Jump to content

Need help to clean infection


Elliek

Recommended Posts

Hello.

Like many I have read on this forum, my computer is infected with malware. It is redirecting web pages and although I am running a full service scan for Windows and it has found and supposedly cleaned the issues at least twice, this is clearly not the case. Anvir detects the issues and is the way I am able to close the windows that pop up.

There is an Acronis Toolbar Helper showing in Anvir that I canot delete. I do actualy have Acronis Home installed, but I suspect this is nothing to do with that.

Can someone please help me to clear this?

I am runing Vista 64 bit on a laptop. I am no a network but the only other computer on it does not seem to be infected. Should I shut it off?

Does my NAS risk being infected?

I hope that you can help me and as soon as possible.

Many thanks

Link to post
Share on other sites

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine.

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

First post of 2:

Thanks for the help. I really appreciate it. While I was waiting I had some help from a Microsoft Assistant. (One of the symptoms of this is the window that opens up that says that it is icrosoft security essentials that has found an issue). Apart from cleaning up some temp files etc., she had me run a Viprerescu. This found some issues (58) but cleaned only 18 or so. I rebooted as instructed. Still infected.

First file results OTL logfile:

OTL logfile created on: 05/09/2010 7:18:55 AM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve & Ellie\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

18.00 Gb Paging File | 16.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 77.68 Gb Free Space | 52.12% Space Free | Partition Type: NTFS

Drive D: | 139.28 Gb Total Space | 79.77 Gb Free Space | 57.27% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive T: | 2746.27 Gb Total Space | 1063.84 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive V: | 2746.27 Gb Total Space | 1063.84 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive W: | 37.27 Gb Total Space | 12.61 Gb Free Space | 33.84% Space Free | Partition Type: NTFS

Drive X: | 2746.27 Gb Total Space | 1063.84 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive Y: | 2746.27 Gb Total Space | 1063.84 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive Z: | 698.65 Gb Total Space | 234.08 Gb Free Space | 33.50% Space Free | Partition Type: NTFS

Computer Name: OSCAR

Current User Name: Steve & Ellie

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/05 07:17:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

PRC - [2010/09/04 17:36:25 | 000,193,024 | ---- | M] (OpenSC Project) -- C:\Windows\Qpexaa.exe

PRC - [2010/08/12 07:05:59 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\Proshow Producer Beta\scsiaccess.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009/12/17 13:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe

PRC - [2009/04/11 03:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe

PRC - [2008/06/17 22:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008/04/10 12:12:40 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2008/01/23 15:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2008/01/03 18:28:08 | 000,458,752 | R--- | M] (PalmSource, Inc) -- C:\Program Files (x86)\Palm\AlarmApp_PSI.exe

PRC - [2007/12/11 16:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe

PRC - [2007/12/04 10:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe

PRC - [2007/11/28 17:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe

PRC - [2007/11/28 15:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\Atouch64.exe

PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe

PRC - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe

PRC - [2007/08/29 11:22:02 | 001,539,470 | ---- | M] () -- C:\Program Files (x86)\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe

PRC - [2007/08/20 05:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe

PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2007/02/07 05:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe

PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

PRC - [2006/11/02 12:03:35 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe

========== Modules (SafeList) ==========

MOD - [2010/09/05 07:17:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

MOD - [2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWOW64\winamnc.dll

MOD - [2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Users\Steve & Ellie\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll

MOD - [2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWOW64\APSHook.dll

MOD - [2009/04/11 03:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll

MOD - [2008/01/20 23:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2006/12/04 13:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\winbudump.exe -- (winbackupdumper-id198MDkJAW76h)

SRV:64bit: - [2010/01/29 18:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2010/01/07 16:43:48 | 005,876,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV:64bit: - [2009/04/11 04:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)

SRV:64bit: - [2009/04/11 04:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)

SRV:64bit: - [2008/12/09 17:20:48 | 001,824,536 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV:64bit: - [2008/10/24 07:44:59 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2008/07/24 15:22:40 | 000,118,272 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)

SRV:64bit: - [2008/03/18 01:26:56 | 000,015,872 | ---- | M] (Agere Systems) [On_Demand | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2008/01/20 23:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008/01/20 23:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV:64bit: - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2010/08/12 07:05:59 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\Proshow Producer Beta\scsiaccess.exe -- (ScsiAccess)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/04/28 14:21:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/17 13:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2008/11/04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

SRV - [2008/09/20 18:03:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/10/30 20:07:46 | 000,599,320 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007/08/29 11:22:02 | 001,539,470 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe -- (PDHelper.exe)

SRV - [2007/02/07 05:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)

SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

SRV - [2006/06/21 22:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/03/04 13:50:18 | 000,321,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2010/01/26 03:46:44 | 000,066,592 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)

DRV:64bit: - [2009/11/10 08:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/11/10 08:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/09/30 21:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/09/21 19:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2009/09/05 15:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)

DRV:64bit: - [2009/08/21 21:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/11 02:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/04/11 01:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)

DRV:64bit: - [2008/09/16 08:38:14 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)

DRV:64bit: - [2008/09/16 08:38:14 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)

DRV:64bit: - [2008/09/16 08:38:12 | 000,229,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)

DRV:64bit: - [2008/09/16 08:38:10 | 000,593,440 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)

DRV:64bit: - [2008/06/03 18:41:50 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2008/05/29 10:21:00 | 000,016,440 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)

DRV:64bit: - [2008/05/07 06:40:38 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/03/21 01:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/03/16 21:42:30 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2008/03/16 21:42:28 | 000,121,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2008/03/16 21:42:26 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2008/02/15 18:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2008/01/28 23:46:58 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2008/01/20 23:46:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)

DRV:64bit: - [2008/01/20 23:46:02 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV:64bit: - [2007/11/16 02:09:50 | 000,317,488 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2007/10/15 04:40:50 | 000,284,416 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etFilter64.sys -- (FiltUSBET)

DRV:64bit: - [2007/09/06 15:52:52 | 000,009,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etScan64.sys -- (ScanUSBET)

DRV:64bit: - [2007/09/06 05:44:40 | 000,530,944 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etDevice64.sys -- (DCamUSBET)

DRV:64bit: - [2007/08/09 13:27:00 | 000,041,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)

DRV:64bit: - [2007/08/09 13:27:00 | 000,041,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIM)

DRV:64bit: - [2007/08/03 01:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2007/07/26 09:28:54 | 000,055,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srs_sscfilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)

DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

DRV:64bit: - [2007/06/16 21:28:16 | 000,217,352 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV:64bit: - [2007/02/16 15:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2006/10/27 10:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)

DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2008/12/05 08:00:04 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3216189027-3680855661-446482604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-3216189027-3680855661-446482604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onecare.live.com/site/en-us/center/howsafe.htm

IE - HKU\S-1-5-21-3216189027-3680855661-446482604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3216189027-3680855661-446482604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.6

FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.55

FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.8.3

FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19

FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.1

FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.6

FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/25 07:37:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/20 06:53:47 | 000,000,000 | ---D | M]

[2008/09/16 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Extensions

[2010/09/04 18:31:49 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions

[2010/04/02 07:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}

[2010/08/03 07:10:04 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

[2009/12/12 21:07:13 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}

[2009/06/23 16:30:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/06/02 18:09:50 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\DeviceDetection@logitech.com

[2010/08/12 06:37:59 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\en-CA@dictionaries.addons.mozilla.org

[2008/11/05 21:11:39 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/04/09 06:24:17 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\exif_viewer@mozilla.doslash.org

[2010/08/26 07:07:57 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\twitternotifier@naan.net

[2010/09/04 18:31:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2009/01/02 10:29:49 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: ([2006/09/18 18:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (ASUS Security Protect Manager) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-3216189027-3680855661-446482604-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-3216189027-3680855661-446482604-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-3216189027-3680855661-446482604-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acronis Toolbar Helper] File not found

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3216189027-3680855661-446482604-1000..\Run: [AnVir Task Manager] C:\Program Files (x86)\AnVir Task Manager\AnVir.exe (AnVir Software)

O4 - HKU\S-1-5-21-3216189027-3680855661-446482604-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

O4 - HKU\S-1-5-21-3216189027-3680855661-446482604-1000..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3216189027-3680855661-446482604-1000..\Run: [second Copy] C:\Program Files (x86)\SecCopy\SecCopy.exe (Centered Systems)

O4 - Startup: C:\Users\Steve & Ellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alarm Manager.LNK = C:\Program Files (x86)\Palm\AlarmApp_PSI.exe (PalmSource, Inc)

O4 - Startup: C:\Users\Steve & Ellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Users\Steve & Ellie\AppData\Roaming\7AC030EA297C16500581C5161ADF316C\mediafix70700en02.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.177.2.130 142.166.145.137

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (APSHook64.dll) - C:\Windows\SysNative\APSHook64.dll (Cognizance Corporation)

O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\SysWow64\APSHook.dll ()

O20 - AppInit_DLLs: (C:\Windows\system32\winamnc.dll) - C:\Windows\SysWOW64\winamnc.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-3216189027-3680855661-446482604-1000 Winlogon: Shell - (C:\Users\Steve & Ellie\AppData\Roaming\antispy.exe) - C:\Users\Steve & Ellie\AppData\Roaming\antispy.exe ()

