Highjacked search results

Hewlett-packard Pavilion dv5-1235dx note...
April 19, 2010 at 09:57:55
Specs: Windows Vista, intel p7350/4.00GB
I've been having problem with my search engines on Yahoo. Whenever I click on a search result, it redirects me to
"www.results.yahoo.com", then refreshed to a non-relevant advertising webpage in which I did not intend to click on. I have tried Windows Live Onecare, AVG anti-virus, and ad-aware and none of which was able to identify the malware and remove it. It seems as if this problem only occurs when I use Yahoo search engine. Please help!!

See More: Highjacked search results

Report •


#1
April 19, 2010 at 19:28:59
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller

1. Extract the contents of TDSSKiller.zip to your Desktop.

2. Double click on TDSSKiller.exe to run it.

3. If it finds something and asks you what to do, follow the instructions to type in "delete".

4. When done, a log file should be created on your C: drive called TDSSKiller.txt(with time+date appended) please post this log in your next reply.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#2
April 19, 2010 at 21:24:23

DDS (Ver_10-03-17.01) - NTFSX64
Run by Garris at 21:14:59.86 on Mon 04/19/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion:
1.6.0_18
Microsoft® Windows Vista™ Home Premium
6.0.6002.2.1252.1.1033.18.4026.1520 [GMT -7:00]

AV: Windows Live OneCare *On-access scanning enabled*
(Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-
831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-
BA8C-4DDE-B5AC-EA53BC38D01B}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-
27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Windows OneCare
Live\Antivirus\MsMpEng.exe
C:\Windows\System32\svchost.exe -k
LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k
LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_
58be29c0\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k
LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_
58be29c0\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel Matrix Storage
Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Windows OneCare
Live\OcHealthMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k
NetworkServiceNetworkRestricted
C:\Program Files
(x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files
(x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files
(x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Microsoft Windows OneCare
Live\Firewall\msfwsvc.exe
C:\Program Files (x86)\Microsoft Windows OneCare
Live\winss.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage
Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP
QuickTouch\HPKBDAPP.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common
Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Garris\AppData\Local\Google\Update\GoogleUpdate
.exe
C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Lexmark 2600
Series\lxdnMsdMon.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch
Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software
Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Windows OneCare
Live\winssnotify.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Hewlett-
Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless
Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch
Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-
Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\BtStackServer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Microsoft Windows OneCare
Live\WinSSNotifyE.exe
C:\Windows\splwow64.exe
C:\Users\Garris\AppData\Local\Google\Chrome\Application\c
hrome.exe
C:\Users\Garris\AppData\Local\Google\Chrome\Application\c
hrome.exe
C:\Users\Garris\AppData\Local\Google\Chrome\Application\c
hrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Garris\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-
1f87-4686-aa43-5347d756017c} - c:\program files
(x86)\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-
3dc7-4285-bc50-9e81fefafe43} - c:\program files (x86)\aim
toolbar\aimtb.dll
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-
b87d-784b7d6be0b3} - c:\program files (x86)\common
files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-
4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-
8ecc-5164760863c6} - c:\program files (x86)\common
files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-
5347d756017c} - c:\program files
(x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-
61a11ac5dbf8} - c:\program files (x86)\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-
bc74-9c25c1c588a9} - c:\program files
(x86)\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-
0e72e116a856} - c:\program files (x86)\hp\digital
imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-
9f516dd69829} - c:\program files
(x86)\avg\avg9\toolbar\IEToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} -
c:\program files (x86)\aim toolbar\aimtb.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
/autoRun
uRun: [LightScribe Control Panel] c:\program files
(x86)\common files\lightscribe\LightScribeControlPanel.exe -
hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update]
"c:\users\garris\appdata\local\google\update\GoogleUpdate.ex
e" /c
uRun: [MsnMsgr] "c:\program files (x86)\windows
live\messenger\MsnMsgr.Exe" /background
uRun: [Aim] "c:\program files (x86)\aim\aim.exe" /d
locale=en-US
uRun: [ooVoo.exe] c:\program files (x86)\oovoo\ooVoo.exe
/minimized
uRun: [Pando Media Booster] c:\program files (x86)\pando
networks\media booster\PMB.exe
uRun: [Skype] "c:\program files
(x86)\skype\phone\Skype.exe" /nosplash /minimized
mRun: [QPService] "c:\program files
(x86)\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-
packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [hpqSRMon] c:\program files (x86)\hp\digital
imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp
software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files (x86)\hewlett-
packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files
(x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UCam_Menu] "c:\program files
(x86)\cyberlink\youcam\muitransfer\muistartmenu.exe"
"c:\program files (x86)\cyberlink\youcam"
updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [OneCareUI] "c:\program files (x86)\microsoft windows
onecare live\winssnotify.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files
(x86)\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files
(x86)\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder:
c:\progra~3\micros~1\windows\startm~1\programs\startup\ad
obeg~1.lnk - c:\program files (x86)\common
files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder:
c:\progra~3\micros~1\windows\startm~1\programs\startup\blu
eto~1.lnk - c:\program files\widcomm\bluetooth
software\BTTray.exe
StartupFolder:
c:\progra~3\micros~1\windows\startm~1\programs\startup\hp
digi~1.lnk - c:\program files (x86)\hp\digital
imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0
(0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel -
c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program
files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program
files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program
files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-
E1D6-4330-914C-F5F514E3486C} -
c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -
c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -
c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
{DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program
files (x86)\hp\digital imaging\smart web
printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-
i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-
i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-
FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-
1830C7DD7F5D} -
c:\progra~2\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} -
"c:\program files (x86)\common
files\lightscribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-
4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No
File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No
File
TB-X64: AIM Toolbar: {61539ECD-CC67-4437-A03C-
9AACCBD14326} -
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] c:\program
files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix
storage manager\iaanotif.exe"
mRun-x64: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
mRun-x64: [OnScreenDisplay] c:\program files\hewlett-
packard\hp quicktouch\HPKBDAPP.exe
mRun-x64: [Windows Mobile Device Center]
%windir%\WindowsMobile\wmdc.exe
mRun-x64: [lxdnmon.exe] "c:\program files (x86)\lexmark
2600 series\lxdnmon.exe"
mRun-x64: [lxdnamon] "c:\program files (x86)\lexmark 2600
series\lxdnamon.exe"
mRun-x64: [SysTrayApp] c:\program
files\idt\wdm\sttray64.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} -
c:\program files\widcomm\bluetooth software\btsendto_ie.htm
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath -
c:\users\garris\appdata\roaming\mozilla\firefox\profiles\xkcp15
ex.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://aim.search.aol.com/aol/search?
query={searchTerms}&invocationType=tb50-ff-aim-
chromesbox-en-us
FF - prefs.js: keyword.URL -
hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-
avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.http - 208.74.174.142
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files
(x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files
(x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeare
d_tavgp_xputils2.dll
FF - component: c:\program files
(x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeare
d_tavgp_xputils3.dll
FF - component: c:\program files
(x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeare
d_tavgp_xputils35.dll
FF - component: c:\program files
(x86)\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgt
bapi.dll
FF - component: c:\program files (x86)\mozilla
firefox\extensions\{ab2ce124-6272-4b12-94a9-
7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files (x86)\mozilla
firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files (x86)\mozilla
firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla
firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\mozilla
firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files (x86)\mozilla
firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media
player\npViewpoint.dll
FF - plugin: c:\program files (x86)\windows live\photo
gallery\NPWLPG.dll
FF - plugin: c:\program
files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program
files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program
files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin:
c:\users\garris\appdata\local\google\update\1.2.183.23\npGoo
gleOneClick8.dll
FF - plugin: c:\users\garris\appdata\roaming\move
networks\plugins\npqmp071503000010.dll
FF - plugin:
c:\users\garris\appdata\roaming\mozilla\plugins\npgoogletalk.
dll
FF - plugin: c:\users\garris\program files
(x86)\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant:
{20a82645-c095-46ed-80e3-08825760534b} -
c:\windows\microsoft.net\framework\v3.5\windows
presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference -
c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-
0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference -
c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-
0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate
- false);user_pref(network.protocol-handler.warn-
external.dnupdate, falsec:\program files (x86)\mozilla
firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js -
pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js
-
pref("security.ssl.allow_unrestricted_renego_everywhere__tem
porarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js
- pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js
- pref("security.ssl.treat_unsafe_negotiation_as_broken",
false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js
- pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js
- pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-
branding.js - pref("app.update.download.backgroundInterval",
600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-
branding.js - pref("app.update.url.manual",
"http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-
branding.js - pref("browser.search.param.yahoo-fr-ja",
"mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("extensions.{972ce4c6-7e08-4474-a285-
3208198ce6fd}.name",
"chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("extensions.{972ce4c6-7e08-4474-a285-
3208198ce6fd}.description",
"chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js -
pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS
===============

R0
AVGIDSErHrvta;AVG9IDSErHr;c:\windows\system32\drivers\
AVGIDSva.sys [2009-12-5 27144]
R0
AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx6
4.sys [2009-12-5 56008]
R0
PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.s
ys [2009-6-18 52856]
R1 Avgfwfd;AVG network filter
service;c:\windows\system32\drivers\avgfwd6a.sys [2009-12-5
29976]
R1 AvgLdx64;AVG AVI Loader Driver
x64;c:\windows\system32\drivers\avgldx64.sys [2009-12-5
269320]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver
x64;c:\windows\system32\drivers\avgmfx64.sys [2009-12-5
35464]
R1 AvgTdiA;AVG Network Redirector
x64;c:\windows\system32\drivers\avgtdia.sys [2009-12-5
316936]
R2 AESTFilters;Andrea ST Filters
Service;c:\windows\system32\driverstore\filerepository\stwrt64
.inf_58be29c0\AESTSr64.exe [2009-3-2 89600]
R2 avg9wd;AVG WatchDog;c:\program files
(x86)\avg\avg9\avgwdsvc.exe [2010-3-4 308064]
R2 avgfws9;AVG Firewall;c:\program files
(x86)\avg\avg9\avgfws9.exe [2010-3-4 2325816]
R2 faproct;Circuit City Firedog Advisor
ProcessTriggerDriver;c:\windows\system32\drivers\faproc64.s
ys [2007-6-17 6656]
R2 faunidrv;UniDriver for Firedog
Advisor;c:\windows\system32\drivers\faunid64.sys [2007-3-21
7680]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe
[2008-3-18 23040]
R2
lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe
-service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 OcHealthMon;Windows Live OneCare Health
Monitor;c:\program files (x86)\microsoft windows onecare
live\OcHealthMon.exe [2010-2-5 26120]
R2 Recovery Service for Windows;Recovery Service for
Windows;c:\windows\sminst\BLService.exe [2008-7-1
341328]
R2 Viewpoint Manager Service;Viewpoint Manager
Service;c:\program files
(x86)\viewpoint\common\ViewpointService.exe [2008-10-1
24652]
R3 AVGIDSDrivervta;AVG9IDSDriver;c:\program files
(x86)\avg\avg9\identity
protection\agent\driver\platform_vista64\AVGIDSDriver.sys
[2009-12-5 132616]
R3 AVGIDSFiltervta;AVG9IDSFilter;c:\program files
(x86)\avg\avg9\identity
protection\agent\driver\platform_vista64\AVGIDSFilter.sys
[2009-12-5 35848]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-
packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-1
193840]
R3 enecir;ENE CIR
Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24
60928]
R3 IntcHdmiAddService;Intel(R) High Definition Audio
HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4
129536]
R3 MpFilter;Microsoft Malware Protection
Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18
67120]
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for
Windows Vista 64 Bit
;c:\windows\system32\drivers\NETw5v64.sys [2008-7-18
4730368]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files
(x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe
[2010-3-4 5888008]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET
Framework NGEN
v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.5
0727\mscorsvw.exe [2009-10-10 89920]
S3 FontCache;Windows Font Cache
Service;c:\windows\system32\svchost.exe -k
LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL
Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB
Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-6-5
48640]

