WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
spyware.spyeyes
Started by
lthsinc
, Oct 28 2010 05:40 PM
177 replies to this topic
#31
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 30 October 2010 - 09:53 PM
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Register to Remove
#32
lthsinc
-
- Authentic Member
-
- 103 posts
Authentic Member
Posted 30 October 2010 - 10:03 PM
I've finished the reformat, and installing the applications, etc., I've not transferred over the docs yet, but am running scans from Norton and Malwarebytes just to check it out. Once done, I'd like to download your tools and run those scans again, and send you the results, just for a final review so I know I'm not nuts. Would that be all right?
#33
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 30 October 2010 - 10:04 PM
Absolutely 
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#34
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 03 November 2010 - 03:34 AM
Do you still need help?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#35
lthsinc
-
- Authentic Member
-
- 103 posts
Authentic Member
Posted 03 November 2010 - 11:02 AM
Thanks for checking back, I've been up to my neck trying to fix this stupid thing. Finally gave up and reformatted again, only to find the infection was still there, because it's in the partition that creates the reformat and reinstall to 'factory condition', (D drive), so it just keeps reinfecting itself. And to make it all even more fun, the next morning, after wall was at least working, the computer would no longer load up, just a blank screen with the blinking cursor. Aaaaagh! Well, since the computer had to be working this week, I borrowed a Vista OS disc from a neighbor and did a clean install of the system, then reloaded the drivers and the software, but didn't activate those since I'm going to redo all in a few days. All is working for now, but to do the whole thing correctly, I've ordered the recovery discs from Lenovo so I can do a complete reformat and reinstall of everything from the disc so that all functions work correctly, then I"ll reinstall the programs and activate, hopefully that will finally be it! Unbelievably, just on principal, I ran a full malwarebytes scan, and it sill found infected files! The were in files in the windows.old section, which were quarantined and deleted, but yikes, this stuff is nuclear! Anyway, yes, I would still like to request your help, if possible. Now that I've gotten that problem out of the way, I think, I'd like to take a look at my own computer. Scans are coming up clean, but it still acts like something is going on. It will run fine, then glacially slow, and some other quirky things. I was wondering if it would be okay if I downloaded those tools you reference previously, ran those scans and sent you the logs for your review and suggestions, etc. Thanks so much for all your help, just talking to someone who knows of the frustrations has been a big help!
#36
lthsinc
-
- Authentic Member
-
- 103 posts
Authentic Member
Posted 03 November 2010 - 11:06 AM
Oh, and in case it makes a difference, my OS is XP.
#37
lthsinc
-
- Authentic Member
-
- 103 posts
Authentic Member
Posted 03 November 2010 - 01:17 PM
Hello again, okay, so here are the scan logs:
OTL scan log:
OTL logfile created on: 11/3/2010 11:22:03 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\TEST\Desktop\What the Tech tools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2875 4375 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 21.43 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Computer Name: RAJANCREW | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe ()
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (America Online, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File not found
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Roxio Upnp Server 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (MWLSvc) -- C:\Program Files\McAfee\MWL\MwlSvc.exe (McAfee, Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swumx80.sys (Sierra Wireless Inc.)
DRV - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (WscNetDr) -- C:\WINDOWS\system32\drivers\WscNetDr.sys (McAfee, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.raiders.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 46 69 1D 58 56 7A 49 82 8B E7 F3 E0 9F 37 F7 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.raiders.com/"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {84b0c4a5-dd4c-483f-a01c-d25d13733609}:1.0
FF - prefs.js..extensions.enabledItems: {672f6eb2-9731-4047-b5e4-02443f330fdf}:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/06 23:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 10:57:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 10:57:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/10/06 20:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/08/23 12:45:59 | 000,000,000 | ---D | M]
[2008/10/15 09:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Extensions
[2010/10/29 00:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions
[2010/04/28 12:08:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/08 22:34:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{672f6eb2-9731-4047-b5e4-02443f330fdf}
[2009/11/04 05:44:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{84b0c4a5-dd4c-483f-a01c-d25d13733609}
[2010/06/08 14:14:50 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/09/14 10:18:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/29 00:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\toolbar@ask.com
[2010/05/12 10:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\videodowloader@videodownloader.net
[2010/10/28 22:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/28 08:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/12/09 04:24:40 | 000,261,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\tdwmsylcirtcbz.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/07 16:25:51 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/10/06 07:47:47 | 000,393,092 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.103 HP00187162F0E7
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101005205813.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Moviefone Toolbar Loader) - {cc40a9f8-4270-425e-972f-4140f0b6f71b} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Moviefone Toolbar) - {669c4c34-7457-4490-a642-a2ed3bf3bbbe} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Moviefone Toolbar) - {669C4C34-7457-4490-A642-A2ED3BF3BBBE} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [StartupBlaster] C:\Program Files\XenCare Software\Startup Blaster\StartupBlaster.exe (XenCare Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &Moviefone Toolbar Search - C:\Documents and Settings\All Users\Application Data\Moviefone Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Reg Error: Value error.)
O16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} http://www.callertun...eeting/CBRT.cab (HttpVoicePlay Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229971661671 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...127/qboax10.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://10.0.0.156/Ne...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rimsupport.w...ort/ieatgpc.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\2cf474b1658: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c12c063-aef0-11df-9029-001e4c5eba48}\Shell\AutoRun\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{0c12c063-aef0-11df-9029-001e4c5eba48}\Shell\Install\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{23ff1cf0-f1f4-11dd-8e77-001e4c5eba48}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{44145047-6e2c-11dd-8e24-001e4c5eba48}\Shell\AutoRun\command - "" = E:\v1cbvsmq.exe -- File not found
O33 - MountPoints2\{44145047-6e2c-11dd-8e24-001e4c5eba48}\Shell\open\Command - "" = E:\v1cbvsmq.exe -- File not found
O33 - MountPoints2\{4cd05f39-dcba-11df-904b-001e4c5eba48}\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O33 - MountPoints2\{620b704a-63f9-11dd-8e17-001d09b6e55c}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\Shell\AutoRun\command - "" = ph.exe
O33 - MountPoints2\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\Shell\open\Command - "" = ph.exe
O33 - MountPoints2\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\Shell\AutoRun\command - "" = E:\hjvjte.exe -- File not found
O33 - MountPoints2\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\Shell\open\Command - "" = E:\hjvjte.exe -- File not found
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\Shell\AutoRun\command - "" = E:\uqgvf.exe -- File not found
O33 - MountPoints2\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\Shell\open\Command - "" = E:\uqgvf.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe - (PalmSource, Inc)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpReg: MBkLogOnHook - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: McAfee Backup - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: McENUI - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MWLExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: OE_OEM - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SiteAdvisor - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: StartupBlaster - hkey= - key= - C:\Program Files\XenCare Software\Startup Blaster\StartupBlaster.exe (XenCare Software)
MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {91D52812-FC04-77EE-EDFA-B3DD5839FC73} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F4B2380F-9F83-482B-B51F-FD18C7EDD923} - Installation Helper
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{97BFB627-6E7B-492A-8B95-61754BAAB54D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70100879952314368)
========== Files/Folders - Created Within 30 Days ==========
[2010/11/03 10:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\What the Tech tools
[2010/11/02 09:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\NumusDiskBuilder
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\Xenocode
[2010/11/02 09:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Numus Disk Builder and Burner
[2010/11/01 23:04:27 | 001,620,715 | ---- | C] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
[2010/11/01 22:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\vista install
[2010/11/01 21:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\uTorrent
[2010/11/01 19:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\AskToolbar
[2010/11/01 19:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\NeoSmart_Technologies
[2010/11/01 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2010/11/01 12:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/10/28 08:11:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/28 08:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/28 08:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/23 22:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\FrostWire
[2010/10/23 22:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\FrostWire
[2010/10/23 22:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/10/23 06:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\Roxio
[2010/10/11 13:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Sysprep
[2010/10/08 15:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\ESPN invoices_all
[2010/10/07 14:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\My Received Files
[2010/10/06 14:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\Red Bull
[2010/10/05 21:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/10/05 21:04:51 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/10/05 21:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/10/05 20:58:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/10/05 20:57:44 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/05 20:57:44 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/05 20:57:44 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/05 20:57:44 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/05 20:57:43 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/05 19:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ApplicationHistory
[2010/10/05 19:51:19 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/10/04 16:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\New York
[2010/10/04 16:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\San Francisco
[2010/10/04 16:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\Boston
[2009/03/18 00:33:25 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2008/04/30 14:04:31 | 000,008,192 | ---- | C] ( ) -- C:\WINDOWS\System32\cshost.dll
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/03 11:47:08 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008UA.job
[2010/11/03 11:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/03 10:45:13 | 000,252,549 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/03 10:36:35 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Microsoft Office Outlook.lnk
[2010/11/03 09:57:51 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/11/03 09:44:51 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/03 09:40:14 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/03 09:38:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 09:38:09 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/02 12:28:53 | 000,037,260 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\skellingtonbats.zip
[2010/11/02 12:28:20 | 000,016,674 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\nitemare.zip
[2010/11/02 12:13:55 | 000,012,296 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\filmfonts_nightmare-before-christmas.zip
[2010/11/02 09:36:07 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Numus Disk Builder and Burner.lnk
[2010/11/02 09:32:10 | 037,205,653 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/02 06:47:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008Core.job
[2010/11/01 23:04:35 | 001,620,715 | ---- | M] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
[2010/11/01 21:43:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/11/01 20:47:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/11/01 19:52:05 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/01 11:27:05 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/11/01 01:01:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/10/31 07:32:47 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/10/28 10:44:28 | 014,304,668 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\boys.tif
[2010/10/27 22:52:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 12:48:22 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Google Chrome.lnk
[2010/10/20 12:48:22 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/20 08:53:34 | 000,023,932 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2010/10/19 19:03:17 | 000,198,732 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV_Gavin2.pdf
[2010/10/19 15:54:51 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/10/19 10:25:26 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 13:36:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 08:31:11 | 000,002,831 | ---- | M] () -- C:\Documents and Settings\TEST\My Documents\image001.gif
[2010/10/15 01:08:32 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/10/12 12:55:54 | 000,087,688 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/10/12 12:55:18 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2010/10/12 12:55:10 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/10/12 11:08:52 | 002,233,016 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[2010/10/10 10:44:51 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/10/10 10:44:43 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/10/06 23:43:39 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/10/05 21:31:31 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Wireless Network Security.lnk
[2010/10/04 13:36:56 | 000,110,263 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin.pdf
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/03 10:45:13 | 000,252,549 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/02 12:28:51 | 000,037,260 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\skellingtonbats.zip
[2010/11/02 12:28:07 | 000,016,674 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\nitemare.zip
[2010/11/02 12:12:13 | 000,012,296 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\filmfonts_nightmare-before-christmas.zip
[2010/11/02 09:36:07 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Numus Disk Builder and Burner.lnk
[2010/11/02 09:30:06 | 037,205,653 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/01 18:34:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/01 11:27:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/10/28 10:46:06 | 014,304,668 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\boys.tif
[2010/10/28 07:21:40 | 2011,213,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/23 22:52:16 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/22 22:15:28 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/19 19:03:17 | 000,198,732 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV_Gavin2.pdf
[2010/10/15 08:31:09 | 000,002,831 | ---- | C] () -- C:\Documents and Settings\TEST\My Documents\image001.gif
[2010/10/04 13:36:56 | 000,110,263 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin.pdf
[2010/08/26 14:24:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/30 16:30:29 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/05/12 11:24:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/05/04 11:32:09 | 000,002,828 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\HPCOM_48BitScanUpdate.log
[2010/05/04 11:32:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/15 09:30:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\imageCache8_UNI.db
[2009/11/23 12:10:06 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_audio.Cache
[2009/11/23 12:09:25 | 000,225,456 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image.Cache
[2009/11/05 20:34:47 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/09/10 21:48:59 | 000,000,127 | R--- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/11 08:26:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image32.Cache
[2009/08/01 23:31:27 | 000,058,355 | ---- | C] () -- C:\WINDOWS\System32\u_tdwmsylcirtcbz.dll.exe
[2009/06/23 21:01:17 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/06/19 17:51:31 | 000,023,932 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2009/02/20 23:09:33 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/12/31 13:21:49 | 000,032,469 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Tab Separated Values (Windows).ADR
[2008/11/23 23:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/11/23 23:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/11/23 23:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/23 23:41:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/23 23:41:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/20 11:58:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2008/10/01 00:48:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\bdeecc8_d.dll
[2008/08/07 14:35:08 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.7486160831680234
[2008/05/26 23:30:28 | 000,828,148 | ---- | C] () -- C:\WINDOWS\System32\VvCfPXbc.ini2
[2008/05/19 17:53:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/06 20:21:48 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/27 21:27:34 | 000,001,920 | ---- | C] () -- C:\Program Files\MileageWiz.lnk
[2007/12/27 20:39:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\fusioncache.dat
[2007/12/27 15:37:49 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/12/27 13:05:14 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/12/27 13:05:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/12/27 12:41:49 | 000,040,622 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/27 01:25:18 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/12/27 01:25:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/12/26 23:47:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(9)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(3).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(7).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(6).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(5).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(4).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(3).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(11)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(10)(2).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(9).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(8).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(10).sys
[2007/12/26 22:59:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/12/26 21:10:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/14 05:15:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/14 05:03:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/14 05:03:54 | 000,000,259 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/14 04:30:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/12/14 04:30:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/12/14 04:30:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/07 17:45:14 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\CBRT.dll