O22 - SharedTaskScheduler: {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - hasf87hdfuidhfiudfhdiu - Reg Error: Key error. File not found

O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - Unable to obtain root file information for disk W:\

O33 - MountPoints2\{7e87d936-de66-11de-b1b3-002243a38580}\Shell\AutoRun\command - "" = J:\Windows\bin\eblSetup.exe -- File not found

O33 - MountPoints2\{adad394c-7db6-11de-846a-002243a38580}\Shell - "" = AutoRun

O33 - MountPoints2\{adad394c-7db6-11de-846a-002243a38580}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{adad395c-7db6-11de-846a-002243a38580}\Shell - "" = AutoRun

O33 - MountPoints2\{adad395c-7db6-11de-846a-002243a38580}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{c78b2674-9847-11dd-9407-002243a38580}\Shell - "" = AutoRun

O33 - MountPoints2\{c78b2674-9847-11dd-9407-002243a38580}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

O33 - MountPoints2\{fb00c976-835e-11dd-8fca-806e6f6e6963}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (autocheck SBBD.exe /d \Device\HarddiskVolume2\VIPRERESCUE\Definitions) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/05 07:17:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

[2010/09/04 23:00:02 | 000,093,872 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\drivers\SBREDrv.sys

[2010/09/04 23:00:02 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\sbbd.exe

[2010/09/04 22:59:52 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE

[2010/09/04 22:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist

[2010/09/04 21:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications

[2010/09/04 17:36:30 | 000,193,024 | ---- | C] (OpenSC Project) -- C:\Windows\Qpexaa.exe

[2010/09/04 17:36:16 | 000,140,288 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\pcre3.dll

[2010/09/04 17:36:16 | 000,000,000 | -HSD | C] -- C:\Users\Steve & Ellie\.COMMgr

[2010/09/04 17:36:16 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Local\Desktop Cleanup Wizard

[2010/09/04 17:36:04 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Local\Windows Server

[2010/09/04 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Roaming\7AC030EA297C16500581C5161ADF316C

[2010/08/30 09:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\ImageMagick-6.6.3-Q16

[2010/08/08 18:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/08/08 18:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/08/01 17:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/07/11 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\Desktop\Daniel Heikalo with Sarah Pound

[2010/07/02 14:38:50 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Roaming\NCH Software

[2010/06/24 07:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/06/18 13:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared

[2008/12/05 10:00:18 | 013,558,640 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp040917457

[2008/12/05 10:00:02 | 011,216,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp040917404

========== Files - Modified Within 90 Days ==========

[2010/09/05 07:20:13 | 008,912,896 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT

[2010/09/05 07:17:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

[2010/09/05 07:02:23 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/05 07:02:23 | 000,607,756 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/05 07:02:23 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/05 06:55:08 | 000,000,308 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2010/09/05 06:55:07 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2010/09/05 06:55:07 | 000,000,262 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010/09/05 06:55:06 | 000,137,931 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/09/05 06:55:06 | 000,137,931 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/09/05 06:55:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/05 06:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3216189027-3680855661-446482604-1000UA.job

[2010/09/05 06:54:50 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/05 06:54:50 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/05 06:54:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/05 06:54:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/05 06:53:48 | 000,001,647 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/09/05 06:53:35 | 000,524,288 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{29fcbcba-9f19-11df-9dcb-002243a38580}.TMContainer00000000000000000001.regtrans-ms

[2010/09/05 06:53:35 | 000,065,536 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{29fcbcba-9f19-11df-9dcb-002243a38580}.TM.blf

[2010/09/05 06:53:26 | 002,523,194 | -H-- | M] () -- C:\Users\Steve & Ellie\AppData\Local\IconCache.db

[2010/09/05 06:44:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/04 22:35:06 | 000,000,889 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[2010/09/04 17:55:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3216189027-3680855661-446482604-1000Core.job

[2010/09/04 17:37:32 | 000,698,880 | ---- | M] () -- C:\Users\Steve & Ellie\AppData\Roaming\antispy.exe

[2010/09/04 17:36:30 | 000,001,137 | ---- | M] () -- C:\Users\Steve & Ellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk

[2010/09/04 17:36:25 | 000,193,024 | ---- | M] (OpenSC Project) -- C:\Windows\Qpexaa.exe

[2010/09/04 17:36:16 | 000,140,288 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\pcre3.dll

[2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWow64\winamnc_backup.dll

[2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWow64\winamnc.dll

[2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWow64\APSHook.dll

[2010/09/04 16:22:22 | 000,019,968 | ---- | M] () -- C:\Users\Steve & Ellie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/04 13:03:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010/09/04 10:58:29 | 000,001,027 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\hasselblad_softar2_effect.zip