=============== Created Last 30 ================

2010-04-20 01:09:00 0 d-----w-
c:\users\garris\StarCraft II Beta enUS 13891 Installer
2010-04-20 00:50:48 65536 --sha-w-
c:\users\garris\ntuser.dat{d4d91a5d-4c12-11df-add4-
0021863b59c3}.TM.blf
2010-04-20 00:50:48 524288 --sha-w-
c:\users\garris\ntuser.dat{d4d91a5d-4c12-11df-add4-
0021863b59c3}.TMContainer00000000000000000002.regtrans
-ms
2010-04-20 00:50:48 524288 --sha-w-
c:\users\garris\ntuser.dat{d4d91a5d-4c12-11df-add4-
0021863b59c3}.TMContainer00000000000000000001.regtrans
-ms
2010-04-19 16:17:16 0 dc-h--w-
c:\programdata\{74D08EB8-01D1-4BAE-91E3-
F30C1B031AC6}
2010-04-19 16:16:43 0 d-----w- c:\program files
(x86)\Lavasoft
2010-04-19 15:26:12 0 d-----w- c:\program files
(x86)\UnHackMe
2010-04-17 12:26:56 0 d-----w- c:\programdata\DivX
2010-04-15 07:42:15 0 d-----w-
c:\programdata\Blizzard Entertainment
2010-04-15 07:42:15 0 d-----w- c:\program files
(x86)\StarCraft II Beta
2010-04-15 07:42:15 0 d-----w- c:\program files
(x86)\common files\Blizzard Entertainment
2010-04-15 07:39:51 0 d-----w-
c:\programdata\Blizzard
2010-03-29 08:05:59 0 d-----w- c:\programdata\AIM
Toolbar
2010-03-29 08:05:59 0 d-----w- c:\program files
(x86)\AIM Toolbar
2010-03-29 08:05:54 0 d-----w- c:\program files
(x86)\common files\Software Update Utility
2010-03-21 08:37:24 0 d-----w- c:\programdata\Nexon

==================== Find3M
====================

2010-04-12 08:11:47 7460 ----a-w-
c:\windows\bthservsdp.dat
2010-04-05 22:19:09 51200 ----a-w-
c:\windows\inf\infpub.dat
2010-04-05 22:19:09 143360 ----a-w-
c:\windows\inf\infstrng.dat
2010-04-05 22:19:04 86016 ----a-w-
c:\windows\inf\infstor.dat
2010-03-09 16:50:32 86528 ----a-w-
c:\windows\system32\ieencode.dll
2010-03-09 16:25:21 78336 ----a-w-
c:\windows\syswow64\ieencode.dll
2010-03-09 16:07:05 1032192 ----a-w-
c:\windows\system32\wininet.dll
2010-03-09 15:42:17 834048 ----a-w-
c:\windows\syswow64\wininet.dll
2010-03-09 15:42:08 1176064 ----a-w-
c:\windows\syswow64\urlmon.dll
2010-03-09 15:40:29 477184 ----a-w-
c:\windows\syswow64\mshtmled.dll
2010-03-09 15:40:29 3601920 ----a-w-
c:\windows\syswow64\mshtml.dll
2010-03-09 15:39:49 6080000 ----a-w-
c:\windows\syswow64\ieframe.dll
2010-03-09 15:39:49 193024 ----a-w-
c:\windows\syswow64\iepeers.dll
2010-03-09 15:39:49 180736 ----a-w-
c:\windows\syswow64\ieui.dll
2010-03-09 15:39:47 380928 ----a-w-
c:\windows\syswow64\ieapfltr.dll
2010-03-04 16:13:22 316936 ----a-w-
c:\windows\system32\drivers\avgtdia.sys
2010-03-04 16:13:12 12976 ----a-w-
c:\windows\system32\avgrssta.dll
2010-03-04 16:13:11 35464 ----a-w-
c:\windows\system32\drivers\avgmfx64.sys
2010-03-04 16:12:41 27144 ----a-w-
c:\windows\system32\drivers\AVGIDSva.sys
2010-03-04 16:12:26 269320 ----a-w-
c:\windows\system32\drivers\avgldx64.sys
2010-03-04 16:12:10 56008 ----a-w-
c:\windows\system32\drivers\avgrkx64.sys
2010-02-20 23:15:56 32768 ----a-w-
c:\windows\system32\nshhttp.dll
2010-02-20 23:14:20 33792 ----a-w-
c:\windows\system32\httpapi.dll
2010-02-20 23:06:41 24064 ----a-w-
c:\windows\syswow64\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w-
c:\windows\syswow64\httpapi.dll
2010-02-20 21:30:08 620032 ----a-w-
c:\windows\system32\drivers\http.sys
2010-02-04 06:53:19 411368 ----a-w-
c:\windows\syswow64\deploytk.dll
2010-02-04 06:53:19 153376 ----a-w-
c:\windows\syswow64\javaws.exe
2010-02-04 06:53:19 145184 ----a-w-
c:\windows\syswow64\javaw.exe
2010-02-04 06:53:19 145184 ----a-w-
c:\windows\syswow64\java.exe
2010-01-25 12:10:22 538624 ----a-w-
c:\windows\system32\secproc_isv.dll
2010-01-25 12:10:22 160768 ----a-w-
c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:10:22 160768 ----a-w-
c:\windows\system32\secproc_ssp.dll
2010-01-25 12:10:03 539136 ----a-w-
c:\windows\system32\secproc.dll
2010-01-25 12:08:59 460288 ----a-w-
c:\windows\system32\msdrm.dll
2010-01-25 12:00:35 471552 ----a-w-
c:\windows\syswow64\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w-
c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w-
c:\windows\syswow64\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w-
c:\windows\syswow64\secproc.dll
2010-01-25 11:58:52 332288 ----a-w-
c:\windows\syswow64\msdrm.dll
2010-01-25 08:29:35 413696 ----a-w-
c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:29:31 600576 ----a-w-
c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:29:31 409600 ----a-w-
c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:29:28 599552 ----a-w-
c:\windows\system32\RMActivate.exe
2010-01-25 08:21:20 526336 ----a-w-
c:\windows\syswow64\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w-
c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w-
c:\windows\syswow64\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w-
c:\windows\syswow64\RMActivate_ssp.exe
2010-01-23 09:44:17 2048 ----a-w-
c:\windows\system32\tzres.dll
2010-01-23 09:26:13 2048 ----a-w-
c:\windows\syswow64\tzres.dll
2009-11-17 11:19:44 665600 ----a-w-
c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program
files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files
(x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w-
c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w-
c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w-
c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w-
c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w-
c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w-
c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w-
c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w-
c:\windows\inf\perflib\0000\perfc.dat
2008-07-01 05:53:05 8192 --sha-w-
c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:16:23.60 ===============


Report •

#3
April 19, 2010 at 21:24:45

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST
THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2008 12:09:39 PM
System Uptime: 4/19/2010 5:49:28 PM (4 hours ago)

Motherboard: Quanta | | 3602
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @
2.00GHz | CPU | 2000/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 222 GiB total, 52.093 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.858 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0008
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0008
Service: tunnel

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-
427970617373}_LOCALMFG&000F\7&2E015ABA&0&002557
A4AD99_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-
427970617373}_LOCALMFG&000F\7&2E015ABA&0&002557
A4AD99_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-
44736B746F70}_LOCALMFG&000F\7&2E015ABA&0&002557
A4AD99_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-
44736B746F70}_LOCALMFG&000F\7&2E015ABA&0&002557
A4AD99_C00000000
Service:

==== System Restore Points ===================

RP686: 4/13/2010 1:11:31 AM - Scheduled Checkpoint
RP687: 4/14/2010 1:04:33 AM - Scheduled Checkpoint
RP688: 4/15/2010 12:28:15 AM - Scheduled Checkpoint
RP689: 4/16/2010 6:10:55 AM - Scheduled Checkpoint
RP690: 4/17/2010 3:00:28 AM - Windows Update
RP691: 4/18/2010 12:35:48 AM - Scheduled Checkpoint
RP692: 4/19/2010 2:09:32 AM - Scheduled Checkpoint
RP693: 4/19/2010 8:29:29 AM - RegRun Virus Scan
RP694: 4/19/2010 8:40:18 AM - RegRun Virus Scan
RP695: 4/19/2010 8:44:05 AM - RegRun Virus Scan
RP696: 4/19/2010 5:38:08 PM - Restore Operation

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
AIM 7
AIM Toolbar
AIO_Scan
Apple Software Update
Audacity 1.2.6
AutoUpdate
AVG 9.0
BitTorrent
BlackBerry Desktop Software 4.7
BufferChm
C4200
c4200_Help
Cards_Calendar_OrderGift_DoMorePlugout
Combat Arms
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink YouCam
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DNA
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Easy MP3 Cutter 2.9
eSupportQFolder
firedog advisor
Full Tilt Poker
Garena
Google Chrome
Google Talk Plugin
GTOneCare
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 D1
HP QuickPlay 3.7
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0102
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPTCSSetup
IDT Audio
ImgBurn
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
LabelPrint
LightScribe System Software 1.12.33.2
LimeWire 5.4.6
MapleStory
MarketResearch
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86
8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.2)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
ooVoo
OpenOffice.org Installer 1.0
Pando Media Booster
Power2Go
PowerDirector
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
PX Engine
QuickPlay SlingPlayer 0.4.6
QuickTime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007
(KB957789)
Security Update for Microsoft Office Publisher 2007
(KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007
(KB973709)
Serif WebPlus 10
Serif WebPlus 10 Resources
Skype Toolbars
Skype™ 4.2
SlingPlayer
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Status
TBS WMP Plug-in
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features
(KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb979895)
Ventrilo Client
Verizon High Speed Internet
VideoToolkit01
Viewpoint Media Player
Visual C++ 8.0 Runtime Setup Package (x64)
VobSub v2.23 (Remove Only)
Warcraft III
Warcraft III: All Products
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver

==== End Of File ===========================


Report •

Related Solutions

#4
April 19, 2010 at 21:26:13
I am not able to run tdsskiller. It says that the program does not
support 64-bit OS. I currently run a vista 64-bit.

Report •

#5
April 19, 2010 at 21:29:48
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4011

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

4/19/2010 9:29:27 PM
mbam-log-2010-04-19 (21-29-27).txt

Scan type: Quick scan
Objects scanned: 141747
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#6
April 20, 2010 at 16:11:47
Go to the following link, download and run Hitman Pro 30 day free trial for 64 bit systems.

HitMan Pro



Report •

#7
April 20, 2010 at 18:58:40
hitman pro shows that i have no infected programs.

Report •

#8
April 20, 2010 at 19:42:23
Download Gmer for windows 7 from the following site and see if it will run on your 64 bit system. Copy/paste this link into your browser.

http://www.windows7download.com/win7-gmer/cuavzuut.html


Report •

#9
April 20, 2010 at 20:12:40
We need to see the results of the scan.

Report •

#10
April 20, 2010 at 20:13:40
We need to see the results of the Gmer scan.

Thanks


Report •

#11
April 20, 2010 at 21:16:29
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-20 21:15:06
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg
HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Para
meters\Keys\0021863b59c3
Reg
HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Para
meters\Keys\0021863b59c3@001edc4d055b
0x4E 0x0E 0xF4 0xC5 ...
Reg
HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Para
meters\Keys\0021863b59c3@001fe485a2e6
0x15 0x31 0x77 0xEC ...
Reg
HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Para
meters\Keys\0021863b59c3@001edc4d656f
0x4C 0x21 0x69 0xC5 ...
Reg
HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Para
meters\Keys\0021863b59c3@001cb36f60cf
0xA6 0x54 0xB5 0xA6 ...
Reg
HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Para
meters\Keys\0021863b59c3@001ee15b9dce
0x0B 0xE6 0x13 0xBB ...
Reg
HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Para
meters\Keys\0021863b59c3@001f6b60b789
0xFB 0x3D 0x78 0x13 ...
Reg
HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Para
meters\Keys\0021863b59c3@002557a4ad99
0x6A 0x6B 0xB8 0x73 ...
Reg
HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramete
rs\Keys\0021863b59c3 (not active ControlSet)
Reg
HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramete
rs\Keys\0021863b59c3@001edc4d055b
0x4E 0x0E 0xF4 0xC5 ...
Reg
HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramete
rs\Keys\0021863b59c3@001fe485a2e6
0x15 0x31 0x77 0xEC ...
Reg
HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramete
rs\Keys\0021863b59c3@001edc4d656f
0x4C 0x21 0x69 0xC5 ...
Reg
HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramete
rs\Keys\0021863b59c3@001cb36f60cf
0xA6 0x54 0xB5 0xA6 ...
Reg
HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramete
rs\Keys\0021863b59c3@001ee15b9dce
0x0B 0xE6 0x13 0xBB ...
Reg
HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramete
rs\Keys\0021863b59c3@001f6b60b789
0xFB 0x3D 0x78 0x13 ...
Reg
HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Paramete
rs\Keys\0021863b59c3@002557a4ad99
0x6A 0x6B 0xB8 0x73 ...
Reg
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved\{F40B95E9-F9F2-6465-0D1F-
437DEC95312F}
Reg
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved\{F40B95E9-F9F2-6465-0D1F-
437DEC95312F}@haejknjngmdhaoao 0x6B 0x61 0x70 0x6E
...