[2005/03/01 05:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/08 15:47:32 | 000,002,506 | ---- | M] () -- C:\additdiag.txt
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/06 23:43:39 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/17 11:56:55 | 008,465,120 | ---- | M] () -- C:\DCG08_StepPanel_LtBlueR6.eps
[2007/12/14 04:33:08 | 000,006,874 | RH-- | M] () -- C:\dell.sdr
[2010/05/19 14:21:36 | 000,591,373 | ---- | M] () -- C:\drivers.log
[2010/10/19 15:53:28 | 000,000,168 | ---- | M] () -- C:\EventLOG.txt
[2010/11/03 09:38:09 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/11 12:26:14 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/10 12:53:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/03 09:38:06 | 3014,656,000 | -HS- | M] () -- C:\pagefile.sys
[2010/09/05 04:39:04 | 000,000,015 | --S- | M] () -- C:\testlog.log
[2010/03/04 03:18:02 | 000,000,007 | ---- | M] () -- C:\tw0001.dat
[2009/09/16 06:23:27 | 000,000,379 | ---- | M] () -- C:\xcrashdump.dat
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/09/11 12:44:44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/08/12 11:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp082.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
[2010/06/09 08:15:12 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\The NeoSmart Files.url
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2007/12/27 21:27:34 | 000,001,920 | ---- | M] () -- C:\Program Files\MileageWiz.lnk
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2009/09/11 05:21:43 | 000,376,832 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/09/11 12:00:27 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/09/11 05:21:43 | 059,793,408 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/09/11 05:21:43 | 006,291,456 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/09/11 12:45:33 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/07 11:23:34 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 12:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/11/02 09:32:10 | 037,205,653 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/01 23:04:35 | 001,620,715 | ---- | M] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
< %PROGRAMFILES%\Common Files\*.* >
[2003/08/27 14:19:18 | 000,036,963 | R--- | M] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2009/01/28 16:44:19 | 069,076,264 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\TEST\My Documents\iTunesSetup.exe
[2009/04/09 09:53:30 | 002,493,486 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\TEST\My Documents\online-stopwatch.exe
< %USERPROFILE%\*.exe >
[2010/04/20 06:38:54 | 000,103,784 | ---- | M] () -- C:\Documents and Settings\TEST\GoToAssistDownloadHelper.exe
< %systemroot%\ADDINS\*.* >
[2004/08/04 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2008/09/10 17:03:48 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\TEST\Favorites\Desktop.ini
[2010/11/01 12:00:50 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\TEST\Favorites\NCH Software Download Site.lnk
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/03 10:58:21 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\TEST\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2004/08/10 09:11:00 | 000,022,486 | ---- | M] () -- C:\WINDOWS\system32\lrnxp.ico
[2008/07/20 17:24:08 | 000,029,350 | R--- | M] () -- C:\WINDOWS\system32\uDirectInstall.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/11/03 10:58:24 | 014,155,776 | ---- | M] () -- C:\Documents and Settings\TEST\NTUSER.DAT
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< %ProgramFiles%\yahoo.net\*.* >
< %systemroot%\system32\*.igo >
< %systemroot%\*.rew >
< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2004/09/30 17:03:40 | 000,299,008 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg12.exe
[2004/09/30 17:03:43 | 000,659,456 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng12.exe
[2004/09/30 17:03:46 | 000,331,776 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre12.exe
[2004/09/30 17:03:49 | 000,401,408 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc12.exe
[2004/09/30 17:03:53 | 000,180,224 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw12.exe
[2004/09/30 17:03:56 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu12.exe
[2004/09/30 17:03:59 | 007,348,224 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx12.exe
< %USERPROFILE%\.COMMgr\*.* >
< %USERPROFILE%\Desktop\*.bat >
< %PROGRAMFILES%\Common Files\Real\visualizations\*.rpv /x >
< %PROGRAMFILES%\Internet Explorer\*.Jmp >
< %PROGRAMFILES%\Windows NT\system\*.dll >
< %systemroot%\system32\*.ext >
< %systemroot%\system32\Com\*.cfg >
< %systemroot%\system32\btz\*.* >
< %systemroot%\system32\EMP\*.* >
< %systemroot%\system32\expo\*.* >
< %systemroot%\system32\inet2\*.* >
< %systemroot%\system32\xrem\*.* >
< %ProgramFiles%\Microsoft\*.* >
< %systemroot%\usgwmt\*.* >
< %ProgramFiles%\B\*.* >
< %SYSTEMDRIVE%\lspp\*.* >
< %systemroot%\Kral\*.* >
< %SYSTEMDRIVE%\windowsdvd.exe\*.* >
< %systemroot%\system32\*.ipo >
< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >
< %systemroot%\system32\*.mof >
< %systemroot%\*.atm >
[2010/03/15 17:10:27 | 000,189,206 | ---- | M] () -- C:\WINDOWS\ATMREG.ATM
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< %systemroot%\system32\svhost\*.* >
< %ProgramFiles%\system32\*.* >
< %ProgramFiles%\Docmentt\*.* >
< %systemroot%\Help\*.vbs >
< %ProgramFiles%\Windows WinSxs\*.* /s >
< %ProgramFiles%\Outlook Express\IDT\*.* /s >
< %ProgramFiles%\Microsoft Office\365\*.* /s >
< %ProgramFiles%\Windows Live\*.* >
< %systemroot%\system32\win32\*.* >
< %SYSTEMDRIVE%\RECYCLER\*.* >
< %systemroot%\Fresh1\*.* >
< %ProgramFiles%\Kekj\*.* /s >
< %systemroot%\GDU\*.* >
< %systemroot%\KA\*.* >
< %systemroot%\R\*.* >
< %systemroot%\system32\*.fyo >
< %USERPROFILE%\System\*.* >
< %systemroot%\Source\*.* >
< %systemroot%\system32\ac\*.* >
< %ProgramFiles%\MSDN\*.* >
< %AppData%\AdobeUM\winvcldll54\*.* /s >
< %ProgramFiles%\Internet Explorer\*.ico >
< %systemroot%\system32\*.ojo >
< %systemroot%\system32\d323s\*.* >
< %systemroot%\system32\re\*.* >
< %UserProfile%\Microsoft\*.dll >
< %UserProfile%\Microsoft\*.log >
< %systemroot%\Bios\*.* >
< %ProgramFiles%\Spool\*.* >
< %ProgramFiles%\promp3\*.* >
< %SYSTEMDRIVE%\Driver\*.* /s >
< %SYSTEMDRIVE%\inetserver.exe\*.* >
< %systemroot%\java\trustlib\*.* >
< %ProgramFiles%\Common Files\designer\*.exe >
< %ProgramFiles%\*. >
[2008/01/19 00:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\3DGroove
[2010/06/16 22:09:52 | 000,000,000 | ---D | M] -- C:\Program Files\4Team Corporation
[2010/10/06 13:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\ABC Amber BlackBerry Converter
[2008/11/19 18:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/12/27 02:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Type Manager
[2010/03/18 08:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\AM Pro
[2007/12/14 04:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2010/10/07 18:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2007/12/27 11:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2007/12/26 21:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2009/01/28 16:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/10/29 00:01:51 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/06/01 18:49:03 | 000,000,000 | ---D | M] -- C:\Program Files\AT&T
[2007/12/14 04:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2008/06/10 12:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\Attribute Magic Pro
[2010/04/01 09:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/11/23 19:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Dennison
[2010/10/01 19:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/09/05 12:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/12/14 04:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/10/01 21:42:34 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\Celtx
[2007/12/27 19:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/05/05 13:46:37 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/10 12:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/12/14 04:56:42 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/10/06 20:06:32 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2007/12/27 00:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Planet
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\CrossFont files
[2007/12/14 04:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/06/02 13:05:21 | 000,000,000 | ---D | M] -- C:\Program Files\Data Doctor Recovery - SIM Card (Evaluation)
[2009/08/21 19:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\Data Entry for Windows
[2010/09/14 11:27:58 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2007/12/14 05:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/12/14 05:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2007/12/14 05:10:01 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/12/14 04:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/08/26 14:24:22 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2010/05/05 12:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\FileASSASSIN
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\Final Draft 6
[2009/05/07 22:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\font programs
[2009/03/01 11:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\Fox Magic
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\FTP Commander
[2009/07/21 08:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\GetData
[2010/10/09 12:46:43 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/05 13:42:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/05/05 13:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/09/05 12:31:49 | 000,000,000 | ---D | M] -- C:\Program Files\IDA-STEP
[2007/12/28 09:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\IKEA HomePlanner
[2010/06/30 14:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2009/11/23 19:30:26 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/17 10:46:37 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/12/27 19:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2010/03/15 19:50:34 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/02/20 23:20:26 | 000,000,000 | ---D | M] -- C:\Program Files\iolo
[2009/09/19 18:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/04/14 23:41:34 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2009/09/19 18:04:30 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/10/28 08:11:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/12/27 21:27:26 | 000,000,000 | ---D | M] -- C:\Program Files\Jump Start Technologies, LLC
[2010/04/01 10:13:54 | 000,000,000 | ---D | M] -- C:\Program Files\Lame for Audacity
[2007/12/26 21:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2010/10/23 22:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/05/19 17:53:49 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2010/10/15 13:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/06 22:24:50 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/10/05 21:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Online Backup
[2010/02/15 10:43:50 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/10/05 21:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\McAfeeMOBK
[2009/08/28 17:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/09/29 18:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\MFInstall
[2009/01/22 12:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/12/26 23:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/12/23 04:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/02/10 14:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/12/14 05:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2007/12/14 05:11:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/09/29 14:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/12/26 23:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/12/23 04:03:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/12/26 23:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/12/14 04:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2010/03/11 09:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\Moviefone Toolbar
[2010/11/03 10:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/01 19:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/02/10 14:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/10 12:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 12:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/12/26 10:33:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/14 04:48:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/12/14 05:10:53 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2010/11/01 12:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2010/11/01 18:54:18 | 000,000,000 | ---D | M] -- C:\Program Files\NeoSmart Technologies
[2009/09/11 12:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/12/28 08:22:44 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2007/12/14 04:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/11/02 09:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\Numus Disk Builder and Burner
[2004/08/10 12:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/11/05 20:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\Option
[2010/05/13 07:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/07/08 15:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\Palm
[2007/12/26 21:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2009/07/21 08:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Quark
[2009/09/19 17:59:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/12/26 21:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/08/30 19:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\Recovery Toolbox for RAR
[2010/10/28 08:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\Recuva
[2009/04/01 19:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/02/13 13:44:42 | 000,000,000 | ---D | M] -- C:\Program Files\RegSupreme Pro
[2010/05/13 08:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Media Catcher
[2010/03/17 21:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2010/10/06 23:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/05/03 15:39:45 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio Creator 2009
[2010/10/25 09:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/11/05 20:17:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless Inc
[2007/12/14 04:56:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2008/06/03 08:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\SIM MAX
[2007/12/27 22:55:18 | 000,000,000 | ---D | M] -- C:\Program Files\SitStayFetchPro
[2008/10/13 10:23:03 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2007
[2009/04/25 11:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2010/08/30 19:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Smith Micro
[2009/03/18 00:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/11/23 23:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\SPSSInc
[2010/05/04 16:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2007/12/14 04:53:24 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2004/08/10 12:08:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/11/21 12:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2007/12/25 04:25:24 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/08/06 13:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/10 03:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/08/03 19:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/01/22 12:36:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/03/01 12:29:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/09/11 12:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/04/25 11:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2004/08/10 12:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/09/02 13:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/05/07 22:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2010/10/06 23:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\XenCare Software
[2010/11/02 09:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\Xenocode
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/09/21 16:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/04/24 11:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\YouSendIt
[2010/02/19 13:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\ZipItFree
< %systemroot%\system32\*.tso >
< %ALLUSERSPROFILE%\Documents\Server\*.* >
< %systemroot%\*.pif >
[2004/08/04 04:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< %systemroot%\system32\n7533\*.* >
< %systemroot%\Us18336\*.* >
< %systemroot%\system32\*.zip >
< %systemroot%\system32\*.wgo >
< %systemroot%\system32\dllcache\*.com >
< %systemroot%\system32\dllchache\*.* >
< %systemroot%\system32\038840\*.* >
< %systemroot%\system32\13E92A\*.* >
< %systemroot%\system32\1CB5AD\*.* >
< %systemroot%\system32\52682A\*.* >
< %USERPROFILE%\My Documents\*.htm >
< %SYSTEMDRIVE%\Mr_CF\*.* >
< %USERPROFILE%\My Documents\*.dll >
< %USERPROFILE%\My Documents\*.ccc >
< %systemroot%\system32\Sis\*.* >
< %systemroot%\Microsft\*.* >
< %SYSTEMDRIVE%\driverwinx.exe\*.* >
< %systemroot%\BifroXx\*.* >
< %SYSTEMDRIVE%\TSTP\*.* >
< %systemroot%\winsn\*.* >
< %ProgramFiles%\windata\*.* >
< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >
< %systemroot%\system32\*.sao >
< %systemroot%\system32\*.iem >
< %systemroot%\system32\*.mdd >
< %systemroot%\system32\*.wlo >
< %systemroot%\system32\*.skn >
< %SYSTEMDRIVE%\Winup\*.* >
< %SYSTEMDRIVE%\test\*.* >
< %systemroot%\system32\med\*.* >
< %systemroot%\Bifrost\*.* >
< %systemroot%\system32\explorer.exe\*.* >
< %UserProfile%\UserData\*.dat /x >
< %SYSTEMDRIVE%\Arquivo de programas\*.* >
< %ProgramFiles%\tcpview\*.* >
< %systemroot%\system32\*.lyo >
< %ProgramFiles%\huanbang2\*.* >
< %systemroot%\winhuanbang\*.* >
< %systemroot%\minrsv.ini\*.* >
< %systemroot%\assembly\GAC\*.* >
[2008/01/07 09:38:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC\PublisherPolicy.tme
< %AppData%\Adobe\crtmswin91\*.* >
< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2008/04/21 03:02:07 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
< %systemroot%\system32\*.pdo >
< %SYSTEMDRIVE%\APPDATASH\*.* >
< %SYSTEMDRIVE%\sy\*.* >
< %systemroot%\*.cot >
< %systemroot%\system32\*.html >
< %systemroot%\system32\win32.exe\*.* >
< %systemroot%\System32\9283\*.* >
< %systemroot%\System32\hardpol\*.* /s >
< %systemroot%\Fonts\*.dat >
< %ProgramFiles%\WinNTsystem operation\*.* >
< %SYSTEMDRIVE%\moneyxmexx.exe\*.* >
< %USERPROFILE%\Templates\*.exe >
< %SYSTEMDRIVE%\MSOCache\*.* >
< %systemroot%\inf\win\*.* >
< %SYSTEMDRIVE%\users\*.ini /x >
< %systemroot%\Media\*.exe >
< %systemroot%\Media\*.dll >
< %AppData%\AdobeUM\upldrvdrv2\*.* >
< %ProgramFiles%\wiselink\*.* >
< %systemroot%\*.wd >
< %systemroot%\boot\*.* >
< %systemroot%\ime\*.dll /x >
< %systemroot%\system32\GroupPolicy\User\Scripts\*.* /s >
< %systemroot%\system32\*.INS >
< %SYSTEMDRIVE%\Temporary\*.* >
< %AppData%\AdobeUM\vclvclupl66\*.* >
< %SYSTEMDRIVE%\KEY\*.* /s >
< %SYSTEMDRIVE%\INVRSO\*.* >
< %systemroot%\Config\Audit\*.* /s >
< %ProgramFiles%\facebook\*.* >
< %SystemRoot%\system32\___hptmp\*.* >
< %SystemRoot%\system32\Macromedia\*.* >
< %SystemRoot%\system32\Macrocmp\*.* >
< %systemroot%\ap0calypse_00CD1A40\*.* /s >
< %SYSTEMDRIVE%\bbotxxxxxx.exe\*.* >
< %systemroot%\cacher\*.* >
< %systemroot%\down\*.* >
< %systemroot%\up\*.* >
< %SYSTEMDRIVE%\bootstartx.exe\*.* >
< %systemroot%\system32\wbem\grpconv.exe >
< %SYSTEMDRIVE%\Zolander\*.* /s >
< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download >
"CheckExeSignatures" = yes
"RunInvalidSignatures" = 0
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName6 /rs >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-03 14:49:33
========== Alternate Data Streams ==========
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL Extras scan log:
OTL Extras logfile created on: 11/3/2010 11:22:03 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\TEST\Desktop\What the Tech tools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2875 4375 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 21.43 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Computer Name: RAJANCREW | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" File not found
https [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\SPSSInc\Statistics17\statistics.com" = C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com -- (SPSS Inc)
"C:\Program Files\SPSSInc\Statistics17\statistics.exe" = C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe -- (SPSS Inc)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:Embedded Web Server Link application -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe:*:Enabled:HP Instant Share Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:HP AiO Fax Manager -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\McAfee\MWL\MwlSvc.exe" = C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security -- (McAfee, Inc.)