[2010/09/04 10:12:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2010/09/03 20:56:52 | 003,921,973 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\BMC_I9000M_UG_EN_07272010_D4[1].pdf

[2010/09/03 20:52:31 | 000,000,162 | -H-- | M] () -- C:\Users\Steve & Ellie\Desktop\~$C_I9000M_UG_EN_07272010_D4[1].doc

[2010/09/01 08:44:10 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.2 64-bit.lnk

[2010/08/30 20:00:00 | 000,000,574 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Steve & Ellie.job

[2010/08/30 09:25:16 | 000,000,000 | ---- | M] () -- C:\Users\Steve & Ellie\convert

[2010/08/27 08:37:36 | 000,130,048 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\Menu.doc

[2010/08/25 08:18:06 | 000,000,980 | ---- | M] () -- C:\Windows\ODBC.INI

[2010/08/12 07:06:20 | 000,002,052 | ---- | M] () -- C:\Users\Steve & Ellie\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Producer.lnk

[2010/08/12 06:31:38 | 003,216,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/03 21:24:58 | 000,524,288 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{29fcbcba-9f19-11df-9dcb-002243a38580}.TMContainer00000000000000000002.regtrans-ms

[2010/08/03 20:46:55 | 000,002,044 | ---- | M] () -- C:\Users\Steve & Ellie\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk

[2010/08/03 20:46:55 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk

[2010/08/02 22:17:20 | 000,524,288 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms

[2010/08/02 22:17:20 | 000,065,536 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf

[2010/07/24 18:51:52 | 000,081,674 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\32095_131681393510330_118883614790108_351913_1185902_n[1].jpg

[2010/07/20 19:31:28 | 000,002,447 | ---- | M] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk

[2010/07/11 14:56:21 | 001,940,480 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\CatchTheMoment2-.pps

[2010/07/02 18:46:19 | 000,036,352 | ---- | M] () -- C:\Users\Steve & Ellie\Documents\Getting Florette.doc

[2010/07/01 16:29:16 | 000,025,088 | ---- | M] () -- C:\Users\Steve & Ellie\Documents\General-France.doc

[2010/07/01 16:23:09 | 000,027,648 | ---- | M] () -- C:\Users\Steve & Ellie\Documents\Tous Compris.doc

[2010/07/01 16:19:08 | 000,025,088 | ---- | M] () -- C:\Users\Steve & Ellie\Documents\Chicken_P

Link to post
Share on other sites

2nd post on this:

Second file report: Extras Text

OTL Extras logfile created on: 05/09/2010 7:18:55 AM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve & Ellie\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free

18.00 Gb Paging File | 16.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 77.68 Gb Free Space | 52.12% Space Free | Partition Type: NTFS

Drive D: | 139.28 Gb Total Space | 79.77 Gb Free Space | 57.27% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive T: | 2746.27 Gb Total Space | 1063.84 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive V: | 2746.27 Gb Total Space | 1063.84 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive W: | 37.27 Gb Total Space | 12.61 Gb Free Space | 33.84% Space Free | Partition Type: NTFS

Drive X: | 2746.27 Gb Total Space | 1063.84 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive Y: | 2746.27 Gb Total Space | 1063.84 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive Z: | 698.65 Gb Total Space | 234.08 Gb Free Space | 33.50% Space Free | Partition Type: NTFS

Computer Name: OSCAR

Current User Name: Steve & Ellie

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3216189027-3680855661-446482604-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

"VistaSp2" = AC 13 7D 27 79 E0 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1DEBEF27-DCED-488C-A1A9-1266733E4BDE}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{2A6B7288-5C65-47C5-9B99-F4E5AADBF4A2}" = lport=445 | protocol=6 | dir=in | app=system |

"{323C8231-709D-4B33-B9F0-886131D23425}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{339EDD6E-F90C-45DF-82D5-1988E3A6DC7B}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |

"{5D86033E-3955-4404-92F2-388B94920858}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{615A5A81-E3AA-430B-8A2D-5B3F71E3174A}" = rport=139 | protocol=6 | dir=out | app=system |

"{748DCB99-9D19-492B-8CB2-D10A67448168}" = lport=137 | protocol=17 | dir=in | app=system |

"{89FEF543-E513-492F-8332-8E4690CE2166}" = rport=445 | protocol=6 | dir=out | app=system |

"{8F2E9A0E-DC6B-4109-93BD-C9E329BC611C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{910E8B85-3BC5-426F-A0FE-A41CF6745FBE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{93747446-483F-4971-AE0B-0FEAA09110B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{9413D231-19FA-4CE8-976D-D2FE0EDDC581}" = lport=139 | protocol=6 | dir=in | app=system |