---- Files - GMER 1.0.15 ----

File C:\Windows\Temp\6121fcc9-3a8b-4b95-957e-
77214f717bbb.tmp
0 bytes
File C:\Windows\Temp\80c6e2fb-da6e-4c4f-9f16-
6a77a2dcecb0.tmp
11995 bytes
File C:\Windows\Temp\5f943aa9-a879-4bf6-8077-
818291de7f32.tmp
0 bytes
File C:\Windows\Temp\a827f8cb-f154-4c9e-b8fb-
3277585b4eaf.tmp
0 bytes
File C:\Windows\Temp\fb014c03-0ba1-40e9-8e32-
bb3289793de9.tmp
0 bytes

---- EOF - GMER 1.0.15 ----


Report •

#12
April 21, 2010 at 03:40:37
Navigate to and delete the contents of this folder:

C:\Windows\Temp

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop.
3. Click the “scan all users” checkbox.
4. Push the “run scan” button.
5. Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

The following will be a hugh file so you may have to post it in segment to get all the info to us.


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.
Leave all settings as they appear as default, except for the following:

Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Post the contents of that Notepad document in your next reply.


Report •

#13
April 21, 2010 at 22:46:10
OTL Extras logfile created on: 4/21/2010 10:37:55 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Garris\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.75 Gb Total Space | 51.43 Gb Free Space | 23.19% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.86 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 240.98 Mb Total Space | 39.70 Mb Free Space | 16.47% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARRIS
Current User Name: Garris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2888861139-4040163500-308209808-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Garris\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 40 9A 0F C6 5D 4A CA 01 [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0104BE27-9F44-4B0C-A6A3-BC9D20D35138}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{4C48ACCE-3C8A-4146-94B5-3E00F11DC616}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{837D02A4-5800-4673-B7D7-E27E42789CAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A4043D5F-E514-4EF5-92AA-15D58F464398}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{D70A1CC6-FFAE-4DC2-9878-55571374559A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D8B9536E-FAB6-4F23-A03A-D1751A727919}" = lport=666 | protocol=17 | dir=in | name=dshobro 0.4 |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0764BAEA-C8B3-495F-BF85-109D688014FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{082E1DB4-A03D-40E1-893D-4560D2C3D3FE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0ED7B48D-34DE-47AD-A96F-47B9EC3A10BB}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{161509FD-18BF-4FEA-86F9-F9DC6F7991EB}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{16EC40A7-9D99-4553-9E54-13E611019912}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1883C39B-60EB-4F49-A62D-75D827D0B20B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AD3E90A-9F34-4C4B-8B9A-C515B081253F}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1ADF8C07-BFF9-4E39-B1C7-E2C536FF60D3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1C9A8198-5F0E-4562-A6AF-C43D50712055}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
"{233BEA0C-7DA5-4288-8C4B-D87587096219}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{249F5E26-5717-4C6A-96A1-01DC4EC46D73}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{266356C3-5320-472D-8EFB-39FE23CC8D93}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{29499013-1B4A-443F-BE66-271E3C2DAEA4}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\frun.exe |
"{2D9565F4-2D5D-4E1E-ADB9-F89D1D4E1A4B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3197878B-7860-4DB1-87C9-0CF46DEE4F04}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{34B3BD6B-4CF7-4982-9028-63FB0B07EFFE}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{369AA7E9-899F-4B91-B9D6-E1B9C270C547}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{37ABF643-ED76-4515-BB28-EE2F7809FB27}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{3E8658D9-67A6-4B01-BE20-F254555B55E3}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{3F00F901-F3C4-4693-9588-6F63995BB964}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnamon.exe |
"{4084BE12-A5A6-477E-9060-B92DB5AF8540}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{42F1149B-159A-43B1-8C6D-803F1ABD4D22}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{473CBADA-81AC-4CC9-A0F2-3283EFB0A768}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4D02F358-26DF-41CA-BCB6-2F673E27FE12}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{5028FDBD-4703-40AE-993D-A17F39074721}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe |
"{533300FB-0BE1-4EAB-823A-FB4DF537D01E}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{53F51EA7-B193-461A-B519-B4B67A239D0E}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{56F83915-F895-4F21-9AAB-3C1B417339E7}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{5E58F8D1-4BBE-4A21-B025-779827CDDD7D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5FD2E120-38FA-44CC-BE36-981040C41EFB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{626E6FF5-FD59-4301-84BB-38EB8871BDE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{64A00D49-09A3-4BE7-9F08-6AEAF8690710}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6808AB5D-5622-4D0C-83F4-387058901508}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{68CE88AA-3CC7-4C74-B14C-B9F5B69EC10C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69FCDE85-B093-4744-AE71-D359CA95E568}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6D7DB448-5A64-46FE-9EA8-7B516199A6F2}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{70C38BEE-48D0-4B9B-9144-1D356F9DB29F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{726CC08E-3870-4299-B2D8-DBA16C01ADDC}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{789765BD-0BB5-46DE-AE32-458667F79505}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{78E3AE40-2E9F-41E6-906C-036E960FA3BC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7AFF2813-DF07-4249-BA70-339AA9126AC8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{84EF8AE2-F8B2-47CA-A9FD-B50BA2105D01}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{87FC6A70-76A4-47E1-BF31-F27D52490804}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{95A09FA6-B23E-40E5-9C7D-795F4BFA0406}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |
"{9645FB07-8AF3-454F-BDC2-9A63FCD0BF95}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C438878-E9F8-46DA-9EC2-059A9EAA8B58}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9E713B9E-BE77-4D3A-B7B0-7A546A500D01}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{A15C8639-BE1A-4747-AB91-DE25D5440A03}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A2A601C3-5C96-43C9-BE33-C51AC4E84E35}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A5013286-DB8B-420B-BA27-6064A854F4F8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A7C39AD1-0E39-495F-9A5E-320FAB768EC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC0C2FFB-F824-4EFF-A98F-2C1DEA123A50}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AC5BEEAD-12A3-4F3F-92F3-2782157E65D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AF1C52B1-DC32-4A3F-BB1C-3D9DA6FF0F89}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B1629847-1DF8-4614-9F57-212D65D086A1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B282F940-1A2A-4C3E-9903-A92FCD0AF8CC}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\frun.exe |
"{B987030F-49F0-4DAA-8E3C-333E06C90818}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BDC02068-DF18-4251-908B-27A619162A87}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF49A39F-7C2B-4DE2-AD41-25FDEB287C54}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BFD9D146-896F-4D67-B3AE-B6E33AA4B799}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC8C81BD-472E-4BBD-AD63-787588252682}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{CDEE851F-3FE8-4ADA-9D92-991C930E8DDB}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{CE5DF42C-954A-433D-B89B-A12ED4608AB0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D283CD51-F326-48B5-BAD8-CAE82B3F3D17}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{DD591DD5-8314-4AD4-AD80-B7451897B7FA}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{DE3445A9-5A1C-461D-893D-1D807CE233AC}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{DFAC2BBC-29C2-4FE2-A001-81ACA3653412}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnamon.exe |
"{E32B44BF-9F33-4641-A295-37866ADBD220}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E757CE05-F5AD-4B2C-A72E-EC564775B16F}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe |
"{E95D211F-EFBA-4E56-B449-13C1CFBA4500}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{EAF9D1E0-34E1-4CA1-B71D-BFDFDBBBA35D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EBF4C4AA-A62F-4B26-BB66-A6784FE8F0B5}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{EC713003-CA8B-48C9-9963-DD8595F30521}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EE1B3FFE-129C-4CD4-9629-D1F107C6DCF8}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{F0B472A7-0072-4B14-B31F-E6F09AA23A6D}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F12F84F3-9240-473D-B962-D7684A8D50DE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F7E0CFF9-268D-4A0F-AF46-99338A9AE7EA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F9AD8C2D-D335-449A-A469-F6C07B86EA57}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FD44EB8D-5266-480B-BDA5-21058A9E023A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FE238A52-BB30-41B6-99E1-34F5F45B265B}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"TCP Query User{05B6D3C8-B5F2-4DC7-801E-E2D6D75C108F}C:\users\garris\desktop\[2955]dshobro04\server.exe" = protocol=6 | dir=in | app=c:\users\garris\desktop\[2955]dshobro04\server.exe |
"UDP Query User{A83E81B4-9D8E-4213-8246-53F90AC4E9FB}C:\users\garris\desktop\[2955]dshobro04\server.exe" = protocol=17 | dir=in | app=c:\users\garris\desktop\[2955]dshobro04\server.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E6C415F-7708-4A8F-9509-11C98988BDCA}" = Apple Mobile Device Support
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.30
"{5AB0C6D3-E546-44C2-8B63-C9044FCC9AC0}" = iTunes
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.30
"{D6F907C2-5264-4E01-B608-42A550378631}" = Microsoft Protection Service
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
"{38B39865-D988-4945-9A22-6107B8B40953}" = C4200
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF5C897-579C-4CC2-9D17-14B3E70E417C}" = firedog advisor
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG 9.0
"BlackBerry_{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"Combat Arms" = Combat Arms
"Easy MP3 Cutter_is1" = Easy MP3 Cutter 2.9
"Garena" = Garena
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"ImgBurn" = ImgBurn
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LimeWire" = LimeWire 5.4.6
"MapleStory" = MapleStory
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"PROR" = Microsoft Office Professional 2007 Trial
"RealPlayer 6.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II Beta" = StarCraft II Beta
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"ViewpointMediaPlayer" = Viewpoint Media Player
"VobSub" = VobSub v2.23 (Remove Only)
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinSS" = Windows Live OneCare

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2888861139-4040163500-308209808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Warcraft III" = Warcraft III: All Products

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Report •

#14
April 21, 2010 at 23:12:48
OTL logfile created on: 4/21/2010 10:37:54 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Users\Garris\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.75 Gb Total Space | 51.43 Gb Free Space | 23.19% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.86 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 240.98 Mb Total Space | 39.70 Mb Free Space | 16.47% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARRIS
Current User Name: Garris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/21 22:37:30 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Garris\Documents\Downloads\OTL.exe
PRC - [2010/04/19 14:44:56 | 000,083,440 | ---- | M] (Google) -- C:\Users\Garris\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/04/16 12:04:31 | 000,532,976 | ---- | M] (Google Inc.) -- C:\Users\Garris\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/04/03 08:40:57 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/03/08 14:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/03/04 09:12:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/04 09:12:29 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
PRC - [2010/03/04 09:12:08 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/02/10 13:27:46 | 018,784,440 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2010/02/05 17:19:46 | 000,065,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Windows OneCare Live\winss.exe
PRC - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2009/09/10 07:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/03/27 08:13:18 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/03/27 08:13:11 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe
PRC - [2008/03/26 15:26:56 | 000,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/01/16 18:34:04 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/21 22:37:30 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Garris\Documents\Downloads\OTL.exe
MOD - [2009/04/10 23:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2009/09/24 18:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:[b]64bit:[/b] - [2009/07/21 23:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2009/04/11 00:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:[b]64bit:[/b] - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:[b]64bit:[/b] - [2008/07/09 19:49:54 | 000,018,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV:[b]64bit:[/b] - [2008/03/18 16:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:[b]64bit:[/b] - [2008/02/27 16:07:47 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV:[b]64bit:[/b] - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2007/12/11 12:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/03/04 09:12:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 09:12:37 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/04 09:12:29 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009/03/29 21:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/03/26 15:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/27 16:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdncoms.exe -- (lxdn_device)
SRV - [2007/11/28 00:34:02 | 001,485,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2010/03/04 09:13:22 | 000,316,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:[b]64bit:[/b] - [2010/03/04 09:13:11 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:[b]64bit:[/b] - [2010/03/04 09:12:41 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\AVGIDSva.sys -- (AVGIDSErHrvta)
DRV:[b]64bit:[/b] - [2010/03/04 09:12:26 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:[b]64bit:[/b] - [2010/03/04 09:12:10 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
DRV:[b]64bit:[/b] - [2009/12/06 12:41:41 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:[b]64bit:[/b] - [2009/07/21 23:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2009/06/05 11:42:38 | 000,048,640 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:[b]64bit:[/b] - [2009/04/10 22:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:[b]64bit:[/b] - [2009/04/10 22:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:[b]64bit:[/b] - [2009/04/10 22:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:[b]64bit:[/b] - [2009/04/10 22:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:[b]64bit:[/b] - [2009/04/10 22:39:35 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WinUSB.SYS -- (WINUSB)
DRV:[b]64bit:[/b] - [2009/03/19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:[b]64bit:[/b] - [2008/06/12 11:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2008/06/04 10:55:16 | 000,129,536 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:[b]64bit:[/b] - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:[b]64bit:[/b] - [2008/04/27 23:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2008/04/21 20:59:06 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:[b]64bit:[/b] - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2008/04/15 03:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:[b]64bit:[/b] - [2008/03/28 02:06:00 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2008/03/27 12:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2008/03/27 12:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:[b]64bit:[/b] - [2008/02/29 15:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2008/02/01 01:41:52 | 000,095,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2008/02/01 01:41:52 | 000,089,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:[b]64bit:[/b] - [2008/02/01 01:41:52 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:[b]64bit:[/b] - [2008/01/24 06:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:[b]64bit:[/b] - [2008/01/20 19:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:[b]64bit:[/b] - [2008/01/20 19:47:02 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:[b]64bit:[/b] - [2007/11/28 00:34:00 | 000,111,680 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\msfwdrv.sys -- (MSFWDrv)
DRV:[b]64bit:[/b] - [2007/11/28 00:33:50 | 000,043,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\msfwhlpr.sys -- (MSFWHLPR)
DRV:[b]64bit:[/b] - [2007/07/11 10:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:[b]64bit:[/b] - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:[b]64bit:[/b] - [2007/06/17 09:35:16 | 000,006,656 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\faproc64.sys -- (faproct)
DRV:[b]64bit:[/b] - [2007/05/07 03:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2007/04/03 14:59:20 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV:[b]64bit:[/b] - [2007/03/21 15:55:42 | 000,007,680 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\faunid64.sys -- (faunidrv)
DRV:[b]64bit:[/b] - [2006/11/01 22:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:[b]64bit:[/b] - [2006/10/09 19:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2006/10/06 19:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2010/03/04 09:12:41 | 000,132,616 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys -- (AVGIDSDrivervta)
DRV - [2010/03/04 09:12:41 | 000,035,848 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys -- (AVGIDSFiltervta)
DRV - [2008/01/20 19:49:57 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WINUSB)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
IE - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...
IE - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.http: "208.74.174.142"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/01 02:03:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/03/05 00:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/10 21:23:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/10 13:21:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/19 17:47:48 | 000,000,000 | ---D | M]