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{20159B36-3A64-49AB-B3AA-FE6DE1D93C7C}" = Computrace
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = EMC 11 Content
"{25E125C0-77ED-4E7A-86DD-0A50BE3D7161}" = 4Team Send2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2941B275-8FF2-4FD9-B575-A11C0A99DFFA}" = XMPie uDirect
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Creator 2009
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3AC275FB-658D-43DA-A04D-9B2E30E517B2}" = Palm
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{57B07B2E-DF09-4278-948A-363438A6CE01}" = Startup Blaster
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C8AE145-C9F7-4883-9750-7ECD2B41CCCA}" = Linksys VPN Client
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = ERROR:unable to read certificate file
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D48CC96-AC7C-449F-BD06-7C52A791848B}" = 7400
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DA9AE34-33A1-45C5-A183-D05D42388616}" = XMPie uDirect
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009
"{7A7B3764-7F17-4AB1-A1D3-3B01F5F07445}" = Roxio Creator 2009
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7EE305C0-5DB2-11D4-AE43-0050DA5BC72E}" = Movie Magic Budgeting
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8424EF22-44CF-4DD4-B702-FADA3998F4BA}" = StuffIt 11
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{870F5190-5155-41A3-90C5-9110BA36A1BC}" = MileageWiz
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901CE21C-9EA9-498F-A37A-28D0A00371A3}" = Data Entry for Windows 4.0.0
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A224D9F0-568B-11D4-AE3C-0050DA5BC72E}" = Movie Magic Scheduling
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6378A63-9F72-970C-6E1C-CD812BC74433}" = MyFonts Order M1005956
"{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.01
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AA749D64-3741-4D5F-B804-B0BC05D179D1}" = Roxio CinePlayer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC8B19D1-91D2-4D5B-B331-F885F432745E}" = Final Draft 6
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D94A94D5-801D-4222-8394-7EF23BC59D8C}" = Genuine Fractals LE
"{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}" = SIM MAX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E215F522-2FD6-46F4-9507-747E14D71598}" = IKEA HomePlanner Kitchen
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB7E722A-4530-46C7-AB4D-9BF2C6696339}" = XMPie uDirect
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ECB82093-A207-4B57-A0C3-81202EBC39D8}" = AT&T Communication Manager
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.52
"ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.5 Professional
"Adobe Acrobat 8 Professional_825" = Adobe Acrobat 8.2.5 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe Type Manager Deluxe 4.1" = Adobe Type Manager Deluxe 4.1
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AMPro" = AttributeMagic Pro
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Uninstaller" = AOL Uninstaller
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Audio Editor_is1" = AVS Audio Editor version 5.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BlackBerry_{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"Celtx (1.0)" = Celtx (1.0)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Data Doctor Recovery - SIM Card (Evaluation) 3.0.1.5" = Data Doctor Recovery - SIM Card (Evaluation) 3.0.1.5
"Defraggler" = Defraggler
"EasyBCD" = EasyBCD 2.0
"ExpressBurn" = Express Burn Disc Burning Software
"ffdshow_is1" = ffdshow
"FileASSASSIN" = FileASSASSIN
"Final Draft v6.0.2.5 Update" = Final Draft v6.0.2.5 Update
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"FTP Commander" = FTP Commander
"Google Desktop" = Google Desktop
"HP Photo & Imaging" = HP Image Zone 4.7
"IDA-STEP" = IDA-STEP
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}" = DesignPro 5.0 Media Edition
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire PRO 4.10.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moviefone Toolbar" = Moviefone Toolbar for Internet Explorer
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Navigator (9.0.0.5)" = Netscape Navigator (9.0.0.5)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Numus Disk Builder and Burner" = Numus Disk Builder and Burner 2.2.7
"PitStop 4.0" = Enfocus PitStop 4.0
"Port Magic" = Pure Networks Port Magic
"RealPlayer 6.0" = RealPlayer Basic
"Recover My Files_is1" = Recover My Files
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Recuva" = Recuva
"RegSupreme Pro_is1" = RegSupreme Pro
"Replay Media Catcher 3.11" = Replay Media Catcher
"ScreenVirtuoso Pro 2.10_is1" = ScreenVirtuoso Pro 2.10
"ScreenVirtuoso PRO 3.40_is1" = ScreenVirtuoso PRO 3.40
"ScreenVirtuoso PRO_is1" = ScreenVirtuoso PRO 3.90
"SearchAssist" = SearchAssist
"SitStayFetchPro_is1" = SitStayFetchPro 1.2
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Uninstall
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"ZipItFree 1.95" = ZipItFree 1.95
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/2/2010 6:01:08 AM | Computer Name = RAJANCREW | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 11/2/2010 6:01:10 AM | Computer Name = RAJANCREW | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2A3320D6-C805-4280-B423-B665BDE33D8F}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB979906-X86\NDP1.1sp1-KB979906-X86-msi.0.log.
Error - 11/2/2010 6:01:12 AM | Computer Name = RAJANCREW | Source = NativeWrapper | ID = 5000
Description =
Error - 11/3/2010 10:48:34 AM | Computer Name = RAJANCREW | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 11/3/2010 10:49:03 AM | Computer Name = RAJANCREW | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2A3320D6-C805-4280-B423-B665BDE33D8F}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB979906-X86\NDP1.1sp1-KB979906-X86-msi.0.log.
Error - 11/3/2010 10:49:14 AM | Computer Name = RAJANCREW | Source = NativeWrapper | ID = 5000
Description =
Error - 11/3/2010 12:45:01 PM | Computer Name = RAJANCREW | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3844 (0xf04) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Common
Files\McAfee\SystemCore\mfebopa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 11/3/2010 12:47:48 PM | Computer Name = RAJANCREW | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3448 (0xd78) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\WinZip\WZVINFO.DLL
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 11/3/2010 12:52:58 PM | Computer Name = RAJANCREW | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3012 (0xbc4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr
by C:\Program Files\Safari\Safari.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 11/3/2010 1:15:25 PM | Computer Name = RAJANCREW | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3828 (0xef4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\TEST\Desktop\What
the Tech tools\OTL.exe by C:\WINDOWS\system32\rundll32.exe 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
[ System Events ]
Error - 11/2/2010 12:12:18 PM | Computer Name = RAJANCREW | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/2/2010 1:51:43 PM | Computer Name = RAJANCREW | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 11/2/2010 1:51:52 PM | Computer Name = RAJANCREW | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 11/2/2010 2:32:00 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10010
Description = The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register
with DCOM within the required timeout.
Error - 11/3/2010 10:51:43 AM | Computer Name = RAJANCREW | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows
2000 and Windows XP (KB979906).
Error - 11/3/2010 12:43:34 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10010
Description = The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register
with DCOM within the required timeout.
Error - 11/3/2010 12:43:54 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10010
Description = The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register
with DCOM within the required timeout.
Error - 11/3/2010 1:12:18 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 11/3/2010 1:37:12 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 11/3/2010 2:31:56 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10010
Description = The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register
with DCOM within the required timeout.
< End of report >
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RKUnhookerLE scan log:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0E3000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2063744 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2063744 bytes
0x804D7000 RAW 2063744 bytes
0x804D7000 WMIxWDM 2063744 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB91D5000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1847296 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB0A10000 C:\WINDOWS\system32\drivers\sthda.sys 1126400 bytes (SigmaTel, Inc., NDRC)
0xBF34A000 C:\WINDOWS\System32\ativvaxx.dll 1093632 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB0BD9000 C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB0B23000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9DBE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB0770000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9159000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 425984 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB9E8B000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xB08D5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB8FD8000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 294912 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF09D000 C:\WINDOWS\System32\atikvmag.dll 286720 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xAD4BC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB0CD0000 C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 237568 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB8FA4000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xB0952000 C:\WINDOWS\System32\Drivers\UDFReadr.SYS 204800 bytes (Sonic Solutions, CD-UDF NT Filesystem Reader Driver)
0xB90BC000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9D91000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB07DF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB90EB000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB082D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB904B000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB0855000 C:\WINDOWS\System32\Drivers\Mpfp.sys 147456 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xB09EC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB0996000 C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS 143360 bytes (Windows ® 2000 DDK provider, DVDVR Filesystem Reader Driver)
0xB9113000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB9136000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB080B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB0879000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CF000 ACPI_HAL 131968 bytes
0x806CF000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EFA000 fltmgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9D76000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAE2B4000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0xB9F19000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xAE237000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB9E5E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9080000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAE24E000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0xB9E75000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xACA19000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0xB8F8E000 C:\WINDOWS\system32\DRIVERS\WscNetDr.sys 90112 bytes (McAfee, Inc., McAfee Wireless Home Network Security Driver)
0xADF2A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9097000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xB91C1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB092D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB08C2000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xB09D9000 C:\WINDOWS\system32\DRIVERS\MOBK.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xB9E4B000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EE8000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB906F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB90AB000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 69632 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB9398000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA2D8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA228000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAE1E7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA238000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xAD075000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xBA268000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB93F8000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xBA208000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xACDBD000 C:\WINDOWS\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA258000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA298000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA0F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA288000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA108000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAD6E5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB9428000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xBA390000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA3E8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA478000 C:\WINDOWS\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xBA488000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA380000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 28672 bytes (REDC, RICOH MMC Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA400000 C:\WINDOWS\System32\Drivers\Cinemsup.SYS 24576 bytes (Sonic Solutions, SW CineMaster Support)
0xBA3D0000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xBA368000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA370000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3D8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xBA470000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0xBA3E0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3F0000 C:\WINDOWS\system32\drivers\tcpipBM.sys 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0xBA398000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA440000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8D66000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xAE033000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9D3A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA550000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xADC79000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA55C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAE163000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB0718000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9D32000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB903B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9D46000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA60C000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xBA612000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 BMLoad.sys 8192 bytes (Bytemobile, Inc., Bytemobile Kernel Driver Loader)
0xBA5FA000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xBA640000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0xBA610000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA60E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA614000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA616000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA600000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBA606000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA730000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA68A000 C:\WINDOWS\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xBA674000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA679000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [atwpkt2.sys]
WARNING: Virus alike driver modification [atwpkt264.sys]
0xACFD7730 Unknown thread object [ ETHREAD 0x895A14A8 ] , 600 bytes
0xACA43730 Unknown thread object [ ETHREAD 0x88C247E8 ] , 600 bytes
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MBR Checker scan log:
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CF000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA338000 cercsr6.sys
0xB9F19000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EFA000 fltmgr.sys
0xB9EE8000 sr.sys
0xB9E8B000 mfehidk.sys
0xB9E75000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9E5E000 KSecDD.sys
0xB9E4B000 WudfPf.sys
0xB9DBE000 Ntfs.sys
0xB9D91000 NDIS.sys
0xB9D76000 Mup.sys
0xBA5AC000 BMLoad.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB9D46000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB91D5000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB91C1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9159000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9136000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA4B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA208000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5FA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA218000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA228000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9113000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA368000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB90EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA238000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA370000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB90BC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA378000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB90AB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA380000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB9D3A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA5FE000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA730000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9097000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xBA600000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA390000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D32000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9080000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA398000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB906F000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB904B000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB8FD8000 \SystemRoot\system32\drivers\mfefirek.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA606000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8FA4000 \SystemRoot\system32\DRIVERS\update.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8F8E000 \SystemRoot\system32\DRIVERS\WscNetDr.sys
0xBA298000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB0CD0000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xB0BD9000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xB0B23000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xB0A10000 \SystemRoot\system32\drivers\sthda.sys
0xB09EC000 \SystemRoot\system32\drivers\portcls.sys
0xBA2D8000 \SystemRoot\system32\drivers\drmk.sys
0xBA60E000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB09D9000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xBA610000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA679000 \SystemRoot\System32\Drivers\Null.SYS
0xBA612000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3D0000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA3D8000 \SystemRoot\System32\drivers\vga.sys
0xBA614000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA616000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB0996000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
0xBA3E0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB0952000 \SystemRoot\System32\Drivers\UDFReadr.SYS
0xB903B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB092D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB08D5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA3F0000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
0xB08C2000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB0879000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB0855000 \SystemRoot\System32\Drivers\Mpfp.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB082D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB080B000 \SystemRoot\System32\drivers\afd.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB07DF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB0770000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA108000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9428000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA400000 \SystemRoot\System32\Drivers\Cinemsup.SYS
0xB8D66000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xB9398000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB0718000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA440000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA674000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09D000 \SystemRoot\System32\atikvmag.dll
0xBF0E3000 \SystemRoot\System32\ati3duag.dll
0xBF34A000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA550000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB93F8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA68A000 \SystemRoot\System32\DLA\DLADResM.SYS
0xAE2B4000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xBA470000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA640000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA478000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xBA488000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAE24E000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAE237000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xAE163000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADF2A000 \SystemRoot\system32\drivers\wdmaud.sys
0xAE1E7000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA60C000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xADC79000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAD4BC000 \SystemRoot\System32\Drivers\HTTP.sys
0xAD075000 \SystemRoot\system32\drivers\cfwids.sys
0xAE033000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xACA19000 \SystemRoot\system32\drivers\mfeapfk.sys
0xACDBD000 \SystemRoot\system32\drivers\mfebopk.sys
0xAD6E5000 \SystemRoot\System32\Drivers\Normandy.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 52):
0 System Idle Process
4 System
1184 C:\WINDOWS\system32\smss.exe
1236 csrss.exe
1272 C:\WINDOWS\system32\winlogon.exe
1320 C:\WINDOWS\system32\services.exe
1332 C:\WINDOWS\system32\lsass.exe
1536 C:\WINDOWS\system32\ati2evxx.exe
1564 C:\WINDOWS\system32\svchost.exe
1676 svchost.exe
1720 C:\WINDOWS\system32\svchost.exe
1768 C:\WINDOWS\system32\svchost.exe
1796 C:\WINDOWS\system32\ati2evxx.exe
2012 svchost.exe
832 C:\WINDOWS\system32\spoolsv.exe
1040 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1060 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1640 C:\Program Files\Bonjour\mDNSResponder.exe
256 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
404 C:\WINDOWS\explorer.exe
956 C:\Program Files\Java\jre6\bin\jqs.exe
984 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1068 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1108 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1176 C:\WINDOWS\system32\mfevtps.exe
1392 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
328 C:\WINDOWS\system32\svchost.exe
376 C:\WINDOWS\system32\svchost.exe
2316 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2352 C:\WINDOWS\system32\svchost.exe
2368 C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
2648 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
4012 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
4024 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
4036 C:\WINDOWS\system32\WLTRAY.EXE
4044 C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe
4068 C:\Program Files\McAfee.com\Agent\mcagent.exe
272 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1904 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
572 C:\WINDOWS\stsystra.exe
664 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2112 C:\WINDOWS\system32\ctfmon.exe
3332 C:\WINDOWS\system32\wuauclt.exe
592 C:\Program Files\Common Files\AOL\1198781840\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
3196 C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe
2672 C:\Program Files\Safari\Safari.exe
2440 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
2504 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3972 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
3732 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
3580 C:\Documents and Settings\TEST\Desktop\What the Tech tools\RKUnhookerLE.EXE
3780 C:\Documents and Settings\TEST\Desktop\What the Tech tools\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)
PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDE
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Please let me know if you need anything else. Thanks as always, talk w/you soon.