"{BA49FBA7-985A-477C-B48F-168C4BB1E808}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{CA6BD356-C901-498F-B47B-0105A3070638}" = rport=138 | protocol=17 | dir=out | app=system |

"{DDB71FAC-581D-4AE8-B171-7F3F3FE089EE}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{DE7EBFAF-568E-41BA-A7FF-67DD290D448D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{E5A30DE5-7D70-41FA-ABF0-01F6761D765E}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |

"{E9263352-A41E-4DD3-A121-16CB404105AA}" = rport=137 | protocol=17 | dir=out | app=system |

"{E972018C-23F3-4CA9-805B-236F0D9C801E}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{038EDFA0-4097-4CDF-8108-BAF6CB4B1C24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{05A45FEC-E997-4E3A-B94D-00DFC636B3E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{05A4C979-D438-4578-B5D9-4C663C24F653}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{07B3DD6B-A6F0-4452-BB91-270EB810BCF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{07C9F9AA-F7D1-4637-8F60-742938A3FD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{09CB0D1E-9DE1-4527-AB21-EA7D28C91C69}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp laserjet m2727\fax config utility0.exe |

"{0A47CDA0-64C7-4772-84DC-2FD65DA8B24B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0DB0DF71-D4D8-43F5-AFB2-2070CCD76D13}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1028A351-525A-44FA-AF80-2D52143E3547}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{10619387-E259-4E27-91EC-B67F4173D06E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1082B052-0386-4667-BD1E-02016FBABD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{10F3505A-BE9C-44FF-9826-10AB5CDAB7A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{11D836A3-DD85-4327-A213-1AB6F883162B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{12043C94-6316-4879-A046-CFE2E11D1142}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{13B5E86E-48A6-48A0-BACB-AB42EB345F59}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{1428E7B6-F73A-4C9F-BF19-4EE432D1931E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{150049B5-5E0E-4475-893B-CC6C4159A9B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{159A4366-8A25-4869-BA1D-361F15D86271}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{17D55BC2-3518-42C1-B2F8-86AF17F4AFF0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{19CCC5E4-C1A7-4B6B-B83D-505BD95BE6C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1CB55783-0EEA-4329-B200-A30088BBAA41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1D8153D8-35FE-4734-95FB-10CC4675513E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1EEE4174-1333-48BA-BCE0-CC50C7DC5961}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{21191182-7C89-46FF-A773-867C57C10F83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{21C25B5D-F28A-44C2-9A63-9CF7C1925DCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{28FC7D39-A8EB-4F0E-8216-3D8633B54D48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{29BB1A45-5C91-48ED-A991-91E0E0B65C9F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{29D55D0C-46F4-44B2-A474-0D61BE6F6715}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2BF57361-22C5-4BE3-92DC-18CD36CEA2F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2BF59836-9282-47B6-A615-6FA5C6657C72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2D7DC047-E3BB-4B0D-8997-5413F0400BE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2DDF3882-E7DE-43AC-B8B5-736F4E8ECF56}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{30C2A652-4D4F-40E0-9E46-91EDC89965B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{30FD973B-F1C6-4F1D-9EC8-B26ACA97889C}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |

"{327830BC-1AD9-4449-956C-7F4196450B8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{328A388A-3147-43FA-B555-DD68948BE5F6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3468D212-BF79-42BA-AA38-965D77DD76D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{35050760-2B2E-48ED-B8CE-7CDFD7225E33}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{35E36B66-F003-499D-8F08-CE1A89406439}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{36249B8F-A4EC-4553-8F5F-EABA08FB8F21}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{37054DDC-7524-4D6E-8087-B22A15D18DBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{37553D58-90AE-4C28-B4B3-225703F57348}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{37699C59-6BF1-45AD-A6B3-5B26EF3C5E96}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3A592103-1D3A-46FA-B0E0-5C4263A47027}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3BD50C2A-FBBE-4365-BBB1-5383C13767D0}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{3CAD5492-BAA0-47A2-A9E2-B8E55F0B92EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3F966DCA-95FD-4BD3-AEB3-45AF87B38B7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{419B43E9-0D9E-4F2C-8F8A-547D59CB5877}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{41FE27D7-3496-4262-82C8-7AB4A8C66E67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{42791E92-E49E-41AD-8262-FA1538E6702D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{427B6F41-4EA7-4261-A2E7-283BE34059A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{42940400-F672-4290-8DBD-A6785A65B152}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{440D16C3-E5E0-4B6F-A40C-C8F39E7DFE2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{445FC015-E111-4034-B0D4-B8B283F940FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{44CF469F-1D5D-4878-83C4-ADE08AEB782D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{468CCFC0-D42A-475B-8102-072D7DE7C234}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{47C40A86-FD13-47A6-AFA5-8AA048BF5C23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{48894C1A-5F47-45AE-BCC7-AA9292F10055}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{49627344-C119-4C13-B61E-0DD0BBF012ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4A372251-1DB1-4A7E-8208-DD576979DCD4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{4D5BB5CC-FEE0-475E-BEAA-04E6AEBE7F91}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4D8B0A00-28DD-441C-A903-BFA411AC5475}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{50C1E9A6-004B-488A-972F-95C42AED50C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{50D011C3-C32C-48BD-9556-6CDB327ED096}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{50D9C371-85E4-443D-9695-5F1F9A27006B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{53B7BBD2-880A-4C57-94D9-AF54E9DE67B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{53EB400F-DB19-484A-94D3-1A32D7FE1ACE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{54159391-798F-4597-AC4D-6AF832A2C0B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{54220D39-6309-4B67-B0AD-124A1CA4D313}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{577BA84C-1C8A-4275-A061-9B95DA7A59BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{57D1F4AC-3057-417D-B66A-6059E1F806F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{590B053E-8253-4D23-B0FF-F827C1FCA161}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{5A0E21E5-5D6D-48BF-A277-43BD17FF882E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5B41532A-BC7B-40A6-8983-88C67B7C8B8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5C12FD61-F7F7-4AD6-B2AE-AF62AF96AE44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5DB9B173-FDEB-46DA-B5C7-9398F5AD52BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5EFA4CC6-D385-44F9-A243-812E29CBE5EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{621F5F6F-C3FF-4DB0-AE9B-AE014B316CF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{623DB61E-2512-4E8D-BB56-49DB744A28A8}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{6283FC7E-563A-4F49-90DA-4F9644DBCF7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{65CBB6DB-9478-4D37-921A-3049B7756A24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{67CD8A24-BBC6-4F9E-89B5-0AEC8507147A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6899875B-3577-4A9E-B1A9-AF06D9DE2B00}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{690AFD85-DDA3-44FF-92E7-EBE0293D22F7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6A25551C-4F35-4EBD-A04F-CA265B0179D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6A9A7846-1A51-4FCE-8A73-FEE76A630FB6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6D668F14-B0BC-4314-A213-74EAB7F389D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{706895B3-2F40-4481-B4C2-C205E1DBBDF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{719D5FA5-4EE4-4E0D-8AC3-E7678171096C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{73A6F039-3F82-4DBE-96CE-B5AF2AA0872B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{74E0864E-DBBF-4369-B9A3-FA4EC5473CDA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7718F0C9-E67B-4A68-B124-37A080C30817}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{78666C48-D567-4A08-B3AA-BEF6473CE302}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7C50FCD7-1380-4D8A-B192-596692513885}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp laserjet m2727\fax config utility0.exe |