[2010/01/28 11:18:38 | 000,000,000 | ---D | M] -- C:\Users\Garris\AppData\Roaming\Mozilla\Extensions
[2010/01/09 21:17:35 | 000,000,000 | ---D | M] -- C:\Users\Garris\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/07 01:50:19 | 000,000,000 | ---D | M] -- C:\Users\Garris\AppData\Roaming\Mozilla\Firefox\Profiles\xkcp15ex.default\extensions
[2010/01/29 22:15:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Garris\AppData\Roaming\Mozilla\Firefox\Profiles\xkcp15ex.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/29 01:06:02 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Garris\AppData\Roaming\Mozilla\Firefox\Profiles\xkcp15ex.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/03/30 12:55:00 | 000,002,267 | ---- | M] () -- C:\Users\Garris\AppData\Roaming\Mozilla\Firefox\Profiles\xkcp15ex.default\searchplugins\aim-search.xml
[2010/03/31 05:10:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/31 05:09:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2010/03/20 21:10:59 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/06/19 01:58:10 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll


Report •

#15
April 21, 2010 at 23:13:16
O1 HOSTS File: ([2010/02/06 18:31:30 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2888861139-4040163500-308209808-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2888861139-4040163500-308209808-1000..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2888861139-4040163500-308209808-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-2888861139-4040163500-308209808-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2888861139-4040163500-308209808-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/get... (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05247804-fbfc-11dd-95c9-0021863b59c3}\Shell\AutoRun\command - "" = ur0.com
O33 - MountPoints2\{05247804-fbfc-11dd-95c9-0021863b59c3}\Shell\open\Command - "" = ur0.com
O33 - MountPoints2\{05247809-fbfc-11dd-95c9-0021863b59c3}\Shell - "" = AutoRun
O33 - MountPoints2\{05247809-fbfc-11dd-95c9-0021863b59c3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9bb0283f-1bb0-11de-b786-0021863b59c3}\Shell\AutoRun\command - "" = F:\Install FreeAgent Tools.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/04/20 16:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/20 16:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/20 14:45:57 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/20 14:44:56 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/20 14:44:56 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/20 14:44:41 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/20 14:44:41 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/20 14:44:37 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/20 14:44:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/20 14:44:13 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2010/04/20 14:44:13 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2010/04/20 14:44:13 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2010/04/20 14:44:13 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/04/19 21:22:19 | 000,000,000 | ---D | C] -- C:\Users\Garris\AppData\Roaming\Malwarebytes
[2010/04/19 21:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/19 21:22:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/19 18:09:00 | 000,000,000 | ---D | C] -- C:\Users\Garris\StarCraft II Beta enUS 13891 Installer
[2010/04/19 09:17:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/19 09:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/04/19 08:26:39 | 000,000,000 | ---D | C] -- C:\Users\Garris\Documents\RegRun2
[2010/04/19 08:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2010/04/17 05:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] -- C:\Users\Garris\Documents\StarCraft II Beta
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II Beta
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] -- C:\Users\Garris\AppData\Local\Blizzard Entertainment
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/04/15 00:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/04/14 21:34:00 | 000,000,000 | ---D | C] -- C:\Users\Garris\Desktop\StarCraft II Beta enUS 13891 Installer
[2010/04/13 16:24:01 | 000,000,000 | ---D | C] -- C:\Users\Garris\Desktop\Incomplete
[2010/04/06 12:56:04 | 000,000,000 | ---D | C] -- C:\Users\Garris\AppData\Local\AIM Toolbar
[2010/04/02 21:58:25 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/04/02 21:58:22 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/04/02 21:58:18 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/04/02 21:58:15 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/04/02 21:58:15 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/04/02 21:58:15 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/04/02 21:58:13 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/04/02 21:58:12 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/04/02 21:58:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/04/02 21:58:08 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/04/02 21:58:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/03/31 21:37:22 | 000,000,000 | ---D | C] -- C:\Users\Garris\Desktop\syllabus
[2010/03/31 05:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/03/29 01:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM Toolbar
[2010/03/29 01:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM Toolbar
[2010/03/29 01:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2009/01/31 18:59:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2009/01/31 18:59:47 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2009/01/31 18:59:45 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2009/01/31 18:59:44 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2009/01/31 18:59:44 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2009/01/31 18:59:43 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2009/01/31 18:59:43 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2009/01/31 18:59:43 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2009/01/31 18:59:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2009/01/31 18:59:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Garris\Desktop\*.tmp files -> C:\Users\Garris\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/04/21 22:43:48 | 007,340,032 | -HS- | M] () -- C:\Users\Garris\ntuser.dat
[2010/04/21 21:05:34 | 000,000,355 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/04/21 21:04:09 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 21:04:09 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/21 21:04:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/21 21:03:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/21 21:03:41 | 4222,832,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/21 17:51:59 | 000,007,460 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/21 17:51:48 | 000,524,288 | -HS- | M] () -- C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-0021863b59c3}.TMContainer00000000000000000001.regtrans-ms
[2010/04/21 17:51:48 | 000,065,536 | -HS- | M] () -- C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-0021863b59c3}.TM.blf
[2010/04/21 17:51:35 | 002,577,127 | -H-- | M] () -- C:\Users\Garris\AppData\Local\IconCache.db
[2010/04/21 17:15:12 | 059,117,484 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/04/21 13:48:19 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010/04/21 01:36:45 | 000,002,047 | ---- | M] () -- C:\Users\Garris\Desktop\Google Chrome.lnk
[2010/04/20 16:47:34 | 000,029,184 | ---- | M] () -- C:\Users\Garris\Desktop\plans!.doc
[2010/04/20 16:34:50 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/04/20 03:04:11 | 005,463,684 | ---- | M] () -- C:\Users\Garris\Desktop\juicebox.mp3
[2010/04/20 01:19:59 | 000,524,288 | -HS- | M] () -- C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-0021863b59c3}.TMContainer00000000000000000002.regtrans-ms
[2010/04/19 18:11:11 | 000,078,926 | ---- | M] () -- C:\Users\Garris\Desktop\Photo 26.jpg
[2010/04/19 18:00:22 | 000,142,408 | ---- | M] () -- C:\Users\Garris\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/19 17:57:21 | 000,580,293 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/04/19 17:39:05 | 000,524,288 | -HS- | M] () -- C:\Users\Garris\ntuser.dat{3bee1bc8-a43a-11de-bf70-0021863b59c3}.TMContainer00000000000000000001.regtrans-ms
[2010/04/19 17:39:05 | 000,065,536 | -HS- | M] () -- C:\Users\Garris\ntuser.dat{3bee1bc8-a43a-11de-bf70-0021863b59c3}.TM.blf
[2010/04/18 22:01:50 | 000,450,560 | ---- | M] () -- C:\Users\Garris\Documents\Database3.accdb
[2010/04/16 16:47:59 | 001,679,360 | ---- | M] () -- C:\Users\Garris\Documents\Inventory.accdb
[2010/04/16 03:26:00 | 453,741,929 | ---- | M] () -- C:\Users\Garris\Documents\Untitled.wma
[2010/04/14 21:28:43 | 000,012,521 | ---- | M] () -- C:\Users\Garris\Desktop\groupwork - tables.docx
[2010/04/14 02:12:53 | 000,066,032 | ---- | M] () -- C:\Users\Garris\Desktop\groupwork - tables (1).docx
[2010/04/14 01:36:09 | 000,011,654 | ---- | M] () -- C:\Users\Garris\Desktop\Term Project Timeline.docx
[2010/04/14 01:35:58 | 000,010,110 | ---- | M] () -- C:\Users\Garris\Desktop\Course Offering Data Table.docx
[2010/04/13 22:07:33 | 000,040,063 | ---- | M] () -- C:\Users\Garris\Documents\marketstar visits.docx
[2010/04/13 12:49:48 | 000,010,092 | ---- | M] () -- C:\Users\Garris\Desktop\Assignment%202.pdf
[2010/04/12 22:21:58 | 000,494,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/12 22:02:16 | 000,000,165 | -H-- | M] () -- C:\Users\Garris\Desktop\~$SoBA Ambassador Contact Information Spring 2010.xlsx
[2010/04/12 19:14:52 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/12 19:14:52 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/12 19:14:52 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/12 17:44:26 | 027,430,638 | ---- | M] () -- C:\Users\Garris\Desktop\20100408200000.wav
[2010/04/12 17:21:19 | 000,012,624 | ---- | M] () -- C:\Users\Garris\Desktop\SoBA Ambassador Contact Information Spring 2010.xlsx
[2010/04/12 14:50:49 | 001,507,328 | ---- | M] () -- C:\Users\Garris\Documents\Contacts.accdb
[2010/04/12 14:38:24 | 000,442,368 | ---- | M] () -- C:\Users\Garris\Documents\Database2.accdb
[2010/04/12 14:33:57 | 000,462,848 | ---- | M] () -- C:\Users\Garris\Documents\Database1.accdb
[2010/04/12 14:18:47 | 001,572,864 | ---- | M] () -- C:\Users\Garris\Documents\Projects.accdb
[2010/04/08 09:39:19 | 000,011,639 | ---- | M] () -- C:\Users\Garris\Desktop\Session 2.xlsx
[2010/04/08 09:29:16 | 000,011,578 | ---- | M] () -- C:\Users\Garris\Documents\Session 1.xlsx
[2010/04/07 06:39:39 | 000,121,344 | ---- | M] () -- C:\Users\Garris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 17:37:01 | 000,013,253 | ---- | M] () -- C:\Users\Garris\Desktop\Garris Yeung.docx
[2010/04/06 16:24:26 | 000,000,162 | -H-- | M] () -- C:\Users\Garris\Desktop\~$rris Yeung.docx
[2010/04/06 02:28:00 | 000,015,713 | ---- | M] () -- C:\Users\Garris\Desktop\store visits 4-11.docx
[2010/03/31 10:44:24 | 000,011,359 | ---- | M] () -- C:\Users\Garris\Documents\introduction.docx
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/29 01:06:31 | 000,001,089 | -H-- | M] () -- C:\IPH.PH
[2010/03/29 00:42:22 | 603,553,016 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Garris\Desktop\*.tmp files -> C:\Users\Garris\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/04/21 13:40:03 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010/04/20 16:15:23 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/04/19 18:16:57 | 000,078,926 | ---- | C] () -- C:\Users\Garris\Desktop\Photo 26.jpg
[2010/04/19 17:50:48 | 000,524,288 | -HS- | C] () -- C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-0021863b59c3}.TMContainer00000000000000000002.regtrans-ms
[2010/04/19 17:50:48 | 000,524,288 | -HS- | C] () -- C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-0021863b59c3}.TMContainer00000000000000000001.regtrans-ms
[2010/04/19 17:50:48 | 000,065,536 | -HS- | C] () -- C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-0021863b59c3}.TM.blf
[2010/04/19 00:54:27 | 005,463,684 | ---- | C] () -- C:\Users\Garris\Desktop\juicebox.mp3
[2010/04/18 21:40:56 | 000,450,560 | ---- | C] () -- C:\Users\Garris\Documents\Database3.accdb
[2010/04/16 15:24:01 | 001,679,360 | ---- | C] () -- C:\Users\Garris\Documents\Inventory.accdb
[2010/04/16 03:25:59 | 453,741,929 | ---- | C] () -- C:\Users\Garris\Documents\Untitled.wma
[2010/04/14 02:12:49 | 000,066,032 | ---- | C] () -- C:\Users\Garris\Desktop\groupwork - tables (1).docx
[2010/04/14 02:12:44 | 000,012,521 | ---- | C] () -- C:\Users\Garris\Desktop\groupwork - tables.docx
[2010/04/14 01:36:09 | 000,011,654 | ---- | C] () -- C:\Users\Garris\Desktop\Term Project Timeline.docx
[2010/04/14 01:35:58 | 000,010,110 | ---- | C] () -- C:\Users\Garris\Desktop\Course Offering Data Table.docx
[2010/04/13 22:07:32 | 000,040,063 | ---- | C] () -- C:\Users\Garris\Documents\marketstar visits.docx
[2010/04/13 12:49:48 | 000,010,092 | ---- | C] () -- C:\Users\Garris\Desktop\Assignment%202.pdf
[2010/04/12 22:02:16 | 000,000,165 | -H-- | C] () -- C:\Users\Garris\Desktop\~$SoBA Ambassador Contact Information Spring 2010.xlsx
[2010/04/12 17:40:30 | 027,430,638 | ---- | C] () -- C:\Users\Garris\Desktop\20100408200000.wav
[2010/04/12 17:21:18 | 000,012,624 | ---- | C] () -- C:\Users\Garris\Desktop\SoBA Ambassador Contact Information Spring 2010.xlsx
[2010/04/12 14:48:46 | 001,507,328 | ---- | C] () -- C:\Users\Garris\Documents\Contacts.accdb
[2010/04/12 14:35:21 | 000,442,368 | ---- | C] () -- C:\Users\Garris\Documents\Database2.accdb
[2010/04/12 14:18:47 | 000,462,848 | ---- | C] () -- C:\Users\Garris\Documents\Database1.accdb
[2010/04/12 14:18:19 | 001,572,864 | ---- | C] () -- C:\Users\Garris\Documents\Projects.accdb
[2010/04/08 09:39:19 | 000,011,639 | ---- | C] () -- C:\Users\Garris\Desktop\Session 2.xlsx
[2010/04/08 09:29:16 | 000,011,578 | ---- | C] () -- C:\Users\Garris\Documents\Session 1.xlsx
[2010/04/06 16:24:26 | 000,000,162 | -H-- | C] () -- C:\Users\Garris\Desktop\~$rris Yeung.docx
[2010/04/06 02:27:59 | 000,015,713 | ---- | C] () -- C:\Users\Garris\Desktop\store visits 4-11.docx
[2010/04/05 13:17:59 | 000,013,253 | ---- | C] () -- C:\Users\Garris\Desktop\Garris Yeung.docx
[2010/03/31 10:44:24 | 000,011,359 | ---- | C] () -- C:\Users\Garris\Documents\introduction.docx
[2009/11/16 21:14:41 | 000,000,135 | ---- | C] () -- C:\Windows\Mp3CutterJoiner.ini
[2009/10/10 19:34:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/10 19:33:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/28 19:03:47 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/05/13 04:06:58 | 000,000,554 | ---- | C] () -- C:\Windows\SysWow64\language.ini
[2009/05/13 04:06:58 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\satourne.ini
[2009/02/07 15:57:19 | 000,000,027 | ---- | C] () -- C:\Windows\option.ini
[2009/01/31 18:59:48 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2009/01/31 18:59:48 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2008/11/21 14:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/11/21 14:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008/11/21 14:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008/11/21 14:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/10/05 16:58:28 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/11/20 17:02:39 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2007/11/20 16:44:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2007/10/02 15:51:09 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
[2005/12/08 00:19:22 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\EGamesPlugin.dll
[2005/12/08 00:19:22 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\EGameEncrypt.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 64 bytes -> C:\Users\Garris\Desktop\Ab Ripper X.avi:TOC.WMV
< End of report >