OTL scan log:
OTL logfile created on: 11/3/2010 11:22:03 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\TEST\Desktop\What the Tech tools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2875 4375 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 21.43 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Computer Name: RAJANCREW | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe ()
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (America Online, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File not found
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Roxio Upnp Server 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (MWLSvc) -- C:\Program Files\McAfee\MWL\MwlSvc.exe (McAfee, Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swumx80.sys (Sierra Wireless Inc.)
DRV - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (WscNetDr) -- C:\WINDOWS\system32\drivers\WscNetDr.sys (McAfee, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.raiders.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 46 69 1D 58 56 7A 49 82 8B E7 F3 E0 9F 37 F7 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.raiders.com/"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {84b0c4a5-dd4c-483f-a01c-d25d13733609}:1.0
FF - prefs.js..extensions.enabledItems: {672f6eb2-9731-4047-b5e4-02443f330fdf}:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/06 23:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 10:57:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 10:57:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/10/06 20:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/08/23 12:45:59 | 000,000,000 | ---D | M]
[2008/10/15 09:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Extensions
[2010/10/29 00:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions
[2010/04/28 12:08:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/08 22:34:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{672f6eb2-9731-4047-b5e4-02443f330fdf}
[2009/11/04 05:44:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{84b0c4a5-dd4c-483f-a01c-d25d13733609}
[2010/06/08 14:14:50 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/09/14 10:18:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/29 00:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\toolbar@ask.com
[2010/05/12 10:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\videodowloader@videodownloader.net
[2010/10/28 22:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/28 08:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/12/09 04:24:40 | 000,261,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\tdwmsylcirtcbz.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/07 16:25:51 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/10/06 07:47:47 | 000,393,092 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.103 HP00187162F0E7
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101005205813.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Moviefone Toolbar Loader) - {cc40a9f8-4270-425e-972f-4140f0b6f71b} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Moviefone Toolbar) - {669c4c34-7457-4490-a642-a2ed3bf3bbbe} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Moviefone Toolbar) - {669C4C34-7457-4490-A642-A2ED3BF3BBBE} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [StartupBlaster] C:\Program Files\XenCare Software\Startup Blaster\StartupBlaster.exe (XenCare Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &Moviefone Toolbar Search - C:\Documents and Settings\All Users\Application Data\Moviefone Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Reg Error: Value error.)
O16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} http://www.callertun...eeting/CBRT.cab (HttpVoicePlay Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229971661671 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...127/qboax10.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://10.0.0.156/Ne...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rimsupport.w...ort/ieatgpc.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\2cf474b1658: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c12c063-aef0-11df-9029-001e4c5eba48}\Shell\AutoRun\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{0c12c063-aef0-11df-9029-001e4c5eba48}\Shell\Install\command - "" = E:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{23ff1cf0-f1f4-11dd-8e77-001e4c5eba48}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{44145047-6e2c-11dd-8e24-001e4c5eba48}\Shell\AutoRun\command - "" = E:\v1cbvsmq.exe -- File not found
O33 - MountPoints2\{44145047-6e2c-11dd-8e24-001e4c5eba48}\Shell\open\Command - "" = E:\v1cbvsmq.exe -- File not found
O33 - MountPoints2\{4cd05f39-dcba-11df-904b-001e4c5eba48}\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O33 - MountPoints2\{620b704a-63f9-11dd-8e17-001d09b6e55c}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\Shell\AutoRun\command - "" = ph.exe
O33 - MountPoints2\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\Shell\open\Command - "" = ph.exe
O33 - MountPoints2\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\Shell\AutoRun\command - "" = E:\hjvjte.exe -- File not found
O33 - MountPoints2\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\Shell\open\Command - "" = E:\hjvjte.exe -- File not found
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\Shell\AutoRun\command - "" = E:\uqgvf.exe -- File not found
O33 - MountPoints2\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\Shell\open\Command - "" = E:\uqgvf.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe - (PalmSource, Inc)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpReg: MBkLogOnHook - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: McAfee Backup - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: McENUI - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MWLExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: OE_OEM - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SiteAdvisor - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: StartupBlaster - hkey= - key= - C:\Program Files\XenCare Software\Startup Blaster\StartupBlaster.exe (XenCare Software)
MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {91D52812-FC04-77EE-EDFA-B3DD5839FC73} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F4B2380F-9F83-482B-B51F-FD18C7EDD923} - Installation Helper
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{97BFB627-6E7B-492A-8B95-61754BAAB54D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70100879952314368)
========== Files/Folders - Created Within 30 Days ==========
[2010/11/03 10:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\What the Tech tools
[2010/11/02 09:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\NumusDiskBuilder
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\Xenocode
[2010/11/02 09:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Numus Disk Builder and Burner
[2010/11/01 23:04:27 | 001,620,715 | ---- | C] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
[2010/11/01 22:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\vista install
[2010/11/01 21:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\uTorrent
[2010/11/01 19:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\AskToolbar
[2010/11/01 19:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\NeoSmart_Technologies
[2010/11/01 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2010/11/01 12:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/10/28 08:11:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/28 08:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/28 08:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/23 22:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\FrostWire
[2010/10/23 22:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\FrostWire
[2010/10/23 22:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/10/23 06:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\Roxio
[2010/10/11 13:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Sysprep
[2010/10/08 15:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\ESPN invoices_all
[2010/10/07 14:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\My Received Files
[2010/10/06 14:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\Red Bull
[2010/10/05 21:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/10/05 21:04:51 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/10/05 21:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/10/05 20:58:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/10/05 20:57:44 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/05 20:57:44 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/05 20:57:44 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/05 20:57:44 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/05 20:57:43 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/05 19:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ApplicationHistory
[2010/10/05 19:51:19 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/10/04 16:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\New York
[2010/10/04 16:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\San Francisco
[2010/10/04 16:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\Boston
[2009/03/18 00:33:25 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2008/04/30 14:04:31 | 000,008,192 | ---- | C] ( ) -- C:\WINDOWS\System32\cshost.dll
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/03 11:47:08 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008UA.job
[2010/11/03 11:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/03 10:45:13 | 000,252,549 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/03 10:36:35 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Microsoft Office Outlook.lnk
[2010/11/03 09:57:51 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/11/03 09:44:51 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/03 09:40:14 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/03 09:38:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 09:38:09 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/02 12:28:53 | 000,037,260 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\skellingtonbats.zip
[2010/11/02 12:28:20 | 000,016,674 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\nitemare.zip
[2010/11/02 12:13:55 | 000,012,296 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\filmfonts_nightmare-before-christmas.zip
[2010/11/02 09:36:07 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Numus Disk Builder and Burner.lnk
[2010/11/02 09:32:10 | 037,205,653 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/02 06:47:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008Core.job
[2010/11/01 23:04:35 | 001,620,715 | ---- | M] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
[2010/11/01 21:43:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/11/01 20:47:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/11/01 19:52:05 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/01 11:27:05 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/11/01 01:01:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/10/31 07:32:47 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/10/28 10:44:28 | 014,304,668 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\boys.tif
[2010/10/27 22:52:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 12:48:22 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Google Chrome.lnk
[2010/10/20 12:48:22 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/20 08:53:34 | 000,023,932 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2010/10/19 19:03:17 | 000,198,732 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV_Gavin2.pdf
[2010/10/19 15:54:51 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/10/19 10:25:26 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 13:36:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 08:31:11 | 000,002,831 | ---- | M] () -- C:\Documents and Settings\TEST\My Documents\image001.gif
[2010/10/15 01:08:32 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/10/12 12:55:54 | 000,087,688 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/10/12 12:55:18 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2010/10/12 12:55:10 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/10/12 11:08:52 | 002,233,016 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[2010/10/10 10:44:51 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/10/10 10:44:43 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/10/06 23:43:39 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/10/05 21:31:31 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Wireless Network Security.lnk
[2010/10/04 13:36:56 | 000,110,263 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin.pdf
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/03 10:45:13 | 000,252,549 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/02 12:28:51 | 000,037,260 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\skellingtonbats.zip
[2010/11/02 12:28:07 | 000,016,674 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\nitemare.zip
[2010/11/02 12:12:13 | 000,012,296 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\filmfonts_nightmare-before-christmas.zip
[2010/11/02 09:36:07 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Numus Disk Builder and Burner.lnk
[2010/11/02 09:30:06 | 037,205,653 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/01 18:34:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/01 11:27:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/10/28 10:46:06 | 014,304,668 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\boys.tif
[2010/10/28 07:21:40 | 2011,213,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/23 22:52:16 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/22 22:15:28 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/19 19:03:17 | 000,198,732 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV_Gavin2.pdf
[2010/10/15 08:31:09 | 000,002,831 | ---- | C] () -- C:\Documents and Settings\TEST\My Documents\image001.gif
[2010/10/04 13:36:56 | 000,110,263 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin.pdf
[2010/08/26 14:24:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/30 16:30:29 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/05/12 11:24:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/05/04 11:32:09 | 000,002,828 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\HPCOM_48BitScanUpdate.log
[2010/05/04 11:32:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/15 09:30:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\imageCache8_UNI.db
[2009/11/23 12:10:06 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_audio.Cache
[2009/11/23 12:09:25 | 000,225,456 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image.Cache
[2009/11/05 20:34:47 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/09/10 21:48:59 | 000,000,127 | R--- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/11 08:26:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image32.Cache
[2009/08/01 23:31:27 | 000,058,355 | ---- | C] () -- C:\WINDOWS\System32\u_tdwmsylcirtcbz.dll.exe
[2009/06/23 21:01:17 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/06/19 17:51:31 | 000,023,932 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2009/02/20 23:09:33 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/12/31 13:21:49 | 000,032,469 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Tab Separated Values (Windows).ADR
[2008/11/23 23:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/11/23 23:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/11/23 23:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/23 23:41:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/23 23:41:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/20 11:58:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2008/10/01 00:48:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\bdeecc8_d.dll
[2008/08/07 14:35:08 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.7486160831680234
[2008/05/26 23:30:28 | 000,828,148 | ---- | C] () -- C:\WINDOWS\System32\VvCfPXbc.ini2
[2008/05/19 17:53:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/06 20:21:48 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/27 21:27:34 | 000,001,920 | ---- | C] () -- C:\Program Files\MileageWiz.lnk
[2007/12/27 20:39:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\fusioncache.dat
[2007/12/27 15:37:49 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/12/27 13:05:14 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/12/27 13:05:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/12/27 12:41:49 | 000,040,622 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/27 01:25:18 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/12/27 01:25:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/12/26 23:47:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(9)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(3).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(7).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(6).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(5).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(4).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(3).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(11)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(10)(2).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(9).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(8).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(10).sys
[2007/12/26 22:59:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/12/26 21:10:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/14 05:15:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/14 05:03:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/14 05:03:54 | 000,000,259 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/14 04:30:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/12/14 04:30:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/12/14 04:30:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/07 17:45:14 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\CBRT.dll
[2005/03/01 05:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/08 15:47:32 | 000,002,506 | ---- | M] () -- C:\additdiag.txt
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/06 23:43:39 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/17 11:56:55 | 008,465,120 | ---- | M] () -- C:\DCG08_StepPanel_LtBlueR6.eps
[2007/12/14 04:33:08 | 000,006,874 | RH-- | M] () -- C:\dell.sdr
[2010/05/19 14:21:36 | 000,591,373 | ---- | M] () -- C:\drivers.log
[2010/10/19 15:53:28 | 000,000,168 | ---- | M] () -- C:\EventLOG.txt
[2010/11/03 09:38:09 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/11 12:26:14 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/10 12:53:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/03 09:38:06 | 3014,656,000 | -HS- | M] () -- C:\pagefile.sys
[2010/09/05 04:39:04 | 000,000,015 | --S- | M] () -- C:\testlog.log
[2010/03/04 03:18:02 | 000,000,007 | ---- | M] () -- C:\tw0001.dat
[2009/09/16 06:23:27 | 000,000,379 | ---- | M] () -- C:\xcrashdump.dat
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/09/11 12:44:44 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/08/12 11:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp082.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
[2010/06/09 08:15:12 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\The NeoSmart Files.url
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2007/12/27 21:27:34 | 000,001,920 | ---- | M] () -- C:\Program Files\MileageWiz.lnk
