 1
Description = LIGHTROOM Backup Job [Completed with errors], Friday, November 18,
2011 Objects Selected : 0 Bytes Selected : 0 KB Objects Completed : 0 Bytes
Completed : 0 KB Start Time : 11/18/2011, 2:49:45 AM End Time
: 11/18/2011, 2:49:52 AM Elapsed Time : 00:00:07 1 Informational message(s),
1 warning(s), 1 error(s) Log file: C:\Documents and Settings\All Users\Application
Data\NovaStor\NovaStor NovaBACKUP\Logs\4ec60e19.txt

Error - 11/18/2011 9:42:28 AM | Computer Name = 5G415C1 | Source = nsService | ID = 0
Description =

Error - 11/18/2011 9:42:28 AM | Computer Name = 5G415C1 | Source = nsService | ID = 0
Description =

Error - 11/18/2011 9:42:28 AM | Computer Name = 5G415C1 | Source = nsService | ID = 0
Description =

Error - 11/18/2011 9:42:28 AM | Computer Name = 5G415C1 | Source = nsService | ID = 0
Description =

Error - 11/18/2011 11:34:23 AM | Computer Name = 5G415C1 | Source = NovaBACKUP | ID = 4003
Description = LIGHTROOM Backup Job [Completed with errors], Friday, November 18,
2011 Objects Selected : 0 Bytes Selected : 0 KB Objects Completed : 0 Bytes
Completed : 0 KB Start Time : 11/18/2011, 10:22:58 AM End Time
: 11/18/2011, 10:34:22 AM Elapsed Time : 00:11:24 1 Informational message(s),
0 warning(s), 1 error(s) Log file: C:\Documents and Settings\All Users\Application
Data\NovaStor\NovaStor NovaBACKUP\Logs\4ec67852.txt

Error - 11/19/2011 10:30:28 AM | Computer Name = 5G415C1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19154, fault address 0x00067a38.

[ System Events ]
Error - 11/19/2011 11:55:02 PM | Computer Name = 5G415C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 11/20/2011 12:10:14 AM | Computer Name = 5G415C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 11/20/2011 12:13:48 AM | Computer Name = 5G415C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 11/20/2011 12:17:37 AM | Computer Name = 5G415C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 11/20/2011 12:39:41 AM | Computer Name = 5G415C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 11/20/2011 5:47:09 AM | Computer Name = 5G415C1 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/20/2011 6:47:48 PM | Computer Name = 5G415C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 11/20/2011 9:34:00 PM | Computer Name = 5G415C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 11/20/2011 9:34:12 PM | Computer Name = 5G415C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 11/20/2011 9:48:46 PM | Computer Name = 5G415C1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Norton Ghost
with arguments "" in order to run the server: {F3DC957F-00CA-4D2A-A9AD-03FA855AAE38}


< End of report >


THANK YOU

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:50 PM

Posted 21 November 2011 - 06:30 PM

Hi,

Would you be willing to remove Norton Ghost to see if that helps? If it isn't working, you don't really use it anyways, do you?

Have you tried reinstalling Trend Micro? (It looks like it..)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 vdotmatrix

vdotmatrix
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 22 November 2011 - 08:28 AM

Thank you!

To reiterate I discovered a redirecting malware on October 24th. Before that my system worked just fine ( DELL XPS 410,XP-PRO, 4GB RAM,etc....)

I worked with GRINGO to detect and remove all the MALWARE and trojan presence but the issue of lagging, in other words, the little hour-glass icon or momentary (not responding)message appears anywhere across the system.

I removed NORTON GHOST; I uninstalled Trend Micro Titanium 2012 (expiring on the 25th anyway) and installed a new copy of the 2012 with a new serial number.

When the attack occurred it DELETED all restore points prior to the October 24th attack; my mouse coincidentally stopped working ( who knows?).

Some issue with memory?
The lagging issue persists.

thank you for helping

Edited by vdotmatrix, 22 November 2011 - 08:29 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:50 PM

Posted 22 November 2011 - 04:30 PM

Hi,

I'm seeing leftovers from Norton Ghost, which is why I was asking whether you want to remove it entirely or not:

SRV - [2007/04/10 12:01:16 | 002,066,024 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2006/12/27 05:09:58 | 000,822,424 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)


Since it would seem that this was what you were trying, please run the Symantec Removal Tool:
Please click HERE and follow the instructions in STEP 3 to download and run the norton removal tool. (I know it says it's for the security suite, but it works for all Symantec tools)

Let me know if that changes anything.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 vdotmatrix

vdotmatrix
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 25 November 2011 - 10:16 PM

Hi,

I'm seeing leftovers from Norton Ghost, which is why I was asking whether you want to remove it entirely or not:

SRV - [2007/04/10 12:01:16 | 002,066,024 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2006/12/27 05:09:58 | 000,822,424 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)


Since it would seem that this was what you were trying, please run the Symantec Removal Tool:
Please click HERE and follow the instructions in STEP 3 to download and run the norton removal tool. (I know it says it's for the security suite, but it works for all Symantec tools)

Let me know if that changes anything.

regards myrti

I ran this tool.
Everything seems to be clean or remnants of anything that prevented Trend Micro Titanium 2012 from reinstalling or any remnants of stuff we found through BC that could be hanging my system up as a result of the attack. But the conidtion persists. I hope it isnt something simple that we are over looking...but you read the scan...should I run anything else you like to look at ? I have been at this for 4 weeks if you can believe that!

I have removed any other AV malware program from malwarebytes to spybot SD to system mechanic. For some reason, the defogger program seems to knaw at me as having something to do with this issue but what do I know.

I remember back with either XP or Windows-98 there use to be a windows utility disk for reinstalling drivers that may have been corrupted and was wondering if they did away with that in XP-pro?

#8 vdotmatrix

vdotmatrix
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 27 November 2011 - 05:03 AM

Can we be all the malware is gone from my system?

#9 vdotmatrix

vdotmatrix
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 27 November 2011 - 07:42 PM

TREND MICRO JUST STOPPED THIS THING CONTAINED WITHIN dds.:TROJ_GEN.R4FC8KR

Can we rescan for threats?

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:50 PM

Posted 28 November 2011 - 03:51 PM

Hi,
if you have your windows CD at hand we could run a sfc /scannow. I guess that's the closest thing I know off to the driver reinstall utility:
Go to the Run box on the Start Menu and type in:

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

More info on this process can be found here.

EDIT: Trend Micro detected the program we used to analyse your PC. I'll let the creator now so that he can contact and resolve this False Positive.

Edited by myrti, 28 November 2011 - 03:52 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:50 PM

Posted 03 December 2011 - 09:24 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users