Report •

#16
April 21, 2010 at 23:29:47
OTL logfile created on: 4/21/2010 11:15:00 PM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder =
C:\Users\Garris\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2
(Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU |
Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical
Memory | 36.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File |
66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows |
%ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.75 Gb Total Space | 51.45 Gb Free Space |
23.20% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.86 Gb Free Space |
16.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 240.98 Mb Total Space | 39.70 Mb Free Space |
16.47% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARRIS
Current User Name: Garris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList)
==========[/color]

PRC - [2010/04/21 22:37:30 | 000,562,176 | ---- | M] (OldTimer
Tools) -- C:\Users\Garris\Documents\Downloads\OTL.exe
PRC - [2010/04/03 08:40:57 | 002,064,224 | ---- | M] (AVG
Technologies CZ, s.r.o.) -- C:\Program Files
(x86)\AVG\AVG9\avgtray.exe
PRC - [2010/03/04 09:12:52 | 000,308,064 | ---- | M] (AVG
Technologies CZ, s.r.o.) -- C:\Program Files
(x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/04 09:12:29 | 002,325,816 | ---- | M] (AVG
Technologies CZ, s.r.o.) -- C:\Program Files
(x86)\AVG\AVG9\avgfws9.exe
PRC - [2010/03/04 09:12:08 | 000,836,888 | ---- | M] (AVG
Technologies CZ, s.r.o.) -- C:\Program Files
(x86)\AVG\AVG9\avgam.exe
PRC - [2010/02/10 13:27:46 | 018,784,440 | ---- | M] (ooVoo
LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2010/02/05 17:19:46 | 000,065,256 | ---- | M] (Microsoft
Corporation) -- C:\Program Files (x86)\Microsoft Windows
OneCare Live\winssnotify.exe
PRC - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft
Corporation) -- C:\Program Files (x86)\Microsoft Windows
OneCare Live\winss.exe
PRC - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft
Corporation) -- C:\Program Files (x86)\Microsoft Windows
OneCare Live\OcHealthMon.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype
Technologies S.A.) -- C:\Program Files
(x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft
Corporation) -- C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft
Corporation) -- C:\Program Files (x86)\Windows
Live\Contacts\wlcomm.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun
Microsystems, Inc.) -- C:\Program Files
(x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel
Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix
Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel
Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix
Storage Manager\IAAnotif.exe
PRC - [2008/03/27 08:13:18 | 000,660,136 | ---- | M] () --
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
PRC - [2008/03/27 08:13:11 | 000,025,256 | ---- | M] () --
C:\Program Files (x86)\Lexmark 2600
Series\lxdnmsdmon.exe
PRC - [2008/03/26 15:26:56 | 000,341,328 | ---- | M] () --
C:\Windows\SMINST\BLService.exe
PRC - [2008/01/16 18:34:04 | 000,014,376 | ---- | M]
(Broadcom Corporation.) -- C:\Program
Files\WIDCOMM\Bluetooth
Software\BluetoothHeadsetProxy.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M]
(Viewpoint Corporation) -- C:\Program Files
(x86)\Viewpoint\Common\ViewpointService.exe


[color=#E56717]========== Modules (SafeList)
==========[/color]

MOD - [2010/04/21 22:37:30 | 000,562,176 | ---- | M]
(OldTimer Tools) --
C:\Users\Garris\Documents\Downloads\OTL.exe
MOD - [2009/04/10 23:28:18 | 000,450,560 | ---- | M]
(Microsoft Corporation) --
C:\Windows\SysWOW64\comdlg32.dll


[color=#E56717]========== Win32 Services (SafeList)
==========[/color]

SRV:[b]64bit:[/b] - [2009/09/24 18:26:26 | 001,142,272 | ---- |
M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:[b]64bit:[/b] - [2009/07/21 23:33:32 | 000,240,128 | ---- |
M] (IDT, Inc.) [Auto | Running] --
C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_
58be29c0\STacSV64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2009/04/11 00:11:13 | 000,053,760 | ---- |
M] (Microsoft Corporation) [Auto | Running] --
C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:[b]64bit:[/b] - [2009/03/02 19:42:58 | 000,089,600 | ---- |
M] (Andrea Electronics Corporation) [Auto | Running] --
C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_
58be29c0\AESTSr64.exe -- (AESTFilters)
SRV:[b]64bit:[/b] - [2008/07/09 19:49:54 | 000,018,192 | ---- |
M] (Microsoft Corporation) [Auto | Running] -- C:\Program
Files\Microsoft Windows OneCare
Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV:[b]64bit:[/b] - [2008/03/18 16:25:40 | 000,023,040 | ---- |
M] (Hewlett-Packard Corporation) [Auto | Running] --
C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:[b]64bit:[/b] - [2008/02/27 16:07:47 | 001,044,648 | ---- |
M] ( ) [Auto | Running] --
C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV:[b]64bit:[/b] - [2008/01/20 19:47:32 | 000,383,544 | ---- |
M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program
Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2007/12/11 12:11:30 | 000,015,872 | ---- |
M] (Agere Systems) [Auto | Running] --
C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/03/04 09:12:52 | 000,308,064 | ---- | M] (AVG
Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files
(x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 09:12:37 | 005,888,008 | ---- | M] (AVG
Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files
(x86)\AVG\AVG9\Identity
Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/04 09:12:29 | 002,325,816 | ---- | M] (AVG
Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files
(x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft
Corporation) [Auto | Running] -- C:\Program Files
(x86)\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft
Corporation) [Auto | Running] -- C:\Program Files
(x86)\Microsoft Windows OneCare Live\OcHealthMon.exe --
(OcHealthMon)
SRV - [2009/03/29 21:39:54 | 000,089,920 | ---- | M] (Microsoft
Corporation) [On_Demand | Stopped] --
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsv
w.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel
Corporation) [Auto | Running] -- C:\Program Files
(x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe --
(IAANTMON) Intel(R)
SRV - [2008/03/26 15:26:56 | 000,341,328 | ---- | M] () [Auto |
Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery
Service for Windows)
SRV - [2008/02/27 16:07:26 | 000,594,600 | ---- | M] ( ) [Auto |
Running] -- C:\Windows\SysWow64\lxdncoms.exe --
(lxdn_device)
SRV - [2007/11/28 00:34:02 | 001,485,888 | ---- | M] (Microsoft
Corporation) [Auto | Running] -- C:\Program Files
(x86)\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -
- (msfwsvc)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft
Corporation) [Auto | Running] --
C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft
Corporation) [Auto | Running] --
C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M]
(Viewpoint Corporation) [Auto | Running] -- C:\Program Files
(x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint
Manager Service)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M]
[Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc --
(MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] ()
[On_Demand | Stopped] --
C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] ()
[On_Demand | Stopped] --
C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


[color=#E56717]========== Driver Services (SafeList)
==========[/color]