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2009/09/11 05:21:43 | 000,376,832 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/09/11 12:00:27 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/09/11 05:21:43 | 059,793,408 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/09/11 05:21:43 | 006,291,456 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/09/11 12:45:33 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/07 11:23:34 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 12:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2010/11/02 09:32:10 | 037,205,653 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/01 23:04:35 | 001,620,715 | ---- | M] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
< %PROGRAMFILES%\Common Files\*.* >
[2003/08/27 14:19:18 | 000,036,963 | R--- | M] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2009/01/28 16:44:19 | 069,076,264 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\TEST\My Documents\iTunesSetup.exe
[2009/04/09 09:53:30 | 002,493,486 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\TEST\My Documents\online-stopwatch.exe
< %USERPROFILE%\*.exe >
[2010/04/20 06:38:54 | 000,103,784 | ---- | M] () -- C:\Documents and Settings\TEST\GoToAssistDownloadHelper.exe
< %systemroot%\ADDINS\*.* >
[2004/08/04 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2008/09/10 17:03:48 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\TEST\Favorites\Desktop.ini
[2010/11/01 12:00:50 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\TEST\Favorites\NCH Software Download Site.lnk
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/03 10:58:21 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\TEST\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2004/08/10 09:11:00 | 000,022,486 | ---- | M] () -- C:\WINDOWS\system32\lrnxp.ico
[2008/07/20 17:24:08 | 000,029,350 | R--- | M] () -- C:\WINDOWS\system32\uDirectInstall.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/11/03 10:58:24 | 014,155,776 | ---- | M] () -- C:\Documents and Settings\TEST\NTUSER.DAT
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< %ProgramFiles%\yahoo.net\*.* >
< %systemroot%\system32\*.igo >
< %systemroot%\*.rew >
< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2004/09/30 17:03:40 | 000,299,008 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg12.exe
[2004/09/30 17:03:43 | 000,659,456 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng12.exe
[2004/09/30 17:03:46 | 000,331,776 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre12.exe
[2004/09/30 17:03:49 | 000,401,408 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc12.exe
[2004/09/30 17:03:53 | 000,180,224 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw12.exe
[2004/09/30 17:03:56 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu12.exe
[2004/09/30 17:03:59 | 007,348,224 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx12.exe
< %USERPROFILE%\.COMMgr\*.* >
< %USERPROFILE%\Desktop\*.bat >
< %PROGRAMFILES%\Common Files\Real\visualizations\*.rpv /x >
< %PROGRAMFILES%\Internet Explorer\*.Jmp >
< %PROGRAMFILES%\Windows NT\system\*.dll >
< %systemroot%\system32\*.ext >
< %systemroot%\system32\Com\*.cfg >
< %systemroot%\system32\btz\*.* >
< %systemroot%\system32\EMP\*.* >
< %systemroot%\system32\expo\*.* >
< %systemroot%\system32\inet2\*.* >
< %systemroot%\system32\xrem\*.* >
< %ProgramFiles%\Microsoft\*.* >
< %systemroot%\usgwmt\*.* >
< %ProgramFiles%\B\*.* >
< %SYSTEMDRIVE%\lspp\*.* >
< %systemroot%\Kral\*.* >
< %SYSTEMDRIVE%\windowsdvd.exe\*.* >
< %systemroot%\system32\*.ipo >
< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >
< %systemroot%\system32\*.mof >
< %systemroot%\*.atm >
[2010/03/15 17:10:27 | 000,189,206 | ---- | M] () -- C:\WINDOWS\ATMREG.ATM
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< %systemroot%\system32\svhost\*.* >
< %ProgramFiles%\system32\*.* >
< %ProgramFiles%\Docmentt\*.* >
< %systemroot%\Help\*.vbs >
< %ProgramFiles%\Windows WinSxs\*.* /s >
< %ProgramFiles%\Outlook Express\IDT\*.* /s >
< %ProgramFiles%\Microsoft Office\365\*.* /s >
< %ProgramFiles%\Windows Live\*.* >
< %systemroot%\system32\win32\*.* >
< %SYSTEMDRIVE%\RECYCLER\*.* >
< %systemroot%\Fresh1\*.* >
< %ProgramFiles%\Kekj\*.* /s >
< %systemroot%\GDU\*.* >
< %systemroot%\KA\*.* >
< %systemroot%\R\*.* >
< %systemroot%\system32\*.fyo >
< %USERPROFILE%\System\*.* >
< %systemroot%\Source\*.* >
< %systemroot%\system32\ac\*.* >
< %ProgramFiles%\MSDN\*.* >
< %AppData%\AdobeUM\winvcldll54\*.* /s >
< %ProgramFiles%\Internet Explorer\*.ico >
< %systemroot%\system32\*.ojo >
< %systemroot%\system32\d323s\*.* >
< %systemroot%\system32\re\*.* >
< %UserProfile%\Microsoft\*.dll >
< %UserProfile%\Microsoft\*.log >
< %systemroot%\Bios\*.* >
< %ProgramFiles%\Spool\*.* >
< %ProgramFiles%\promp3\*.* >
< %SYSTEMDRIVE%\Driver\*.* /s >
< %SYSTEMDRIVE%\inetserver.exe\*.* >
< %systemroot%\java\trustlib\*.* >
< %ProgramFiles%\Common Files\designer\*.exe >
< %ProgramFiles%\*. >
[2008/01/19 00:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\3DGroove
[2010/06/16 22:09:52 | 000,000,000 | ---D | M] -- C:\Program Files\4Team Corporation
[2010/10/06 13:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\ABC Amber BlackBerry Converter
[2008/11/19 18:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/12/27 02:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Type Manager
[2010/03/18 08:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\AM Pro
[2007/12/14 04:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2010/10/07 18:59:09 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2007/12/27 11:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2007/12/26 21:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2009/01/28 16:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/10/29 00:01:51 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/06/01 18:49:03 | 000,000,000 | ---D | M] -- C:\Program Files\AT&T
[2007/12/14 04:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2008/06/10 12:14:03 | 000,000,000 | ---D | M] -- C:\Program Files\Attribute Magic Pro
[2010/04/01 09:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/11/23 19:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Dennison
[2010/10/01 19:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/09/05 12:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/12/14 04:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/10/01 21:42:34 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\Celtx
[2007/12/27 19:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/05/05 13:46:37 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/10 12:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/12/14 04:56:42 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/10/06 20:06:32 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2007/12/27 00:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Planet
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\CrossFont files
[2007/12/14 04:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/06/02 13:05:21 | 000,000,000 | ---D | M] -- C:\Program Files\Data Doctor Recovery - SIM Card (Evaluation)
[2009/08/21 19:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\Data Entry for Windows
[2010/09/14 11:27:58 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2007/12/14 05:12:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/12/14 05:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2007/12/14 05:10:01 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/12/14 04:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/08/26 14:24:22 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2010/05/05 12:56:06 | 000,000,000 | ---D | M] -- C:\Program Files\FileASSASSIN
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\Final Draft 6
[2009/05/07 22:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\font programs
[2009/03/01 11:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\Fox Magic
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\FTP Commander
[2009/07/21 08:47:17 | 000,000,000 | ---D | M] -- C:\Program Files\GetData
[2010/10/09 12:46:43 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/05 13:42:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/05/05 13:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/09/05 12:31:49 | 000,000,000 | ---D | M] -- C:\Program Files\IDA-STEP
[2007/12/28 09:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\IKEA HomePlanner
[2010/06/30 14:17:43 | 000,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2009/11/23 19:30:26 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/17 10:46:37 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/12/27 19:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2010/03/15 19:50:34 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/02/20 23:20:26 | 000,000,000 | ---D | M] -- C:\Program Files\iolo
[2009/09/19 18:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/04/14 23:41:34 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2009/09/19 18:04:30 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/10/28 08:11:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/12/27 21:27:26 | 000,000,000 | ---D | M] -- C:\Program Files\Jump Start Technologies, LLC
[2010/04/01 10:13:54 | 000,000,000 | ---D | M] -- C:\Program Files\Lame for Audacity
[2007/12/26 21:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2010/10/23 22:06:25 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/05/19 17:53:49 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2010/10/15 13:36:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/06 22:24:50 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/10/05 21:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Online Backup
[2010/02/15 10:43:50 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2010/10/05 21:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\McAfeeMOBK
[2009/08/28 17:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/09/29 18:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\MFInstall
[2009/01/22 12:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/12/26 23:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/12/23 04:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/02/10 14:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/12/14 05:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2007/12/14 05:11:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/09/29 14:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/12/26 23:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/12/23 04:03:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/12/26 23:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/12/14 04:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2010/03/11 09:11:35 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/16 08:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\Moviefone Toolbar
[2010/11/03 10:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/01 19:46:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/02/10 14:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/10 12:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 12:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/12/26 10:33:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/14 04:48:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/12/14 05:10:53 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2010/11/01 12:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2010/11/01 18:54:18 | 000,000,000 | ---D | M] -- C:\Program Files\NeoSmart Technologies
[2009/09/11 12:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/12/28 08:22:44 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2007/12/14 04:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/11/02 09:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\Numus Disk Builder and Burner
[2004/08/10 12:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/11/05 20:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\Option
[2010/05/13 07:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/07/08 15:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\Palm
[2007/12/26 21:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2009/07/21 08:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Quark
[2009/09/19 17:59:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/12/26 21:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/08/30 19:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\Recovery Toolbox for RAR
[2010/10/28 08:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\Recuva
[2009/04/01 19:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/02/13 13:44:42 | 000,000,000 | ---D | M] -- C:\Program Files\RegSupreme Pro
[2010/05/13 08:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Media Catcher
[2010/03/17 21:58:18 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2010/10/06 23:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/05/03 15:39:45 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio Creator 2009
[2010/10/25 09:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/11/05 20:17:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless Inc
[2007/12/14 04:56:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2008/06/03 08:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\SIM MAX
[2007/12/27 22:55:18 | 000,000,000 | ---D | M] -- C:\Program Files\SitStayFetchPro
[2008/10/13 10:23:03 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2007
[2009/04/25 11:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2010/08/30 19:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Smith Micro
[2009/03/18 00:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/11/23 23:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\SPSSInc
[2010/05/04 16:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2007/12/14 04:53:24 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2004/08/10 12:08:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/11/21 12:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2007/12/25 04:25:24 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/08/06 13:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/10 03:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/08/03 19:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2009/01/22 12:36:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/03/01 12:29:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/09/11 12:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/04/25 11:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2004/08/10 12:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/09/02 13:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/05/07 22:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2010/10/06 23:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\XenCare Software
[2010/11/02 09:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\Xenocode
[2004/08/10 12:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/09/21 16:14:15 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/04/24 11:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\YouSendIt
[2010/02/19 13:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\ZipItFree
< %systemroot%\system32\*.tso >
< %ALLUSERSPROFILE%\Documents\Server\*.* >
< %systemroot%\*.pif >
[2004/08/04 04:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif
[21 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
< %systemroot%\system32\n7533\*.* >
< %systemroot%\Us18336\*.* >
< %systemroot%\system32\*.zip >
< %systemroot%\system32\*.wgo >
< %systemroot%\system32\dllcache\*.com >
< %systemroot%\system32\dllchache\*.* >
< %systemroot%\system32\038840\*.* >
< %systemroot%\system32\13E92A\*.* >
< %systemroot%\system32\1CB5AD\*.* >
< %systemroot%\system32\52682A\*.* >
< %USERPROFILE%\My Documents\*.htm >
< %SYSTEMDRIVE%\Mr_CF\*.* >
< %USERPROFILE%\My Documents\*.dll >
< %USERPROFILE%\My Documents\*.ccc >
< %systemroot%\system32\Sis\*.* >
< %systemroot%\Microsft\*.* >
< %SYSTEMDRIVE%\driverwinx.exe\*.* >
< %systemroot%\BifroXx\*.* >
< %SYSTEMDRIVE%\TSTP\*.* >
< %systemroot%\winsn\*.* >
< %ProgramFiles%\windata\*.* >
< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >
< %systemroot%\system32\*.sao >
< %systemroot%\system32\*.iem >
< %systemroot%\system32\*.mdd >
< %systemroot%\system32\*.wlo >
< %systemroot%\system32\*.skn >
< %SYSTEMDRIVE%\Winup\*.* >
< %SYSTEMDRIVE%\test\*.* >
< %systemroot%\system32\med\*.* >
< %systemroot%\Bifrost\*.* >
< %systemroot%\system32\explorer.exe\*.* >
< %UserProfile%\UserData\*.dat /x >
< %SYSTEMDRIVE%\Arquivo de programas\*.* >
< %ProgramFiles%\tcpview\*.* >
< %systemroot%\system32\*.lyo >
< %ProgramFiles%\huanbang2\*.* >
< %systemroot%\winhuanbang\*.* >
< %systemroot%\minrsv.ini\*.* >
< %systemroot%\assembly\GAC\*.* >
[2008/01/07 09:38:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC\PublisherPolicy.tme
< %AppData%\Adobe\crtmswin91\*.* >
< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2008/04/21 03:02:07 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
< %systemroot%\system32\*.pdo >
< %SYSTEMDRIVE%\APPDATASH\*.* >
< %SYSTEMDRIVE%\sy\*.* >
< %systemroot%\*.cot >
< %systemroot%\system32\*.html >
< %systemroot%\system32\win32.exe\*.* >
< %systemroot%\System32\9283\*.* >
< %systemroot%\System32\hardpol\*.* /s >
< %systemroot%\Fonts\*.dat >
< %ProgramFiles%\WinNTsystem operation\*.* >
< %SYSTEMDRIVE%\moneyxmexx.exe\*.* >
< %USERPROFILE%\Templates\*.exe >
< %SYSTEMDRIVE%\MSOCache\*.* >
< %systemroot%\inf\win\*.* >
< %SYSTEMDRIVE%\users\*.ini /x >
< %systemroot%\Media\*.exe >
< %systemroot%\Media\*.dll >
< %AppData%\AdobeUM\upldrvdrv2\*.* >
< %ProgramFiles%\wiselink\*.* >
< %systemroot%\*.wd >
< %systemroot%\boot\*.* >
< %systemroot%\ime\*.dll /x >
< %systemroot%\system32\GroupPolicy\User\Scripts\*.* /s >
< %systemroot%\system32\*.INS >
< %SYSTEMDRIVE%\Temporary\*.* >
< %AppData%\AdobeUM\vclvclupl66\*.* >
< %SYSTEMDRIVE%\KEY\*.* /s >
< %SYSTEMDRIVE%\INVRSO\*.* >
< %systemroot%\Config\Audit\*.* /s >
< %ProgramFiles%\facebook\*.* >
< %SystemRoot%\system32\___hptmp\*.* >
< %SystemRoot%\system32\Macromedia\*.* >
< %SystemRoot%\system32\Macrocmp\*.* >
< %systemroot%\ap0calypse_00CD1A40\*.* /s >
< %SYSTEMDRIVE%\bbotxxxxxx.exe\*.* >
< %systemroot%\cacher\*.* >
< %systemroot%\down\*.* >
< %systemroot%\up\*.* >
< %SYSTEMDRIVE%\bootstartx.exe\*.* >
< %systemroot%\system32\wbem\grpconv.exe >
< %SYSTEMDRIVE%\Zolander\*.* /s >
< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download >
"CheckExeSignatures" = yes
"RunInvalidSignatures" = 0
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName6 /rs >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-03 14:49:33
========== Alternate Data Streams ==========
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL Extras scan log:
OTL Extras logfile created on: 11/3/2010 11:22:03 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\TEST\Desktop\What the Tech tools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2875 4375 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 21.43 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Computer Name: RAJANCREW | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" File not found
https [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\SPSSInc\Statistics17\statistics.com" = C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com -- (SPSS Inc)
"C:\Program Files\SPSSInc\Statistics17\statistics.exe" = C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe -- (SPSS Inc)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:Embedded Web Server Link application -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe:*:Enabled:HP Instant Share Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:HP AiO Fax Manager -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\McAfee\MWL\MwlSvc.exe" = C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security -- (McAfee, Inc.)
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{20159B36-3A64-49AB-B3AA-FE6DE1D93C7C}" = Computrace
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = EMC 11 Content
"{25E125C0-77ED-4E7A-86DD-0A50BE3D7161}" = 4Team Send2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2941B275-8FF2-4FD9-B575-A11C0A99DFFA}" = XMPie uDirect
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Creator 2009
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3AC275FB-658D-43DA-A04D-9B2E30E517B2}" = Palm
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{57B07B2E-DF09-4278-948A-363438A6CE01}" = Startup Blaster
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C8AE145-C9F7-4883-9750-7ECD2B41CCCA}" = Linksys VPN Client
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = ERROR:unable to read certificate file
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D48CC96-AC7C-449F-BD06-7C52A791848B}" = 7400
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DA9AE34-33A1-45C5-A183-D05D42388616}" = XMPie uDirect
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009
"{7A7B3764-7F17-4AB1-A1D3-3B01F5F07445}" = Roxio Creator 2009
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7EE305C0-5DB2-11D4-AE43-0050DA5BC72E}" = Movie Magic Budgeting
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8424EF22-44CF-4DD4-B702-FADA3998F4BA}" = StuffIt 11
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{870F5190-5155-41A3-90C5-9110BA36A1BC}" = MileageWiz
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901CE21C-9EA9-498F-A37A-28D0A00371A3}" = Data Entry for Windows 4.0.0
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A224D9F0-568B-11D4-AE3C-0050DA5BC72E}" = Movie Magic Scheduling
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6378A63-9F72-970C-6E1C-CD812BC74433}" = MyFonts Order M1005956
"{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.01
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AA749D64-3741-4D5F-B804-B0BC05D179D1}" = Roxio CinePlayer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC8B19D1-91D2-4D5B-B331-F885F432745E}" = Final Draft 6
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D94A94D5-801D-4222-8394-7EF23BC59D8C}" = Genuine Fractals LE
"{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}" = SIM MAX
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E215F522-2FD6-46F4-9507-747E14D71598}" = IKEA HomePlanner Kitchen
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB7E722A-4530-46C7-AB4D-9BF2C6696339}" = XMPie uDirect
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ECB82093-A207-4B57-A0C3-81202EBC39D8}" = AT&T Communication Manager
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.52
"ABC Amber BlackBerry Converter" = ABC Amber BlackBerry Converter
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.5 Professional
"Adobe Acrobat 8 Professional_825" = Adobe Acrobat 8.2.5 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe Type Manager Deluxe 4.1" = Adobe Type Manager Deluxe 4.1
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AMPro" = AttributeMagic Pro
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Uninstaller" = AOL Uninstaller
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Audio Editor_is1" = AVS Audio Editor version 5.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BlackBerry_{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"Celtx (1.0)" = Celtx (1.0)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Data Doctor Recovery - SIM Card (Evaluation) 3.0.1.5" = Data Doctor Recovery - SIM Card (Evaluation) 3.0.1.5
"Defraggler" = Defraggler
"EasyBCD" = EasyBCD 2.0
"ExpressBurn" = Express Burn Disc Burning Software
"ffdshow_is1" = ffdshow
"FileASSASSIN" = FileASSASSIN
"Final Draft v6.0.2.5 Update" = Final Draft v6.0.2.5 Update
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"FTP Commander" = FTP Commander
"Google Desktop" = Google Desktop
"HP Photo & Imaging" = HP Image Zone 4.7
"IDA-STEP" = IDA-STEP
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6304CCF6-3343-4DA5-96B6-84B3A644B93B}" = USB Driver for Panasonic DVC
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}" = DesignPro 5.0 Media Edition
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire PRO 4.10.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moviefone Toolbar" = Moviefone Toolbar for Internet Explorer
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Navigator (9.0.0.5)" = Netscape Navigator (9.0.0.5)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Numus Disk Builder and Burner" = Numus Disk Builder and Burner 2.2.7
"PitStop 4.0" = Enfocus PitStop 4.0
"Port Magic" = Pure Networks Port Magic
"RealPlayer 6.0" = RealPlayer Basic
"Recover My Files_is1" = Recover My Files
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Recuva" = Recuva
"RegSupreme Pro_is1" = RegSupreme Pro
"Replay Media Catcher 3.11" = Replay Media Catcher
"ScreenVirtuoso Pro 2.10_is1" = ScreenVirtuoso Pro 2.10
"ScreenVirtuoso PRO 3.40_is1" = ScreenVirtuoso PRO 3.40
"ScreenVirtuoso PRO_is1" = ScreenVirtuoso PRO 3.90
"SearchAssist" = SearchAssist
"SitStayFetchPro_is1" = SitStayFetchPro 1.2
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Uninstall
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"ZipItFree 1.95" = ZipItFree 1.95
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/2/2010 6:01:08 AM | Computer Name = RAJANCREW | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 11/2/2010 6:01:10 AM | Computer Name = RAJANCREW | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2A3320D6-C805-4280-B423-B665BDE33D8F}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB979906-X86\NDP1.1sp1-KB979906-X86-msi.0.log.
Error - 11/2/2010 6:01:12 AM | Computer Name = RAJANCREW | Source = NativeWrapper | ID = 5000
Description =
Error - 11/3/2010 10:48:34 AM | Computer Name = RAJANCREW | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 11/3/2010 10:49:03 AM | Computer Name = RAJANCREW | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{2A3320D6-C805-4280-B423-B665BDE33D8F}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB979906-X86\NDP1.1sp1-KB979906-X86-msi.0.log.
Error - 11/3/2010 10:49:14 AM | Computer Name = RAJANCREW | Source = NativeWrapper | ID = 5000
Description =
Error - 11/3/2010 12:45:01 PM | Computer Name = RAJANCREW | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3844 (0xf04) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Common
Files\McAfee\SystemCore\mfebopa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 11/3/2010 12:47:48 PM | Computer Name = RAJANCREW | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3448 (0xd78) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\WinZip\WZVINFO.DLL
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 11/3/2010 12:52:58 PM | Computer Name = RAJANCREW | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3012 (0xbc4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\QuickTime\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr
by C:\Program Files\Safari\Safari.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 11/3/2010 1:15:25 PM | Computer Name = RAJANCREW | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3828 (0xef4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\TEST\Desktop\What
the Tech tools\OTL.exe by C:\WINDOWS\system32\rundll32.exe 4(0)(0) 4(0)(0) 7200(0)(0)
7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
[ System Events ]
Error - 11/2/2010 12:12:18 PM | Computer Name = RAJANCREW | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 11/2/2010 1:51:43 PM | Computer Name = RAJANCREW | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 11/2/2010 1:51:52 PM | Computer Name = RAJANCREW | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 11/2/2010 2:32:00 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10010
Description = The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register
with DCOM within the required timeout.
Error - 11/3/2010 10:51:43 AM | Computer Name = RAJANCREW | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows
2000 and Windows XP (KB979906).
Error - 11/3/2010 12:43:34 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10010
Description = The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register
with DCOM within the required timeout.
Error - 11/3/2010 12:43:54 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10010
Description = The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register
with DCOM within the required timeout.
Error - 11/3/2010 1:12:18 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 11/3/2010 1:37:12 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 11/3/2010 2:31:56 PM | Computer Name = RAJANCREW | Source = DCOM | ID = 10010
Description = The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register
with DCOM within the required timeout.
< End of report >
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RKUnhookerLE scan log:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF0E3000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2063744 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2063744 bytes
0x804D7000 RAW 2063744 bytes
0x804D7000 WMIxWDM 2063744 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB91D5000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1847296 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB0A10000 C:\WINDOWS\system32\drivers\sthda.sys 1126400 bytes (SigmaTel, Inc., NDRC)
0xBF34A000 C:\WINDOWS\System32\ativvaxx.dll 1093632 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB0BD9000 C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB0B23000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9DBE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB0770000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9159000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 425984 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB9E8B000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xB08D5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB8FD8000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 294912 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF09D000 C:\WINDOWS\System32\atikvmag.dll 286720 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xAD4BC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB0CD0000 C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 237568 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB8FA4000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xB0952000 C:\WINDOWS\System32\Drivers\UDFReadr.SYS 204800 bytes (Sonic Solutions, CD-UDF NT Filesystem Reader Driver)
0xB90BC000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9D91000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB07DF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB90EB000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB082D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB904B000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB0855000 C:\WINDOWS\System32\Drivers\Mpfp.sys 147456 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xB09EC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB0996000 C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS 143360 bytes (Windows ® 2000 DDK provider, DVDVR Filesystem Reader Driver)
0xB9113000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB9136000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB080B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB0879000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CF000 ACPI_HAL 131968 bytes
0x806CF000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EFA000 fltmgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9D76000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAE2B4000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0xB9F19000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xAE237000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB9E5E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9080000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAE24E000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0xB9E75000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xACA19000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0xB8F8E000 C:\WINDOWS\system32\DRIVERS\WscNetDr.sys 90112 bytes (McAfee, Inc., McAfee Wireless Home Network Security Driver)
0xADF2A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9097000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xB91C1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB092D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB08C2000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xB09D9000 C:\WINDOWS\system32\DRIVERS\MOBK.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xB9E4B000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EE8000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB906F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB90AB000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 69632 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB9398000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA2D8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA228000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAE1E7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA238000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xAD075000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xBA268000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB93F8000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xBA208000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xACDBD000 C:\WINDOWS\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA258000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA298000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA0F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA288000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA108000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA0A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAD6E5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB9428000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xBA390000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA3E8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA478000 C:\WINDOWS\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xBA488000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA380000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 28672 bytes (REDC, RICOH MMC Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA400000 C:\WINDOWS\System32\Drivers\Cinemsup.SYS 24576 bytes (Sonic Solutions, SW CineMaster Support)
0xBA3D0000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xBA368000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA370000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3D8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xBA470000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0xBA3E0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3F0000 C:\WINDOWS\system32\drivers\tcpipBM.sys 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0xBA398000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA440000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8D66000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xAE033000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9D3A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA550000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xADC79000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA55C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAE163000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB0718000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9D32000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB903B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9D46000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA60C000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xBA612000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 BMLoad.sys 8192 bytes (Bytemobile, Inc., Bytemobile Kernel Driver Loader)
0xBA5FA000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xBA640000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0xBA610000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA60E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA614000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA616000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA600000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBA606000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA730000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA68A000 C:\WINDOWS\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xBA674000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA679000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [atwpkt2.sys]
WARNING: Virus alike driver modification [atwpkt264.sys]
0xACFD7730 Unknown thread object [ ETHREAD 0x895A14A8 ] , 600 bytes
0xACA43730 Unknown thread object [ ETHREAD 0x88C247E8 ] , 600 bytes
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MBR Checker scan log:
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 153):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CF000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA338000 cercsr6.sys
0xB9F19000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EFA000 fltmgr.sys
0xB9EE8000 sr.sys
0xB9E8B000 mfehidk.sys
0xB9E75000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9E5E000 KSecDD.sys
0xB9E4B000 WudfPf.sys
0xB9DBE000 Ntfs.sys
0xB9D91000 NDIS.sys
0xB9D76000 Mup.sys
0xBA5AC000 BMLoad.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xB9D46000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB91D5000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB91C1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9159000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9136000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA4B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA208000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5FA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA218000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA228000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9113000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA368000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB90EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA238000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA370000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB90BC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA378000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB90AB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA380000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB9D3A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA5FE000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA730000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9097000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xBA600000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA390000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D32000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9080000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA398000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB906F000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB904B000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB8FD8000 \SystemRoot\system32\drivers\mfefirek.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA606000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8FA4000 \SystemRoot\system32\DRIVERS\update.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8F8E000 \SystemRoot\system32\DRIVERS\WscNetDr.sys
0xBA298000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB0CD0000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xB0BD9000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xB0B23000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xB0A10000 \SystemRoot\system32\drivers\sthda.sys
0xB09EC000 \SystemRoot\system32\drivers\portcls.sys
0xBA2D8000 \SystemRoot\system32\drivers\drmk.sys
0xBA60E000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB09D9000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xBA610000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA679000 \SystemRoot\System32\Drivers\Null.SYS
0xBA612000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3D0000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA3D8000 \SystemRoot\System32\drivers\vga.sys
0xBA614000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA616000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB0996000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
0xBA3E0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB0952000 \SystemRoot\System32\Drivers\UDFReadr.SYS
0xB903B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB092D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB08D5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA3F0000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
0xB08C2000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB0879000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB0855000 \SystemRoot\System32\Drivers\Mpfp.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB082D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB080B000 \SystemRoot\System32\drivers\afd.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB07DF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB0770000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA108000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9428000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA400000 \SystemRoot\System32\Drivers\Cinemsup.SYS
0xB8D66000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xB9398000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB0718000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA440000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA674000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09D000 \SystemRoot\System32\atikvmag.dll
0xBF0E3000 \SystemRoot\System32\ati3duag.dll
0xBF34A000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA550000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB93F8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA68A000 \SystemRoot\System32\DLA\DLADResM.SYS
0xAE2B4000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xBA470000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA640000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA478000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xBA488000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAE24E000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAE237000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xAE163000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADF2A000 \SystemRoot\system32\drivers\wdmaud.sys
0xAE1E7000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA60C000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xADC79000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAD4BC000 \SystemRoot\System32\Drivers\HTTP.sys
0xAD075000 \SystemRoot\system32\drivers\cfwids.sys
0xAE033000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xACA19000 \SystemRoot\system32\drivers\mfeapfk.sys
0xACDBD000 \SystemRoot\system32\drivers\mfebopk.sys
0xAD6E5000 \SystemRoot\System32\Drivers\Normandy.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 52):
0 System Idle Process
4 System
1184 C:\WINDOWS\system32\smss.exe
1236 csrss.exe
1272 C:\WINDOWS\system32\winlogon.exe
1320 C:\WINDOWS\system32\services.exe
1332 C:\WINDOWS\system32\lsass.exe
1536 C:\WINDOWS\system32\ati2evxx.exe
1564 C:\WINDOWS\system32\svchost.exe
1676 svchost.exe
1720 C:\WINDOWS\system32\svchost.exe
1768 C:\WINDOWS\system32\svchost.exe
1796 C:\WINDOWS\system32\ati2evxx.exe
2012 svchost.exe
832 C:\WINDOWS\system32\spoolsv.exe
1040 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1060 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1640 C:\Program Files\Bonjour\mDNSResponder.exe
256 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
404 C:\WINDOWS\explorer.exe
956 C:\Program Files\Java\jre6\bin\jqs.exe
984 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1068 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1108 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1176 C:\WINDOWS\system32\mfevtps.exe
1392 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
328 C:\WINDOWS\system32\svchost.exe
376 C:\WINDOWS\system32\svchost.exe
2316 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2352 C:\WINDOWS\system32\svchost.exe
2368 C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
2648 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
4012 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
4024 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
4036 C:\WINDOWS\system32\WLTRAY.EXE
4044 C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe
4068 C:\Program Files\McAfee.com\Agent\mcagent.exe
272 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1904 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
572 C:\WINDOWS\stsystra.exe
664 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2112 C:\WINDOWS\system32\ctfmon.exe
3332 C:\WINDOWS\system32\wuauclt.exe
592 C:\Program Files\Common Files\AOL\1198781840\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
3196 C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe
2672 C:\Program Files\Safari\Safari.exe
2440 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
2504 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
3972 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
3732 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
3580 C:\Documents and Settings\TEST\Desktop\What the Tech tools\RKUnhookerLE.EXE
3780 C:\Documents and Settings\TEST\Desktop\What the Tech tools\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)
PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDE
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Please let me know if you need anything else. Thanks as always, talk w/you soon.
#38
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 03 November 2010 - 10:21 PM
Hello, thank you for your reply and update.
While I'm analyzing your log, try refraining yourself from plugging USB to the computer to prevent further infection as I believe most of your problems come from there.
Will be back posting as soon as I could.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#39
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 04 November 2010 - 07:14 AM
Hi,
Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.