DRV:[b]64bit:[/b] - [2010/03/04 09:13:22 | 000,316,936 | ---- |
M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running]
-- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:[b]64bit:[/b] - [2010/03/04 09:13:11 | 000,035,464 | ---- |
M] (AVG Technologies CZ, s.r.o.) [File_System | System |
Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys --
(AvgMfx64)
DRV:[b]64bit:[/b] - [2010/03/04 09:12:41 | 000,027,144 | ---- |
M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] --
C:\Windows\SysNative\Drivers\AVGIDSva.sys --
(AVGIDSErHrvta)
DRV:[b]64bit:[/b] - [2010/03/04 09:12:26 | 000,269,320 | ---- |
M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running]
-- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:[b]64bit:[/b] - [2010/03/04 09:12:10 | 000,056,008 | ---- |
M] (AVG Technologies CZ, s.r.o.) [File_System | Boot |
Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys --
(AvgRkx64)
DRV:[b]64bit:[/b] - [2009/12/06 12:41:41 | 000,029,976 | ---- |
M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running]
-- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:[b]64bit:[/b] - [2009/07/21 23:33:32 | 000,487,936 | ---- |
M] (IDT, Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2009/06/05 11:42:38 | 000,048,640 | ---- |
M] (Apple, Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\Drivers\usbaapl64.sys --
(USBAAPL64)
DRV:[b]64bit:[/b] - [2009/05/09 01:14:20 | 000,015,752 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:[b]64bit:[/b] - [2009/04/10 22:40:06 | 000,694,272 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:[b]64bit:[/b] - [2009/04/10 22:39:57 | 000,178,176 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM)
Bluetooth Device (RFCOMM Protocol TDI)
DRV:[b]64bit:[/b] - [2009/04/10 22:39:55 | 000,026,112 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:[b]64bit:[/b] - [2009/04/10 22:39:53 | 000,034,816 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:[b]64bit:[/b] - [2009/04/10 22:39:35 | 000,036,864 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\DRIVERS\WinUSB.SYS -- (WINUSB)
DRV:[b]64bit:[/b] - [2009/03/19 16:34:18 | 000,029,544 | ---- |
M] (GEAR Software Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys --
(GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/01/09 15:02:08 | 000,031,744 | ---- |
M] (Research in Motion Ltd) [Kernel | On_Demand | Running]
-- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys --
(RimVSerPort)
DRV:[b]64bit:[/b] - [2008/06/12 11:51:36 | 007,911,840 | ---- |
M] (Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2008/06/04 10:55:16 | 000,129,536 | ---- |
M] (Intel(R) Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\IntcHdmi.sys --
(IntcHdmiAddService) Intel(R)
DRV:[b]64bit:[/b] - [2008/05/20 18:33:36 | 000,028,416 | ---- |
M] (Research In Motion Limited) [Kernel | On_Demand |
Stopped] --
C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys --
(RimUsb)
DRV:[b]64bit:[/b] - [2008/04/27 23:38:12 | 004,730,368 | ---- |
M] (Intel Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\NETw5v64.sys --
(NETw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2008/04/21 20:59:06 | 000,065,536 | ---- |
M] (Realtek Semiconductor Corp.) [Kernel | On_Demand |
Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS --
(RTSTOR)
DRV:[b]64bit:[/b] - [2008/04/15 17:54:16 | 000,388,120 | ---- |
M] (Intel Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2008/04/15 03:05:42 | 000,161,792 | ---- |
M] (Realtek Corporation )
[Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:[b]64bit:[/b] - [2008/03/28 02:06:00 | 000,324,656 | ---- |
M] (Synaptics, Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2008/03/27 12:10:56 | 000,026,984 | ---- |
M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2008/03/27 12:10:14 | 000,040,296 | ---- |
M] (Hewlett-Packard Corporation) [Kernel | On_Demand |
Running] --
C:\Windows\SysNative\DRIVERS\Accelerometer.sys --
(Accelerometer)
DRV:[b]64bit:[/b] - [2008/02/29 15:59:32 | 001,252,352 | ---- |
M] (Agere Systems) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\agrsm64.sys --
(AgereSoftModem)
DRV:[b]64bit:[/b] - [2008/02/01 01:41:52 | 000,095,784 | ---- |
M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -
- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2008/02/01 01:41:52 | 000,089,128 | ---- |
M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -
- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:[b]64bit:[/b] - [2008/02/01 01:41:52 | 000,019,752 | ---- |
M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -
- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:[b]64bit:[/b] - [2008/01/24 06:24:24 | 000,060,928 | ---- |
M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand |
Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys --
(enecir)
DRV:[b]64bit:[/b] - [2008/01/20 19:47:27 | 000,168,704 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo)
USB Video Device (WDM)
DRV:[b]64bit:[/b] - [2008/01/20 19:47:02 | 000,115,712 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan)
Bluetooth Device (Personal Area Network)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:57 | 001,523,712 | ---- |
M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped]
-- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS --
(HSF_DPV)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:57 | 000,724,480 | ---- |
M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped]
-- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS --
(winachsf)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:57 | 000,286,720 | ---- |
M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped]
-- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS --
(HSFHWAZL)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:55 | 000,111,104 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:51 | 000,017,792 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:[b]64bit:[/b] - [2007/11/28 00:34:00 | 000,111,680 | ---- |
M] (Microsoft Corporation) [Kernel | Auto | Running] --
C:\Windows\SysNative\DRIVERS\msfwdrv.sys -- (MSFWDrv)
DRV:[b]64bit:[/b] - [2007/11/28 00:33:50 | 000,043,584 | ---- |
M] (Microsoft Corporation) [Kernel | System | Running] --
C:\Windows\SysNative\DRIVERS\msfwhlpr.sys --
(MSFWHLPR)
DRV:[b]64bit:[/b] - [2007/07/11 10:30:34 | 000,009,088 | ---- |
M] (Hewlett-Packard Development Company, L.P.) [Kernel |
On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\HpqRemHid.sys --
(HpqRemHid)
DRV:[b]64bit:[/b] - [2007/06/18 17:13:12 | 000,018,432 | ---- |
M] (Hewlett-Packard Development Company, L.P.) [Kernel |
On_Demand | Running] --
C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys --
(HpqKbFiltr)
DRV:[b]64bit:[/b] - [2007/06/17 09:35:16 | 000,006,656 | --S- |
M] (Gteko Ltd.) [Kernel | Auto | Running] --
C:\Windows\SysNative\DRIVERS\faproc64.sys -- (faproct)
DRV:[b]64bit:[/b] - [2007/05/07 03:00:00 | 000,052,856 | ---- |
M] (Sonic Solutions) [Kernel | Boot | Running] --
C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2007/04/03 14:59:20 | 000,108,296 | ---- |
M] (MCCI Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\DRIVERS\s616bus.sys -- (s616bus)
Sony Ericsson Device 616 driver (WDM)
DRV:[b]64bit:[/b] - [2007/03/21 15:55:42 | 000,007,680 | --S- |
M] (Gteko Ltd.) [Kernel | Auto | Running] --
C:\Windows\SysNative\DRIVERS\faunid64.sys -- (faunidrv)
DRV:[b]64bit:[/b] - [2006/11/01 22:28:10 | 000,273,920 | ---- |
M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\HdAudio.sys --
(HdAudAddService)
DRV:[b]64bit:[/b] - [2006/10/09 19:09:03 | 000,742,696 | ---- |
M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\DRIVERS\nvm60x64.sys --
(NVENETFD)
DRV:[b]64bit:[/b] - [2006/10/06 19:13:22 | 000,550,912 | ---- |
M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -
- C:\Windows\SysNative\DRIVERS\bcmwl664.sys --
(BCM43XV)
DRV - [2010/03/04 09:12:41 | 000,132,616 | ---- | M] (AVG
Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] --
C:\Program Files (x86)\AVG\AVG9\Identity
Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys --
(AVGIDSDrivervta)
DRV - [2010/03/04 09:12:41 | 000,035,848 | ---- | M] (AVG
Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] --
C:\Program Files (x86)\AVG\AVG9\Identity
Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys --
(AVGIDSFiltervta)
DRV - [2008/01/20 19:49:57 | 000,016,384 | ---- | M] (Microsoft
Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysWOW64\winusb.dll -- (WINUSB)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel
| Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof
-- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel
| On_Demand | Running] --
C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


[color=#E56717]========== Standard Registry (SafeList)
==========[/color]


[color=#E56717]========== Internet Explorer
==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main,Local Page =
%SystemRoot%\system32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
IE - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
IE - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main,Local Page =
%SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start
Page = http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-
9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
(AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start
Page = http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=c
nnb
IE - HKCU\SOFTWARE\Microsoft\Internet
Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-
9e81fefafe43} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-
99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-
5347D756017C} - C:\Program Files
(x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo!
Search"
FF - prefs.js..browser.search.defaulturl:
"http://aim.search.aol.com/aol/search?
query={searchTerms}&invocationType=tb50-ff-aim-
chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-
90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems:
avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems:
moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-
bb54-db756a951760}:5.96.10.5331
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-
4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL:
"http://us.yhs.search.yahoo.com/avg/search?fr=yhs-
avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.http: "208.74.174.142"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 4


FF -
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting
@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart
Web Printing\MozillaAddOn2 [2008/07/01 02:03:59 |
000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-
e555-4543-90e2-c3908898db71}: C:\Program Files
(x86)\AVG\AVG9\Firefox [2010/03/05 00:00:34 | 000,000,000 |
---D | M]
FF -
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared:
C:\Program Files
(x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/10
21:23:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox
3.6.2\extensions\\Components: C:\Program Files
(x86)\Mozilla Firefox\components [2010/04/10 13:21:31 |
000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox
3.6.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla
Firefox\plugins [2010/04/19 17:47:48 | 000,000,000 | ---D | M]

[2010/01/28 11:18:38 | 000,000,000 | ---D | M] --
C:\Users\Garris\AppData\Roaming\Mozilla\Extensions
[2010/01/09 21:17:35 | 000,000,000 | ---D | M] --
C:\Users\Garris\AppData\Roaming\Mozilla\Extensions\mozsw
ing@mozswing.org
[2010/04/07 01:50:19 | 000,000,000 | ---D | M] --
C:\Users\Garris\AppData\Roaming\Mozilla\Firefox\Profiles\xk
cp15ex.default\extensions
[2010/01/29 22:15:13 | 000,000,000 | ---D | M] (Microsoft .NET
Framework Assistant) --
C:\Users\Garris\AppData\Roaming\Mozilla\Firefox\Profiles\xk
cp15ex.default\extensions\{20a82645-c095-46ed-80e3-
08825760534b}
[2010/03/29 01:06:02 | 000,000,000 | ---D | M] (AIM Toolbar) --
C:\Users\Garris\AppData\Roaming\Mozilla\Firefox\Profiles\xk
cp15ex.default\extensions\{c2f863cd-0429-48c7-bb54-
db756a951760}
[2010/03/30 12:55:00 | 000,002,267 | ---- | M] () --
C:\Users\Garris\AppData\Roaming\Mozilla\Firefox\Profiles\xk
cp15ex.default\searchplugins\aim-search.xml
[2010/03/31 05:10:00 | 000,000,000 | ---D | M] -- C:\Program
Files (x86)\Mozilla Firefox\extensions
[2010/03/31 05:09:55 | 000,000,000 | ---D | M] (Skype
extension for Firefox) -- C:\Program Files (x86)\Mozilla
Firefox\extensions\{AB2CE124-6272-4b12-94A9-
7303C7397BD1}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.)
-- C:\Program Files (x86)\Mozilla
Firefox\plugins\npbittorrent.dll
[2010/03/20 21:10:59 | 000,238,776 | ---- | M] (Pando
Networks) -- C:\Program Files (x86)\Mozilla
Firefox\plugins\npPandoWebInst.dll
[2009/06/19 01:58:10 | 000,221,184 | ---- | M] (CNN) --
C:\Program Files (x86)\Mozilla
Firefox\plugins\NPTURNMED.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program
Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll


Report •

#17
April 21, 2010 at 23:31:03
O1 HOSTS File: ([2010/02/06 18:31:30 | 000,000,761 | ---- |
M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-
6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files
(x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files
(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
(Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-
A66E-4E65E497C8C0} - C:\Program Files
(x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-
90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files
(x86)\Common Files\microsoft shared\Windows
Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-
4686-AA43-5347D756017C} - C:\Program Files
(x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-
61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
(AOL Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-
BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital
Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-
Packard Co.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-
a03c-9aaccbd14326} - C:\Program Files (x86)\AIM
Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-
B3CA-4199-B1A6-9F516DD69829} - C:\Program Files
(x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) -
{61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program
Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) -
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program
Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds]
C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files
(x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel
Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray]
C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [lxdnamon] C:\Program Files
(x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [lxdnmon.exe] C:\Program
Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence]
C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program
Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe (Microsoft
Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device
Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft
Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader
8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files
(x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program
Files (x86)\Hewlett-Packard\HP Health
Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files
(x86)\Microsoft Windows OneCare Live\winssnotify.exe
(Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files
(x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems,
Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files
(x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
(CyberLink Corp.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe
(AOL Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files
(x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft
Corporation)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files
(x86)\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files
(x86)\Pando Networks\Media Booster\PMB.exe ()
O6 -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\polici
es\Explorer: NoActiveDesktop = 1
O6 -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\polici
es\Explorer: NoActiveDesktopChanges = 1
O7 -
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\polici
es\Explorer: NoDriveTypeAutoRun = 149
O8:[b]64bit:[/b] - Extra context menu item: E&xport to
Microsoft Excel - C:\Program Files (x86)\Microsoft
Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Send image to
&Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Send page to
&Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel -
C:\Program Files (x86)\Microsoft
Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth
Device... - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth
Device... - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra Button: @btrez.dll,-4015 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @btrez.dll,-12650 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-
8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft
Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program
Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft
Corporation)
O9 - Extra Button:
@C:\Windows\WindowsMobile\INetRepl.dll,-222 -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\Windows\WindowsMobile\INetRepl.dll (Microsoft
Corporation)
O9 - Extra 'Tools' menuitem :
@C:\Windows\WindowsMobile\INetRepl.dll,-223 -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Windows\WindowsMobile\INetRepl.dll (Microsoft
Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-
46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-
8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital
Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-
Packard Co.)
O10:[b]64bit:[/b] -
NameSpace_Catalog5\Catalog_Entries\000000000005 [] -
C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005
[] - C:\Windows\SysWOW64\wshbth.dll (Microsoft
Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local
intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/ji...
i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/ji...
i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/ji...
i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/ji...
i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-
ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji...
1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/get...
(Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001
{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error:
Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-
A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File
not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001
{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error:
Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-
A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File
not found
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-
63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files
(x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-
4009-854F-8E305202313F} - Reg Error: Key error. File not
found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value
found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001
{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error:
Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb
{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error:
Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-
11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not
found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-
11D3-8789-0000F8105754} - Reg Error: Key error. File not
found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-
4009-854F-8E305202313F} - Reg Error: Key error. File not
found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap {3D9F03FA-
7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File
not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-
5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File
not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-
9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File
not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-
1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File
not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-
11d1-9C6B-0000F875AC61} - C:\Program Files
(x86)\Common Files\System\Ole DB\MSDAIPP.DLL
(Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-
9C6B-0000F875AC61} - C:\Program Files (x86)\Common
Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-
11d1-9C6B-0000F875AC61} - C:\Program Files
(x86)\Common Files\System\Ole DB\MSDAIPP.DLL
(Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-
9C6B-0000F875AC61} - C:\Program Files (x86)\Common
Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-
A4D1-FBDDE494F8D1} - C:\Program Files
(x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-
8E305202313F} - C:\Program Files (x86)\Windows
Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft
Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-
A96B-11d1-9C6B-0000F875AC61} - C:\Program Files
(x86)\Common Files\System\Ole DB\MSDAIPP.DLL
(Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-
11d1-9C6B-0000F875AC61} - C:\Program Files
(x86)\Common Files\System\Ole DB\MSDAIPP.DLL
(Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-
8E305202313F} - C:\Program Files (x86)\Windows
Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft
Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-
BE81-0050048385D1} - C:\Program Files (x86)\Common
Files\microsoft shared\Web Components\10\OWC10.DLL
(Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-
9458-1830C7DD7F5D} - C:\Program Files (x86)\Common
Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-
9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows
Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (avgrssta.dll) -
C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ,
s.r.o.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) -
C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -
C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg
Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel
Corporation)
O24 - Desktop WallPaper:
C:\Windows\Web\Wallpaper\img1.jpg
O24 - Desktop BackupWallPaper:
C:\Windows\Web\Wallpaper\img1.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05247804-fbfc-11dd-95c9-
0021863b59c3}\Shell\AutoRun\command - "" = ur0.com
O33 - MountPoints2\{05247804-fbfc-11dd-95c9-
0021863b59c3}\Shell\open\Command - "" = ur0.com
O33 - MountPoints2\{05247809-fbfc-11dd-95c9-
0021863b59c3}\Shell - "" = AutoRun
O33 - MountPoints2\{05247809-fbfc-11dd-95c9-
0021863b59c3}\Shell\AutoRun\command - "" =
G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9bb0283f-1bb0-11de-b786-
0021863b59c3}\Shell\AutoRun\command - "" = F:\Install
FreeAgent Tools.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not
found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias
[2009/09/18 04:37:17 | 000,000,000 | ---D | M]
NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll
(Microsoft Corporation)
NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll
(Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2009/09/18
04:37:21 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft
Corporation)
OTL cannot create restorepoints on Vista OSs!