===================================================
While your USB storage devices are plugged in, I need you to run OTL
Run OTL.exe
On your next reply please post :
OTL fix log
Fresh OTL log
Good Day!
Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so while holding down shift button to prevent it from running(very important) and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
===================================================
While your USB storage devices are plugged in, I need you to run OTL
Run OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Reg [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44145047-6e2c-11dd-8e24-001e4c5eba48}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44145047-6e2c-11dd-8e24-001e4c5eba48}] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81818c15-0e7b-11dd-8dee-001d09b6e55c}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{81818c15-0e7b-11dd-8dee-001d09b6e55c}] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}] [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}] :Files E:\v1cbvsmq.exe /s f:\v1cbvsmq.exe /s C:\v1cbvsmq.exe /s E:\ph.exe /s F:\ph.exe /s C:\ph.exe /s E:\hjvjte.exe /s F:\hjvjte.exe /s C:\hjvjte.exe /s E:\uqgvf.exe /s F:\uqgvf.exe /s C:\uqgvf.exe /s :Commands [emptyflash] [emptytemp] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
On your next reply please post :
OTL fix log
Fresh OTL log
Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#40
lthsinc
-
- Authentic Member
-
- 103 posts
Authentic Member
Posted 04 November 2010 - 08:35 AM
Got your replies, am working on the steps right now. Not sure if it matters, but I rarely use any USB device, only when I do a backup, which I probably only do a couple of times a year, and if one of my kids needs a file from my computer, but even then I usually just email whatever they need. The only new USB device I've used is the one belonging to my friend, the one who's computer with Vista I've reformatted 3 times already, there may be something on that since that was used to back up his documents. Anyway, will post the logs shortly. Thanks so much, talk w/you soon.
Register to Remove
#41
lthsinc
-
- Authentic Member
-
- 103 posts
Authentic Member
Posted 04 November 2010 - 08:48 AM
Ok, so I've run the Flash Disinfector, first with no USB devices plugged in, thinking that it would ask me to plug them in as it did it's thing, but all I got was a little screen telling me that if there are any USB devices plugged in, the screen would go blank for a moment, and that's normal. Well, the screen did go blank for a moment anyway, then nothing happened. Your post said to wait until the program finished scanning, and then exit. However, there was no indication that anything was happening, no program running, or anything else, so I could not exit. Thinking that maybe the USB devices needed to be plugged in before deploying the tool, I plugged in everything I could find, including me cell phone, (that I do backup often, hadn't thought of that...), but again it did the same thing, and nothing to indicate that any program was scanning, or even running, so can't exit, or do anything. Please le'me know if I should do anything else with that. Now I'll move on to your other instructions. Thanks.
#42
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 04 November 2010 - 08:51 AM
You are on the right track, I think the author has changed the procedure of it. You may carry on with the OTL fix with your USB storage attached.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#43
lthsinc
-
- Authentic Member
-
- 103 posts
Authentic Member
Posted 04 November 2010 - 01:28 PM
Here are the new logs. Just a note, I had trouble re-booting, had to do it several times before it would work, including going through safe mode. I also got a couple of error messages, telling me to use the chkdsk utility, which I tried, but it wouldn't work, not that, nor the sfc /scannow command. Anyway, here are the logs:
OTL fix log:
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44145047-6e2c-11dd-8e24-001e4c5eba48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44145047-6e2c-11dd-8e24-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44145047-6e2c-11dd-8e24-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44145047-6e2c-11dd-8e24-001e4c5eba48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\ not found.
========== FILES ==========
File\Folder E:\v1cbvsmq.exe not found.
File\Folder f:\v1cbvsmq.exe not found.
File\Folder C:\v1cbvsmq.exe not found.
File\Folder E:\ph.exe not found.
File\Folder F:\ph.exe not found.
File\Folder C:\ph.exe not found.
File\Folder E:\hjvjte.exe not found.
File\Folder F:\hjvjte.exe not found.
File\Folder C:\hjvjte.exe not found.
File\Folder E:\uqgvf.exe not found.
File\Folder F:\uqgvf.exe not found.
File\Folder C:\uqgvf.exe not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
User: All Users
->Flash cache emptied: 35 bytes
User: Default User
User: LocalService
User: Me
User: NetworkService
User: TEST
->Flash cache emptied: 17811 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 3993 bytes
->Temporary Internet Files folder emptied: 1128387 bytes
->Java cache emptied: 105333 bytes
User: All Users
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 5732752 bytes
User: Me
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 455383 bytes
User: TEST
->Temp folder emptied: 820630462 bytes
->Temporary Internet Files folder emptied: 40489515 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 106729434 bytes
->Google Chrome cache emptied: 9719725 bytes
->Apple Safari cache emptied: 187440128 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 8702448 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5976666 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,132.00 mb
OTL by OldTimer - Version 3.2.17.2 log created on 11042010_075125
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\TEST\Local Settings\Temp\~DFF8E6.tmp not found!
C:\Documents and Settings\TEST\Local Settings\Temp\~WRD0002.doc moved successfully.
C:\Documents and Settings\TEST\Local Settings\Temporary Internet Files\Content.Word\~WRF0003.tmp moved successfully.
C:\Documents and Settings\TEST\Local Settings\Temporary Internet Files\Content.Word\~WRS0001.tmp moved successfully.
Registry entries deleted on Reboot...
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
New OTL log:
OTL logfile created on: 11/4/2010 9:22:28 AM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\TEST\Desktop\What the Tech tools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2875 4375 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 22.55 Gb Free Space | 15.45% Space Free | Partition Type: NTFS
Computer Name: RAJANCREW | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\system32\rpcnetp.exe ()
PRC - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe ()
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (America Online, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File not found
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (rpcnetp) -- C:\WINDOWS\System32\rpcnetp.dll ()
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Roxio Upnp Server 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (MWLSvc) -- C:\Program Files\McAfee\MWL\MwlSvc.exe (McAfee, Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swumx80.sys (Sierra Wireless Inc.)
DRV - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (WscNetDr) -- C:\WINDOWS\system32\drivers\WscNetDr.sys (McAfee, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.raiders.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 46 69 1D 58 56 7A 49 82 8B E7 F3 E0 9F 37 F7 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.raiders.com/"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {84b0c4a5-dd4c-483f-a01c-d25d13733609}:1.0
FF - prefs.js..extensions.enabledItems: {672f6eb2-9731-4047-b5e4-02443f330fdf}:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/06 23:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 10:57:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 10:57:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/10/06 20:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/08/23 12:45:59 | 000,000,000 | ---D | M]
[2008/10/15 09:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Extensions
[2010/10/29 00:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions
[2010/04/28 12:08:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/08 22:34:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{672f6eb2-9731-4047-b5e4-02443f330fdf}
[2009/11/04 05:44:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{84b0c4a5-dd4c-483f-a01c-d25d13733609}
[2010/06/08 14:14:50 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/09/14 10:18:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/29 00:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\toolbar@ask.com
[2010/05/12 10:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\videodowloader@videodownloader.net
[2010/10/28 22:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/28 08:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/12/09 04:24:40 | 000,261,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\tdwmsylcirtcbz.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/07 16:25:51 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/10/06 07:47:47 | 000,393,092 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.103 HP00187162F0E7
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101005205813.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Moviefone Toolbar Loader) - {cc40a9f8-4270-425e-972f-4140f0b6f71b} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Moviefone Toolbar) - {669c4c34-7457-4490-a642-a2ed3bf3bbbe} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Moviefone Toolbar) - {669C4C34-7457-4490-A642-A2ED3BF3BBBE} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [StartupBlaster] C:\Program Files\XenCare Software\Startup Blaster\StartupBlaster.exe (XenCare Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: &Moviefone Toolbar Search - C:\Documents and Settings\All Users\Application Data\Moviefone Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Reg Error: Value error.)
O16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} http://www.callertun...eeting/CBRT.cab (HttpVoicePlay Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229971661671 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...127/qboax10.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://10.0.0.156/Ne...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rimsupport.w...ort/ieatgpc.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\2cf474b1658: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23ff1cf0-f1f4-11dd-8e77-001e4c5eba48}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{4cd05f39-dcba-11df-904b-001e4c5eba48}\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O33 - MountPoints2\{620b704a-63f9-11dd-8e17-001d09b6e55c}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/04 07:51:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/03 10:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\What the Tech tools
[2010/11/02 09:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\NumusDiskBuilder
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\Xenocode
[2010/11/02 09:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Numus Disk Builder and Burner
[2010/11/01 23:04:27 | 001,620,715 | ---- | C] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
[2010/11/01 21:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\uTorrent
[2010/11/01 19:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\AskToolbar
[2010/11/01 19:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\NeoSmart_Technologies
[2010/11/01 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2010/11/01 12:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/10/28 08:11:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/28 08:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/28 08:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/23 22:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\FrostWire
[2010/10/23 22:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\FrostWire
[2010/10/23 22:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/10/23 06:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\Roxio
[2010/10/11 13:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Sysprep
[2010/10/08 15:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\ESPN invoices_all
[2010/10/07 14:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\My Received Files
[2010/10/06 14:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\Red Bull
[2010/10/05 21:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/10/05 21:04:51 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/10/05 21:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/10/05 20:58:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/10/05 20:57:44 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/05 20:57:44 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/05 20:57:44 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/05 20:57:44 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/05 20:57:43 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/05 19:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ApplicationHistory
[2010/10/05 19:51:19 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2009/03/18 00:33:25 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2008/04/30 14:04:31 | 000,008,192 | ---- | C] ( ) -- C:\WINDOWS\System32\cshost.dll
========== Files - Modified Within 30 Days ==========
[2010/11/04 09:47:08 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008UA.job
[2010/11/04 09:19:46 | 000,127,628 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/04 09:18:45 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/04 09:13:37 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/11/04 09:13:11 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/04 09:11:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/04 09:11:01 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 09:10:55 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/11/04 09:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/04 08:46:25 | 002,176,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/03 14:41:52 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Microsoft Office Outlook.lnk
[2010/11/03 10:45:13 | 000,252,549 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/03 09:57:51 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/11/02 09:36:07 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Numus Disk Builder and Burner.lnk
[2010/11/02 09:32:10 | 037,205,653 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/02 06:47:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008Core.job
[2010/11/01 23:04:35 | 001,620,715 | ---- | M] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
[2010/11/01 21:43:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/11/01 20:47:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/11/01 19:52:05 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/01 11:27:05 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/11/01 01:01:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/10/31 07:32:47 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/10/28 10:44:28 | 014,304,668 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\boys.tif
[2010/10/27 22:52:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 12:48:22 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Google Chrome.lnk
[2010/10/20 12:48:22 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/20 08:53:34 | 000,023,932 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2010/10/19 19:03:17 | 000,198,732 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV_Gavin2.pdf
[2010/10/19 15:54:51 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/10/19 10:25:26 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 13:36:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 08:31:11 | 000,002,831 | ---- | M] () -- C:\Documents and Settings\TEST\My Documents\image001.gif
[2010/10/15 01:08:32 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/10/12 12:55:54 | 000,087,688 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/10/12 12:55:18 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2010/10/12 12:55:10 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/10/12 11:08:52 | 002,233,016 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[2010/10/10 10:44:51 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/10/10 10:44:43 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/10/06 23:43:39 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/10/05 21:31:31 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Wireless Network Security.lnk
========== Files Created - No Company Name ==========
[2010/11/04 08:50:24 | 2011,213,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 08:36:06 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/11/04 08:34:17 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/11/03 10:45:13 | 000,252,549 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/02 09:36:07 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Numus Disk Builder and Burner.lnk
[2010/11/02 09:30:06 | 037,205,653 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/01 18:34:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/01 11:27:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/10/28 10:46:06 | 014,304,668 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\boys.tif
[2010/10/23 22:52:16 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/22 22:15:28 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/19 19:03:17 | 000,198,732 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV_Gavin2.pdf
[2010/10/15 08:31:09 | 000,002,831 | ---- | C] () -- C:\Documents and Settings\TEST\My Documents\image001.gif
[2010/08/26 14:24:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/30 16:30:29 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/05/12 11:24:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/05/04 11:32:09 | 000,002,828 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\HPCOM_48BitScanUpdate.log
[2010/05/04 11:32:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/15 09:30:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\imageCache8_UNI.db
[2009/11/23 12:10:06 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_audio.Cache
[2009/11/23 12:09:25 | 000,225,456 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image.Cache
[2009/11/05 20:34:47 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/09/10 21:48:59 | 000,000,127 | R--- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/11 08:26:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image32.Cache
[2009/08/01 23:31:27 | 000,058,355 | ---- | C] () -- C:\WINDOWS\System32\u_tdwmsylcirtcbz.dll.exe
[2009/06/23 21:01:17 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/06/19 17:51:31 | 000,023,932 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2009/02/20 23:09:33 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/12/31 13:21:49 | 000,032,469 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Tab Separated Values (Windows).ADR
[2008/11/23 23:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/11/23 23:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/11/23 23:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/23 23:41:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/23 23:41:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/20 11:58:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2008/10/01 00:48:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\bdeecc8_d.dll
[2008/08/07 14:35:08 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.7486160831680234
[2008/05/26 23:30:28 | 000,828,148 | ---- | C] () -- C:\WINDOWS\System32\VvCfPXbc.ini2
[2008/05/19 17:53:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/06 20:21:48 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/27 21:27:34 | 000,001,920 | ---- | C] () -- C:\Program Files\MileageWiz.lnk
[2007/12/27 20:39:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\fusioncache.dat
[2007/12/27 15:37:49 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/12/27 13:05:14 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/12/27 13:05:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/12/27 12:41:49 | 000,040,622 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/27 01:25:18 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/12/27 01:25:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/12/26 23:47:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(9)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(3).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(7).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(6).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(5).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(4).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(3).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(11)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(10)(2).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(9).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(8).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(10).sys
[2007/12/26 22:59:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/12/26 21:10:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/14 05:15:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/14 05:03:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/14 05:03:54 | 000,000,259 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/14 04:30:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/12/14 04:30:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/12/14 04:30:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/07 17:45:14 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\CBRT.dll
[2005/03/01 05:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Thank you, talk w/you soon.
OTL fix log:
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44145047-6e2c-11dd-8e24-001e4c5eba48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44145047-6e2c-11dd-8e24-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44145047-6e2c-11dd-8e24-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44145047-6e2c-11dd-8e24-001e4c5eba48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81818c15-0e7b-11dd-8dee-001d09b6e55c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2d3b54-e85d-11de-8f91-001e4c5eba48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9dc558a-7f77-11de-8ef9-001e4c5eba48}\ not found.
========== FILES ==========
File\Folder E:\v1cbvsmq.exe not found.
File\Folder f:\v1cbvsmq.exe not found.
File\Folder C:\v1cbvsmq.exe not found.
File\Folder E:\ph.exe not found.
File\Folder F:\ph.exe not found.
File\Folder C:\ph.exe not found.
File\Folder E:\hjvjte.exe not found.
File\Folder F:\hjvjte.exe not found.
File\Folder C:\hjvjte.exe not found.
File\Folder E:\uqgvf.exe not found.
File\Folder F:\uqgvf.exe not found.
File\Folder C:\uqgvf.exe not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
User: All Users
->Flash cache emptied: 35 bytes
User: Default User
User: LocalService
User: Me
User: NetworkService
User: TEST
->Flash cache emptied: 17811 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 3993 bytes
->Temporary Internet Files folder emptied: 1128387 bytes
->Java cache emptied: 105333 bytes
User: All Users
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 5732752 bytes
User: Me
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 455383 bytes
User: TEST
->Temp folder emptied: 820630462 bytes
->Temporary Internet Files folder emptied: 40489515 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 106729434 bytes
->Google Chrome cache emptied: 9719725 bytes
->Apple Safari cache emptied: 187440128 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 8702448 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5976666 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,132.00 mb
OTL by OldTimer - Version 3.2.17.2 log created on 11042010_075125
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\TEST\Local Settings\Temp\~DFF8E6.tmp not found!
C:\Documents and Settings\TEST\Local Settings\Temp\~WRD0002.doc moved successfully.
C:\Documents and Settings\TEST\Local Settings\Temporary Internet Files\Content.Word\~WRF0003.tmp moved successfully.
C:\Documents and Settings\TEST\Local Settings\Temporary Internet Files\Content.Word\~WRS0001.tmp moved successfully.
Registry entries deleted on Reboot...
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
New OTL log:
OTL logfile created on: 11/4/2010 9:22:28 AM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\TEST\Desktop\What the Tech tools
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2875 4375 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 22.55 Gb Free Space | 15.45% Space Free | Partition Type: NTFS
Computer Name: RAJANCREW | User Name: TEST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\system32\rpcnetp.exe ()
PRC - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe ()
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (America Online, Inc.)
PRC - c:\Program Files\Common Files\AOL\1198781840\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\TEST\Desktop\What the Tech tools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll File not found
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (rpcnetp) -- C:\WINDOWS\System32\rpcnetp.dll ()
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Roxio Upnp Server 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LicCtrlService) -- C:\WINDOWS\Runservice.exe ()
SRV - (MWLSvc) -- C:\Program Files\McAfee\MWL\MwlSvc.exe (McAfee, Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swumx80.sys (Sierra Wireless Inc.)
DRV - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (WscNetDr) -- C:\WINDOWS\system32\drivers\WscNetDr.sys (McAfee, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (UDFReadr) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Cinemsup) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.raiders.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E1 46 69 1D 58 56 7A 49 82 8B E7 F3 E0 9F 37 F7 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.raiders.com/"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {84b0c4a5-dd4c-483f-a01c-d25d13733609}:1.0
FF - prefs.js..extensions.enabledItems: {672f6eb2-9731-4047-b5e4-02443f330fdf}:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/06 23:33:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 10:57:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 10:57:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2009/10/06 20:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/08/23 12:45:59 | 000,000,000 | ---D | M]
[2008/10/15 09:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Extensions
[2010/10/29 00:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions
[2010/04/28 12:08:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/08 22:34:35 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{672f6eb2-9731-4047-b5e4-02443f330fdf}
[2009/11/04 05:44:25 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{84b0c4a5-dd4c-483f-a01c-d25d13733609}
[2010/06/08 14:14:50 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/09/14 10:18:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/29 00:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\toolbar@ask.com
[2010/05/12 10:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\videodowloader@videodownloader.net
[2010/10/28 22:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/28 08:11:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2009/12/09 04:24:40 | 000,261,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\tdwmsylcirtcbz.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/07 16:25:51 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
O1 HOSTS File: ([2010/10/06 07:47:47 | 000,393,092 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.103 HP00187162F0E7
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13577 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101005205813.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Moviefone Toolbar Loader) - {cc40a9f8-4270-425e-972f-4140f0b6f71b} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Moviefone Toolbar) - {669c4c34-7457-4490-a642-a2ed3bf3bbbe} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Moviefone Toolbar) - {669C4C34-7457-4490-A642-A2ED3BF3BBBE} - C:\Program Files\Moviefone Toolbar\moviefonetb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [StartupBlaster] C:\Program Files\XenCare Software\Startup Blaster\StartupBlaster.exe (XenCare Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: &Moviefone Toolbar Search - C:\Documents and Settings\All Users\Application Data\Moviefone Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Reg Error: Value error.)
O16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} http://www.callertun...eeting/CBRT.cab (HttpVoicePlay Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229971661671 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Reg Error: Value error.)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...127/qboax10.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://10.0.0.156/Ne...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rimsupport.w...ort/ieatgpc.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\2cf474b1658: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TEST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23ff1cf0-f1f4-11dd-8e77-001e4c5eba48}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{4cd05f39-dcba-11df-904b-001e4c5eba48}\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O33 - MountPoints2\{620b704a-63f9-11dd-8e17-001d09b6e55c}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d23a0c14-b432-11dc-8db2-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LenovoSDrive.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/11/04 07:51:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/03 10:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\What the Tech tools
[2010/11/02 09:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\NumusDiskBuilder
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/11/02 09:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\Xenocode
[2010/11/02 09:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Numus Disk Builder and Burner
[2010/11/01 23:04:27 | 001,620,715 | ---- | C] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
[2010/11/01 21:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\uTorrent
[2010/11/01 19:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\AskToolbar
[2010/11/01 19:05:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Local Settings\Application Data\NeoSmart_Technologies
[2010/11/01 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2010/11/01 12:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/10/28 08:11:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/28 08:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/28 08:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/23 22:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\FrostWire
[2010/10/23 22:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Application Data\FrostWire
[2010/10/23 22:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/10/23 06:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\Roxio
[2010/10/11 13:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Sysprep
[2010/10/08 15:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\ESPN invoices_all
[2010/10/07 14:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\My Documents\My Received Files
[2010/10/06 14:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEST\Desktop\Red Bull
[2010/10/05 21:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/10/05 21:04:51 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/10/05 21:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/10/05 20:58:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/10/05 20:57:44 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/05 20:57:44 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/05 20:57:44 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/05 20:57:44 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/05 20:57:43 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/05 19:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ApplicationHistory
[2010/10/05 19:51:19 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2009/03/18 00:33:25 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2008/04/30 14:04:31 | 000,008,192 | ---- | C] ( ) -- C:\WINDOWS\System32\cshost.dll
========== Files - Modified Within 30 Days ==========
[2010/11/04 09:47:08 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008UA.job
[2010/11/04 09:19:46 | 000,127,628 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/04 09:18:45 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/11/04 09:13:37 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/11/04 09:13:11 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/04 09:11:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/04 09:11:01 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 09:10:55 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/11/04 09:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/04 08:46:25 | 002,176,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/03 14:41:52 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Microsoft Office Outlook.lnk
[2010/11/03 10:45:13 | 000,252,549 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/03 09:57:51 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
[2010/11/02 09:36:07 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Numus Disk Builder and Burner.lnk
[2010/11/02 09:32:10 | 037,205,653 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/02 06:47:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-815882477-205391935-2982778119-1008Core.job
[2010/11/01 23:04:35 | 001,620,715 | ---- | M] (Dino Nuhagic (nuhi) ) -- C:\Documents and Settings\TEST\Desktop\vLite-1.2.installer.exe
[2010/11/01 21:43:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/11/01 20:47:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/11/01 19:52:05 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/01 11:27:05 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/11/01 01:01:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/10/31 07:32:47 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/10/28 10:44:28 | 014,304,668 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\boys.tif
[2010/10/27 22:52:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 12:48:22 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\Google Chrome.lnk
[2010/10/20 12:48:22 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/20 08:53:34 | 000,023,932 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2010/10/19 19:03:17 | 000,198,732 | ---- | M] () -- C:\Documents and Settings\TEST\Desktop\DMV_Gavin2.pdf
[2010/10/19 15:54:51 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/10/19 10:25:26 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 13:36:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 08:31:11 | 000,002,831 | ---- | M] () -- C:\Documents and Settings\TEST\My Documents\image001.gif
[2010/10/15 01:08:32 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/10/12 12:55:54 | 000,087,688 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/10/12 12:55:18 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\smrgdf.exe
[2010/10/12 12:55:10 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/10/12 11:08:52 | 002,233,016 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\Incinerator.dll
[2010/10/10 10:44:51 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/10/10 10:44:43 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/10/06 23:43:39 | 000,000,229 | -HS- | M] () -- C:\boot.ini
[2010/10/05 21:31:31 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\TEST\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee Wireless Network Security.lnk
========== Files Created - No Company Name ==========
[2010/11/04 08:50:24 | 2011,213,824 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 08:36:06 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/11/04 08:34:17 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/11/03 10:45:13 | 000,252,549 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV appt_Gavin2.pdf
[2010/11/02 09:36:07 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Numus Disk Builder and Burner.lnk
[2010/11/02 09:30:06 | 037,205,653 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DiskBuilderBurner.exe
[2010/11/01 18:34:55 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010/11/01 11:27:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\Shortcut to CD Drive.lnk
[2010/10/28 10:46:06 | 014,304,668 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\boys.tif
[2010/10/23 22:52:16 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/22 22:15:28 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/10/19 19:03:17 | 000,198,732 | ---- | C] () -- C:\Documents and Settings\TEST\Desktop\DMV_Gavin2.pdf
[2010/10/15 08:31:09 | 000,002,831 | ---- | C] () -- C:\Documents and Settings\TEST\My Documents\image001.gif
[2010/08/26 14:24:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/30 16:30:29 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/05/12 11:24:20 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/05/04 11:32:09 | 000,002,828 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\HPCOM_48BitScanUpdate.log
[2010/05/04 11:32:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/15 09:30:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\imageCache8_UNI.db
[2009/11/23 12:10:06 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_audio.Cache
[2009/11/23 12:09:25 | 000,225,456 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image.Cache
[2009/11/05 20:34:47 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/09/10 21:48:59 | 000,000,127 | R--- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/11 08:26:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\rx_image32.Cache
[2009/08/01 23:31:27 | 000,058,355 | ---- | C] () -- C:\WINDOWS\System32\u_tdwmsylcirtcbz.dll.exe
[2009/06/23 21:01:17 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/06/19 17:51:31 | 000,023,932 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Comma Separated Values (Windows).ADR
[2009/02/20 23:09:33 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/12/31 13:21:49 | 000,032,469 | ---- | C] () -- C:\Documents and Settings\TEST\Application Data\Tab Separated Values (Windows).ADR
[2008/11/23 23:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/11/23 23:46:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/11/23 23:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/23 23:41:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/23 23:41:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/20 11:58:19 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2008/10/01 00:48:49 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\bdeecc8_d.dll
[2008/08/07 14:35:08 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.7486160831680234
[2008/05/26 23:30:28 | 000,828,148 | ---- | C] () -- C:\WINDOWS\System32\VvCfPXbc.ini2
[2008/05/19 17:53:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/06 20:21:48 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/27 21:27:34 | 000,001,920 | ---- | C] () -- C:\Program Files\MileageWiz.lnk
[2007/12/27 20:39:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\TEST\Local Settings\Application Data\fusioncache.dat
[2007/12/27 15:37:49 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/12/27 13:05:14 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/12/27 13:05:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/12/27 12:41:49 | 000,040,622 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/27 01:25:18 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/12/27 01:25:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/12/26 23:47:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(9)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(3).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(8)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(7).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(6).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(5).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(4).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(3).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(11)(2).sys
[2007/12/26 23:22:24 | 000,002,777 | ---- | C] () -- C:\WINDOWS\System32\mmf(10)(2).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(9).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(8).sys
[2007/12/26 23:22:24 | 000,002,753 | ---- | C] () -- C:\WINDOWS\System32\mmf(10).sys
[2007/12/26 22:59:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2007/12/26 21:10:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/14 05:15:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/14 05:03:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/14 05:03:54 | 000,000,259 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/14 04:30:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/12/14 04:30:36 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/12/14 04:30:10 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/07 17:45:14 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\CBRT.dll
[2005/03/01 05:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 03:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Thank you, talk w/you soon.
#44
Conspire
-
- Retired Classroom Teacher
-
- 5,806 posts
SuperHelper
Posted 05 November 2010 - 06:58 AM
Hi,
We will investigate the chkdsk error after we fix this.
Go to My Computer-> Tools-> Folder Options-> View tab:
Please go to one of the below sites to scan the following files:
jotti.org
VirScan
Virus Total
click on Browse, and upload the following file for analysis:
C:\WINDOWS\System32\u_tdwmsylcirtcbz.dll.exe
Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
===================================================
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
===================================================
Run OTL.exe
On your next reply please post :
File scanner report
Gooredfix log
OTL fix log
Fresh OTL log
Good Day!
We will investigate the chkdsk error after we fix this.
Go to My Computer-> Tools-> Folder Options-> View tab:
- Under the Hidden files and folders heading:
- Select - Show hidden files and folders.
- Uncheck- Hide protected operating system files (recommended) option.
- Also, make sure there is no checkmark beside Hide file extensions for known file types.
- Click OK. (Remember to Hide files and folders once done)
Please go to one of the below sites to scan the following files:
jotti.org
VirScan
Virus Total
click on Browse, and upload the following file for analysis:
C:\WINDOWS\System32\u_tdwmsylcirtcbz.dll.exe
Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
===================================================
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
===================================================
Run OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL O20 - Winlogon\Notify\2cf474b1658: DllName - Reg Error: Value error. - Reg Error: Value error. File not found :Commands [emptyflash] [emptytemp]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
On your next reply please post :
File scanner report
Gooredfix log
OTL fix log
Fresh OTL log
Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may
#45
lthsinc
-
- Authentic Member
-
- 103 posts
Authentic Member
Posted 05 November 2010 - 11:51 AM
Here's the first log:
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Win32/Adware.GooochiBiz.AE.Gen
2010-11-05 Found nothing
2010-11-04 Found nothing
2010-11-05 Found nothing
2010-11-04 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
2010-11-05 Found nothing
Additional info:
File size: 58355 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 9a7105fdcce6d7b8ec1da3acae4421b3
SHA1: 2d19afbf0f6323563023ade8893005a38c1e6485
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Goored log:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 10:36 on 05/11/2010 (TEST)
Firefox version 3.6.11 (en-US)
========== GooredScan ==========
Deleting "C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{672f6eb2-9731-4047-b5e4-02443f330fdf}" -> Success!
Deleting "C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\{84b0c4a5-dd4c-483f-a01c-d25d13733609}" -> Success!
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:52 15/10/2008]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [16:30 10/11/2009]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [15:11 28/10/2010]
C:\Documents and Settings\TEST\Application Data\Mozilla\Firefox\Profiles\ygxugibl.default\extensions\
toolbar@ask.com [05:52 24/10/2010]
videodowloader@videodownloader.net [17:59 12/05/2010]
{20a82645-c095-46ed-80e3-08825760534b} [19:08 28/04/2010]
{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [21:14 08/06/2010]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [17:18 14/09/2010]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [02:48 02/04/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [17:48 16/02/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:30 10/11/2009]
-=E.O.F=-
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Will upload the new OTL log next
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