[color=#E56717]========== Files/Folders - Created Within
30 Days ==========[/color]

[2010/04/20 16:15:02 | 000,000,000 | ---D | C] --
C:\ProgramData\Hitman Pro
[2010/04/20 16:14:59 | 000,000,000 | ---D | C] -- C:\Program
Files\Hitman Pro 3.5
[2010/04/20 14:45:57 | 004,697,992 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/20 14:44:56 | 000,602,624 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/20 14:44:56 | 000,430,080 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/20 14:44:41 | 000,218,624 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/20 14:44:41 | 000,172,032 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/20 14:44:37 | 000,104,960 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/20 14:44:37 | 000,098,304 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/20 14:44:13 | 000,220,672 | ---- | C] (Fraunhofer
Institut Integrierte Schaltungen IIS) --
C:\Windows\SysWow64\l3codecp.acm
[2010/04/20 14:44:13 | 000,181,760 | ---- | C] (Fraunhofer
Institut Integrierte Schaltungen IIS) --
C:\Windows\SysNative\l3codecp.acm
[2010/04/20 14:44:13 | 000,072,192 | ---- | C] (Fraunhofer
Institut Integrierte Schaltungen IIS) --
C:\Windows\SysNative\l3codeca.acm
[2010/04/20 14:44:13 | 000,062,464 | ---- | C] (Fraunhofer
Institut Integrierte Schaltungen IIS) --
C:\Windows\SysWow64\l3codeca.acm
[2010/04/19 21:22:19 | 000,000,000 | ---D | C] --
C:\Users\Garris\AppData\Roaming\Malwarebytes
[2010/04/19 21:22:07 | 000,000,000 | ---D | C] --
C:\ProgramData\Malwarebytes
[2010/04/19 21:22:06 | 000,024,664 | ---- | C] (Malwarebytes
Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/19 18:09:00 | 000,000,000 | ---D | C] --
C:\Users\Garris\StarCraft II Beta enUS 13891 Installer
[2010/04/19 09:17:16 | 000,000,000 | -H-D | C] --
C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-
F30C1B031AC6}
[2010/04/19 09:16:43 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Lavasoft
[2010/04/19 08:26:39 | 000,000,000 | ---D | C] --
C:\Users\Garris\Documents\RegRun2
[2010/04/19 08:26:12 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\UnHackMe
[2010/04/17 05:26:56 | 000,000,000 | ---D | C] --
C:\ProgramData\DivX
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] --
C:\Users\Garris\Documents\StarCraft II Beta
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\StarCraft II Beta
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] --
C:\Users\Garris\AppData\Local\Blizzard Entertainment
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] --
C:\ProgramData\Blizzard Entertainment
[2010/04/15 00:42:15 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Common Files\Blizzard Entertainment
[2010/04/15 00:39:51 | 000,000,000 | ---D | C] --
C:\ProgramData\Blizzard
[2010/04/14 21:34:00 | 000,000,000 | ---D | C] --
C:\Users\Garris\Desktop\StarCraft II Beta enUS 13891
Installer
[2010/04/13 16:24:01 | 000,000,000 | ---D | C] --
C:\Users\Garris\Desktop\Incomplete
[2010/04/06 12:56:04 | 000,000,000 | ---D | C] --
C:\Users\Garris\AppData\Local\AIM Toolbar
[2010/04/02 21:58:25 | 001,032,192 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/04/02 21:58:22 | 000,834,048 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/04/02 21:58:18 | 000,758,272 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/04/02 21:58:15 | 000,477,184 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/04/02 21:58:15 | 000,249,856 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/04/02 21:58:15 | 000,180,736 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/04/02 21:58:13 | 000,193,024 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/04/02 21:58:12 | 000,086,528 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010/04/02 21:58:12 | 000,078,336 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010/04/02 21:58:08 | 000,422,400 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/04/02 21:58:07 | 000,380,928 | ---- | C] (Microsoft
Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/03/31 21:37:22 | 000,000,000 | ---D | C] --
C:\Users\Garris\Desktop\syllabus
[2010/03/31 05:09:36 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Common Files\Skype
[2010/03/29 01:05:59 | 000,000,000 | ---D | C] --
C:\ProgramData\AIM Toolbar
[2010/03/29 01:05:59 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\AIM Toolbar
[2010/03/29 01:05:54 | 000,000,000 | ---D | C] -- C:\Program
Files (x86)\Common Files\Software Update Utility
[2009/01/31 18:59:47 | 000,364,544 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdninpa.dll
[2009/01/31 18:59:47 | 000,339,968 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdniesc.dll
[2009/01/31 18:59:45 | 000,647,168 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdnpmui.dll
[2009/01/31 18:59:44 | 001,101,824 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdnserv.dll
[2009/01/31 18:59:44 | 000,843,776 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdnusb1.dll
[2009/01/31 18:59:43 | 000,851,968 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdncomc.dll
[2009/01/31 18:59:43 | 000,663,552 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdnhbn3.dll
[2009/01/31 18:59:43 | 000,569,344 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdnlmpm.dll
[2009/01/31 18:59:43 | 000,376,832 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdncomm.dll
[2009/01/31 18:59:43 | 000,053,248 | ---- | C] ( ) --
C:\Windows\SysWow64\lxdnprox.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Garris\Desktop\*.tmp files ->
C:\Users\Garris\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30
Days ==========[/color]

Report •

#18
April 21, 2010 at 23:31:16


[2010/04/21 23:15:34 | 007,340,032 | -HS- | M] () --
C:\Users\Garris\ntuser.dat
[2010/04/21 23:04:03 | 000,003,344 | -H-- | M] () --
C:\Windows\SysNative\7B296FB0-376B-497e-B012-
9C450E1B7327-2P-1.C7483456-A289-439d-8115-
601632D005A0
[2010/04/21 23:04:02 | 000,003,344 | -H-- | M] () --
C:\Windows\SysNative\7B296FB0-376B-497e-B012-
9C450E1B7327-2P-0.C7483456-A289-439d-8115-
601632D005A0
[2010/04/21 21:05:34 | 000,000,355 | ---- | M] () --
C:\Users\Public\Documents\hpqp.ini
[2010/04/21 21:04:04 | 000,000,006 | -H-- | M] () --
C:\Windows\tasks\SA.DAT
[2010/04/21 21:03:57 | 000,067,584 | --S- | M] () --
C:\Windows\bootstat.dat
[2010/04/21 21:03:41 | 4222,832,640 | -HS- | M] () --
C:\hiberfil.sys
[2010/04/21 17:51:59 | 000,007,460 | ---- | M] () --
C:\Windows\bthservsdp.dat
[2010/04/21 17:51:48 | 000,524,288 | -HS- | M] () --
C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-
0021863b59c3}.TMContainer00000000000000000001.regtrans
-ms
[2010/04/21 17:51:48 | 000,065,536 | -HS- | M] () --
C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-
0021863b59c3}.TM.blf
[2010/04/21 17:51:35 | 002,577,127 | -H-- | M] () --
C:\Users\Garris\AppData\Local\IconCache.db
[2010/04/21 17:15:12 | 059,117,484 | ---- | M] () --
C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/04/21 13:48:19 | 000,000,937 | ---- | M] () --
C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010/04/21 01:36:45 | 000,002,047 | ---- | M] () --
C:\Users\Garris\Desktop\Google Chrome.lnk
[2010/04/20 16:47:34 | 000,029,184 | ---- | M] () --
C:\Users\Garris\Desktop\plans!.doc
[2010/04/20 16:34:50 | 000,019,016 | ---- | M] () --
C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/04/20 03:04:11 | 005,463,684 | ---- | M] () --
C:\Users\Garris\Desktop\juicebox.mp3
[2010/04/20 01:19:59 | 000,524,288 | -HS- | M] () --
C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-
0021863b59c3}.TMContainer00000000000000000002.regtrans
-ms
[2010/04/19 18:11:11 | 000,078,926 | ---- | M] () --
C:\Users\Garris\Desktop\Photo 26.jpg
[2010/04/19 18:00:22 | 000,142,408 | ---- | M] () --
C:\Users\Garris\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/19 17:57:21 | 000,580,293 | ---- | M] () --
C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/04/19 17:39:05 | 000,524,288 | -HS- | M] () --
C:\Users\Garris\ntuser.dat{3bee1bc8-a43a-11de-bf70-
0021863b59c3}.TMContainer00000000000000000001.regtrans
-ms
[2010/04/19 17:39:05 | 000,065,536 | -HS- | M] () --
C:\Users\Garris\ntuser.dat{3bee1bc8-a43a-11de-bf70-
0021863b59c3}.TM.blf
[2010/04/18 22:01:50 | 000,450,560 | ---- | M] () --
C:\Users\Garris\Documents\Database3.accdb
[2010/04/16 16:47:59 | 001,679,360 | ---- | M] () --
C:\Users\Garris\Documents\Inventory.accdb
[2010/04/16 03:26:00 | 453,741,929 | ---- | M] () --
C:\Users\Garris\Documents\Untitled.wma
[2010/04/14 21:28:43 | 000,012,521 | ---- | M] () --
C:\Users\Garris\Desktop\groupwork - tables.docx
[2010/04/14 02:12:53 | 000,066,032 | ---- | M] () --
C:\Users\Garris\Desktop\groupwork - tables (1).docx
[2010/04/14 01:36:09 | 000,011,654 | ---- | M] () --
C:\Users\Garris\Desktop\Term Project Timeline.docx
[2010/04/14 01:35:58 | 000,010,110 | ---- | M] () --
C:\Users\Garris\Desktop\Course Offering Data Table.docx
[2010/04/13 22:07:33 | 000,040,063 | ---- | M] () --
C:\Users\Garris\Documents\marketstar visits.docx
[2010/04/13 12:49:48 | 000,010,092 | ---- | M] () --
C:\Users\Garris\Desktop\Assignment%202.pdf
[2010/04/12 22:21:58 | 000,494,120 | ---- | M] () --
C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/12 22:02:16 | 000,000,165 | -H-- | M] () --
C:\Users\Garris\Desktop\~$SoBA Ambassador Contact
Information Spring 2010.xlsx
[2010/04/12 19:14:52 | 000,694,964 | ---- | M] () --
C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/12 19:14:52 | 000,598,588 | ---- | M] () --
C:\Windows\SysNative\perfh009.dat
[2010/04/12 19:14:52 | 000,102,194 | ---- | M] () --
C:\Windows\SysNative\perfc009.dat
[2010/04/12 17:44:26 | 027,430,638 | ---- | M] () --
C:\Users\Garris\Desktop\20100408200000.wav
[2010/04/12 17:21:19 | 000,012,624 | ---- | M] () --
C:\Users\Garris\Desktop\SoBA Ambassador Contact
Information Spring 2010.xlsx
[2010/04/12 14:50:49 | 001,507,328 | ---- | M] () --
C:\Users\Garris\Documents\Contacts.accdb
[2010/04/12 14:38:24 | 000,442,368 | ---- | M] () --
C:\Users\Garris\Documents\Database2.accdb
[2010/04/12 14:33:57 | 000,462,848 | ---- | M] () --
C:\Users\Garris\Documents\Database1.accdb
[2010/04/12 14:18:47 | 001,572,864 | ---- | M] () --
C:\Users\Garris\Documents\Projects.accdb
[2010/04/08 09:39:19 | 000,011,639 | ---- | M] () --
C:\Users\Garris\Desktop\Session 2.xlsx
[2010/04/08 09:29:16 | 000,011,578 | ---- | M] () --
C:\Users\Garris\Documents\Session 1.xlsx
[2010/04/07 06:39:39 | 000,121,344 | ---- | M] () --
C:\Users\Garris\AppData\Local\DCBC2A71-70D8-4DAN-
EHR8-E0D61DEA3FDF.ini
[2010/04/06 17:37:01 | 000,013,253 | ---- | M] () --
C:\Users\Garris\Desktop\Garris Yeung.docx
[2010/04/06 16:24:26 | 000,000,162 | -H-- | M] () --
C:\Users\Garris\Desktop\~$rris Yeung.docx
[2010/04/06 02:28:00 | 000,015,713 | ---- | M] () --
C:\Users\Garris\Desktop\store visits 4-11.docx
[2010/03/31 10:44:24 | 000,011,359 | ---- | M] () --
C:\Users\Garris\Documents\introduction.docx
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes
Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/29 01:06:31 | 000,001,089 | -H-- | M] () -- C:\IPH.PH
[2010/03/29 00:42:22 | 603,553,016 | ---- | M] () --
C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Garris\Desktop\*.tmp files ->
C:\Users\Garris\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files Created - No Company
Name ==========[/color]

[2010/04/21 13:40:03 | 000,000,937 | ---- | C] () --
C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010/04/20 16:15:23 | 000,019,016 | ---- | C] () --
C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/04/19 18:16:57 | 000,078,926 | ---- | C] () --
C:\Users\Garris\Desktop\Photo 26.jpg
[2010/04/19 17:50:48 | 000,524,288 | -HS- | C] () --
C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-
0021863b59c3}.TMContainer00000000000000000002.regtrans
-ms
[2010/04/19 17:50:48 | 000,524,288 | -HS- | C] () --
C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-
0021863b59c3}.TMContainer00000000000000000001.regtrans
-ms
[2010/04/19 17:50:48 | 000,065,536 | -HS- | C] () --
C:\Users\Garris\ntuser.dat{d4d91a5d-4c12-11df-add4-
0021863b59c3}.TM.blf
[2010/04/19 00:54:27 | 005,463,684 | ---- | C] () --
C:\Users\Garris\Desktop\juicebox.mp3
[2010/04/18 21:40:56 | 000,450,560 | ---- | C] () --
C:\Users\Garris\Documents\Database3.accdb
[2010/04/16 15:24:01 | 001,679,360 | ---- | C] () --
C:\Users\Garris\Documents\Inventory.accdb
[2010/04/16 03:25:59 | 453,741,929 | ---- | C] () --
C:\Users\Garris\Documents\Untitled.wma
[2010/04/14 02:12:49 | 000,066,032 | ---- | C] () --
C:\Users\Garris\Desktop\groupwork - tables (1).docx
[2010/04/14 02:12:44 | 000,012,521 | ---- | C] () --
C:\Users\Garris\Desktop\groupwork - tables.docx
[2010/04/14 01:36:09 | 000,011,654 | ---- | C] () --
C:\Users\Garris\Desktop\Term Project Timeline.docx
[2010/04/14 01:35:58 | 000,010,110 | ---- | C] () --
C:\Users\Garris\Desktop\Course Offering Data Table.docx
[2010/04/13 22:07:32 | 000,040,063 | ---- | C] () --
C:\Users\Garris\Documents\marketstar visits.docx
[2010/04/13 12:49:48 | 000,010,092 | ---- | C] () --
C:\Users\Garris\Desktop\Assignment%202.pdf
[2010/04/12 22:02:16 | 000,000,165 | -H-- | C] () --
C:\Users\Garris\Desktop\~$SoBA Ambassador Contact
Information Spring 2010.xlsx
[2010/04/12 17:40:30 | 027,430,638 | ---- | C] () --
C:\Users\Garris\Desktop\20100408200000.wav
[2010/04/12 17:21:18 | 000,012,624 | ---- | C] () --
C:\Users\Garris\Desktop\SoBA Ambassador Contact
Information Spring 2010.xlsx
[2010/04/12 14:48:46 | 001,507,328 | ---- | C] () --
C:\Users\Garris\Documents\Contacts.accdb
[2010/04/12 14:35:21 | 000,442,368 | ---- | C] () --
C:\Users\Garris\Documents\Database2.accdb
[2010/04/12 14:18:47 | 000,462,848 | ---- | C] () --
C:\Users\Garris\Documents\Database1.accdb
[2010/04/12 14:18:19 | 001,572,864 | ---- | C] () --
C:\Users\Garris\Documents\Projects.accdb
[2010/04/08 09:39:19 | 000,011,639 | ---- | C] () --
C:\Users\Garris\Desktop\Session 2.xlsx
[2010/04/08 09:29:16 | 000,011,578 | ---- | C] () --
C:\Users\Garris\Documents\Session 1.xlsx
[2010/04/06 16:24:26 | 000,000,162 | -H-- | C] () --
C:\Users\Garris\Desktop\~$rris Yeung.docx
[2010/04/06 02:27:59 | 000,015,713 | ---- | C] () --
C:\Users\Garris\Desktop\store visits 4-11.docx
[2010/04/05 13:17:59 | 000,013,253 | ---- | C] () --
C:\Users\Garris\Desktop\Garris Yeung.docx
[2010/03/31 10:44:24 | 000,011,359 | ---- | C] () --
C:\Users\Garris\Documents\introduction.docx
[2009/11/16 21:14:41 | 000,000,135 | ---- | C] () --
C:\Windows\Mp3CutterJoiner.ini
[2009/10/10 19:34:18 | 000,368,640 | ---- | C] () --
C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/10 19:33:49 | 000,117,248 | ---- | C] () --
C:\Windows\SysWow64\EhStorAuthn.dll
[2009/06/28 19:03:47 | 000,709,336 | ---- | C] () --
C:\Windows\SysWow64\PerfStringBackup.INI
[2009/05/13 04:06:58 | 000,000,554 | ---- | C] () --
C:\Windows\SysWow64\language.ini
[2009/05/13 04:06:58 | 000,000,030 | ---- | C] () --
C:\Windows\SysWow64\satourne.ini
[2009/02/07 15:57:19 | 000,000,027 | ---- | C] () --
C:\Windows\option.ini
[2009/01/31 18:59:48 | 000,348,160 | ---- | C] () --
C:\Windows\SysWow64\LXDNinst.dll
[2009/01/31 18:59:48 | 000,335,872 | ---- | C] () --
C:\Windows\SysWow64\lxdncomx.dll
[2008/11/21 14:47:52 | 003,596,288 | ---- | C] () --
C:\Windows\SysWow64\qt-dx331.dll
[2008/11/21 14:45:16 | 000,000,416 | ---- | C] () --
C:\Windows\SysWow64\dtu100.dll.manifest
[2008/11/21 14:45:16 | 000,000,416 | ---- | C] () --
C:\Windows\SysWow64\dpl100.dll.manifest
[2008/11/21 14:44:16 | 000,012,288 | ---- | C] () --
C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/10/05 16:58:28 | 000,000,376 | ---- | C] () --
C:\Windows\ODBC.INI
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () --
C:\Windows\SysWow64\tcpmon.ini
[2007/11/20 17:02:39 | 000,782,336 | ---- | C] () --
C:\Windows\SysWow64\lxdndrs.dll
[2007/11/20 16:44:48 | 000,081,920 | ---- | C] () --
C:\Windows\SysWow64\lxdncaps.dll
[2007/10/02 15:51:09 | 000,069,632 | ---- | C] () --
C:\Windows\SysWow64\lxdncnv4.dll
[2005/12/08 00:19:22 | 000,061,440 | ---- | C] () --
C:\Windows\SysWow64\EGamesPlugin.dll
[2005/12/08 00:19:22 | 000,036,864 | ---- | C] () --
C:\Windows\SysWow64\EGameEncrypt.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () --
C:\Windows\SysWow64\OUTLPERF.INI
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () --
C:\Windows\SysWow64\unrar.dll

[color=#E56717]========== Custom Scans
==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2005/12/08 01:23:58 | 002,039,808 | ---- | M] () --
C:\OTwo.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft
Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7
--
C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_
6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft
Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7
--
C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_
6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft
Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC
--
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.
0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft
Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -
-
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.
0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft
Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193
-- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-
dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06d
e1c\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft
Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D
-- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft
Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D
-- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft
Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D
-- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-
dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96
ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2007/01/12 22:30:08 | 000,007,216 | ---- | M] ()
MD5=C2A279A458A06DE2C83D842AA042B5A8 --
C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel
Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97
-- C:\Program Files (x86)\Intel\Intel Matrix Storage
Manager\driver64\IaStor.sys
[2008/04/15 17:53:44 | 000,312,344 | ---- | M] (Intel
Corporation)
MD5=DB0CC620B27A928D968C1A1E9CD9CB87 --
C:\Program Files (x86)\Intel\Intel Matrix Storage
Manager\driver\IaStor.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2008/01/20 19:46:59 | 000,290,872 | ---- | M] (Intel
Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -
-
C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0
.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/01/20 19:51:03 | 000,716,800 | ---- | M] (Microsoft
Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5
-- C:\Windows\winsxs\amd64_microsoft-windows-security-
netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6
f057598d\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft
Corporation)
MD5=95DAECF0FB120A7B5DA679CC54E37DDE --
C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft
Corporation)
MD5=95DAECF0FB120A7B5DA679CC54E37DDE --
C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft
Corporation)
MD5=95DAECF0FB120A7B5DA679CC54E37DDE --
C:\Windows\winsxs\wow64_microsoft-windows-security-
netlogon_31bf3856ad364e35_6.0.6002.18005_none_66167625
21d9e6d4\netlogon.dll
[2009/04/11 00:11:16 | 000,717,312 | ---- | M] (Microsoft
Corporation) MD5=A3F1B171702CA04744EE514243B45BFB
-- C:\Windows\winsxs\amd64_microsoft-windows-security-
netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2
ed7924d9\netlogon.dll
[2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft
Corporation)
MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F --
C:\Windows\winsxs\wow64_microsoft-windows-security-
netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd19
24b81b88\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2008/01/20 19:46:54 | 000,054,328 | ---- | M] (NVIDIA
Corporation)
MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA --
C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.
6001.18000_none_95f95eab775c159d\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft
Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9
-- C:\Windows\winsxs\wow64_microsoft-windows-
s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_no
ne_9e812831c5d9a243\scecli.dll
[2008/01/20 19:49:49 | 000,235,520 | ---- | M] (Microsoft
Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7
-- C:\Windows\winsxs\amd64_microsoft-windows-
s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_no
ne_942c7ddf9178e048\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft
Corporation) MD5=8FC182167381E9915651267044105EE1 --
C:\Windows\SysWOW64\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft
Corporation) MD5=8FC182167381E9915651267044105EE1 --
C:\Windows\SysWOW64\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft
Corporation) MD5=8FC182167381E9915651267044105EE1 --
C:\Windows\winsxs\wow64_microsoft-windows-
s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_no
ne_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 00:11:23 | 000,235,520 | ---- | M] (Microsoft
Corporation)
MD5=9922ADB6DCA8F0F5EA038BEFF339C08B --
C:\Windows\winsxs\amd64_microsoft-windows-
s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_no
ne_9617f6eb8e9aab94\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#E56717]========== Alternate Data Streams
==========[/color]

@Alternate Data Stream - 64 bytes ->
C:\Users\Garris\Desktop\Ab Ripper X.avi:TOC.WMV
< End of report >

Report •

#19
April 22, 2010 at 16:34:48
Not much in the log.

Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.


Report •


Ask Question