"{7D1A97ED-FE65-499D-93E1-AC38BE863923}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{7DD0C16B-546D-4F38-B879-CD9860630016}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7FF24B9E-C36B-4993-8B9A-42E135498064}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8084512B-1A98-4EEA-94E7-D59321676F07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{82427235-0176-4EFB-B6A3-7E70566C95FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{83F672B7-92C6-4AA9-91C5-A5E8F957D3FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{848C1A76-FF3C-49ED-8B16-A28F525869F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{85227E51-0A82-48E8-AD77-4D8980D9F1FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{861BF5E8-63C4-4E15-AB13-617562FE9F92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8BBA01BD-4FB6-4231-A376-FE56DCD779D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8BDEAC28-EA90-454E-81ED-13740D5909E3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{8D7AAC2D-55F2-4CEF-81D5-BE097D09DB93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8D923EE1-C54B-48C8-84C1-554B55CDB00E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8F7C1327-0EC3-4E3D-9860-50591BBD280C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{90734006-B306-4D97-ABC4-0F072C1D3E08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9125C831-487A-417F-93C1-207983AAB3B3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{9169BE6F-619F-41A5-9BD9-003D4718D1B5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{91C36E62-8C76-42F4-A321-E466B9D61F38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9255207B-3A36-40BA-A928-310FA8649E3E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{95B13CC5-FDCD-446E-84D5-23D3CF8264B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{96013306-FFB4-4FCB-B1E2-5E8CAA48383E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{977C4492-D3CB-42C3-8FEE-9DBBE4AE7C6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{98E65B9D-DA6F-4422-A303-499F1CBCBD14}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{98F83E26-BB32-41F2-BD91-A2B644E79D67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{99E300EC-F416-495F-BE57-17B859AF8C4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9BF4E8B8-5C3C-43C6-A618-689B8CBB92A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9C0E0F36-1129-42F8-9482-53CE8F1A5B4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9E412E09-02F5-4CBE-9593-609025393CCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A2B95B63-9018-4602-84F1-07ED8CEE6749}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{A42B93F8-B599-44E1-81D3-A3C29DDFED7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A4E0FD0D-2447-47FB-B3FF-4CDA86713993}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A512592E-7E32-4433-8449-A217C0A68550}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A51F598E-CB0E-4936-9F9D-97D9CB6B0526}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A52AC9E0-8FCE-4CD9-88EE-EDA56E4C3D26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A7A7C7D1-F420-4F5A-83F9-5605865E3376}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{A7BA7EDE-36FE-4613-A515-CB9785D40603}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{ABB429FD-B94F-4D63-9079-0FA21AC797A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AD961DAE-89B0-46C4-90BE-5037D8577FE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B0D4FCDE-C5DA-4944-BF44-87E1378B7369}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B0E7E95D-A763-487A-AEA0-B3DECE9D7DF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B102C1D7-3D7F-481E-A8CD-B4C5551F452B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B1C6CF0A-737D-498D-9A96-28BA4F19D1A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B36C274E-75C6-464E-B0FE-FB73B076121F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B45D3CEB-1440-4CF2-9980-756283D684A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B5ABB95E-EA67-402B-A1C5-ACC595B72D93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B8B90340-37A8-4B9E-BA22-3E7060738CEA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B8E7D1FE-1085-40CB-85EB-8F1559CFBF52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B90FB74A-951D-4ACD-ABE9-7DA1C69AC4CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B936A712-C1CB-4956-B6B2-1A9CFFA80F8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BB246E56-4601-4F4A-B045-187E73BA20A8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |

"{BB609DE7-F2F6-4B83-AB42-1DFE431FC72F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BC81B59E-5037-46A5-B0C5-E51A02B6F954}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{BD237601-3825-4A35-8823-2283C96D81AC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C34CF822-5FD6-46B1-B9A1-7DFF8A71A018}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C4E6CFF8-B20C-4595-9161-2731ACE5A017}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C5032DE0-16AB-4948-B46D-CA6FBED5E4EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C570A6C4-B135-4AB8-AD02-C344B5F6A2FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C57A33E4-D5AA-4BAA-A411-6966889E981E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C8109EB5-9116-405E-AC2E-F35A1A79A2D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C8C22EA3-7079-4113-9D4F-E03C364D9713}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CA1B7197-014B-4028-8CBA-A9CB9964A2AE}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{CB0618BF-1953-4760-97BD-599DFCA3BF34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CCB3F434-D60C-457D-B4FE-4AE0FD13498C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CDAD5E6C-AB56-4770-9DA5-3565AC8394B4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CE552F1B-57CC-4033-996D-95D93B75E3CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CF8A156D-9A65-434B-82A9-EED3991B2CFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D4D9B2A6-DD44-4BED-9A89-05B64DE52410}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D6A32C36-12A2-4D4A-8E69-97BB0B9928FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D996D0FF-4330-487A-934B-FF219E9688A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DD37FDFA-6545-4DC0-A3FB-6C67B561B743}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DE7BB31C-0110-4754-820B-24964FBAA2ED}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{DEADDD1A-0ABB-4857-96A4-68BF75D80BEA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E006F45E-7237-498D-A2A2-AE9691C1F1F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E1104596-7887-46ED-A680-5486EBFAF2B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E1800DDB-5F79-4A97-B8E8-EBC5089FB06F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E25F538C-0FFF-475A-B22C-E6BFCC43C292}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E34A998C-6BE4-4958-A567-E177681ED55F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |

"{E443E96E-1EF0-43D4-BD42-0FFEC65C3FC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E621FAD1-CAC4-4BB0-9CC1-8EFB6E81607F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E6C92C32-1F0C-4875-8F7B-34626BF661C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EA282BAD-B533-4299-97E4-1E7B9D8082F8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |

"{EB676345-1759-4D05-ABC6-2A3346236004}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EE1C422C-BCCE-4A85-BF1C-BBCB1B85B206}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |

"{EE37D4A7-47FC-48A5-AABC-A678933CB90B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EE3AF521-56C2-4553-895A-DA0D59DBDF60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F01FE7D4-2040-4397-9C6F-BAE998E23953}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F25C9AFB-3F55-48E0-A929-DC37518FF3B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F453ACD0-3E7D-448F-932A-F9B25B2D0C45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F497950A-2EF6-42E4-95C9-BD2774D0E516}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F50D79EB-A9CD-47FB-9582-D45C6DC9C592}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F69C3EAC-3E70-495E-A467-8998B7AA4339}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |

"{F7A5E81F-D1E1-4130-A610-FBD4A037F5A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F96816B9-20F8-41A6-A5A7-62F396010A88}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FA26D616-D1E0-4975-B82B-EE4F9740E3DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FBDB9F3D-5784-420B-80B2-33AB681B376B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FD5CA33E-A88E-47BD-9392-6B72BA92D1A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FF7B6671-F2B9-4150-B4BE-CB0863FA5399}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"TCP Query User{184BCFDC-9899-4F37-BEEF-FCE994736505}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{9E96E5FE-9843-462D-BC10-C285BBDF04F8}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{D3391931-8E57-4474-8D2F-1C67AABC470B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{2A071C27-FFAF-4430-AB99-2791D3C794C1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{880501B7-15E4-48A5-87A0-478900281315}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"UDP Query User{E89F40C1-FB62-43E0-A04A-52A0D68DD160}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{13CA4073-A66B-4F07-9491-B933018E63D2}_is1" = Moyea SWF to Video Converter Pro version 3.6.2.1

"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme

"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center

"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)

"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support

"{3A915D43-FD4F-4e4f-BEF7-B75C160B0236}" = HP LaserJet M2727 MFP Series 5.0

"{4EF6A3C5-7B7A-453A-A887-7252A1A65596}" = WD Drive Manager (x64)

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D

"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{A94AABAE-52F0-48C4-9F94-A4CA4B423576}" = Adobe Photoshop Lightroom 3.2 64-bit

"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B85B1A3C-E404-44E5-A0E1-C4D0438A49C1}" = Adobe Photoshop Lightroom 2.5 64-bit

"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D14EAACC-979D-43CB-8829-F8A48EFCB744}" = Diskeeper 2008 Pro Premier

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{D4531EF7-C979-44B1-9AEA-69C9F8D89B54}" = ScreenDASH

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DFA35769-5103-476D-BA59-72F90FC286AA}" = FastPictureViewer (64-bit)

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F8776060-6929-480C-9CD0-AD4920C354EF}" = 64 Bit HP BiDi Channel Components Installer

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"ImageMagick 6.6.3 Q16_is1" = ImageMagick 6.6.3-9 Q16 (2010-09-01)

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

"SP6" = Logitech SetPoint 6.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Ultravnc2_is1" = UltraVNC 1.0.6.5

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{0143BC25-D431-44bf-85EA-082CA5EA851D}" = DSLR Remote Pro

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{10900ADA-A280-4fd4-ADC6-FC290B758283}" = BreezeBrowser Pro

"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{25B932C7-EB2B-422E-910D-504FB00DAE43}" = Reader Library by Sony

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 13

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2

"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{360EC8D3-AA2E-42B4-AC52-FFA9A1C1C1E9}" = hppLJM2727

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4A028F-A5B3-4248-AE75-EE62A80C1B9B}" = Adobe Audition Loopology Content

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3

"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{41B52574-B88C-4874-A63F-4BBFEC15ADC3}" = hpzTLBXFX

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{436C5CA6-8989-44E5-8685-873BFFDE51C5}" = hppFaxUtility

"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta

"{450D8966-293B-4801-B629-1F9984F8C690}" = hppTLBXFXM2727

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English

"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater

"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{5672A10E-1B21-4C2F-85D3-3542D0BC8246}" = hppscanM2727

"{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}" = OverDrive Media Console

"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A5D1A94-624A-4D20-B178-3A283B500370}" = Adobe Setup

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7288831E-1418-40E5-A70A-A55D0AA6657B}" = Simply Accounting by Sage 2006

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7348BB49-4C22-40F1-AF63-33D4C24A831A}" = hppFaxDrvM2727

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{8448D435-7543-411F-A0CC-7AA40D815E8F}" = Express Gate

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

"{88692886-BA60-4D18-BB76-F2488444B38C}" = hppSendFax

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003

"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup

"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0

"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran

Link to post
Share on other sites

Hi Ellie,

First of all, since you mention you have another computer on the same network, it would be good to disconnect this one as much from the internet as possible to avoid spreading malware.

Can you please run the following for me?

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

Here it is, Elise!

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Ultimate Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: ASUSTeK Computer Inc.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: ASUSTeK Computer Inc.

System Product Name: M50Vm

Logical Drives Mask: 0x03e8001c

Kernel Drivers (total 185):

0x02454000 \SystemRoot\system32\ntoskrnl.exe

0x0240E000 \SystemRoot\system32\hal.dll

0x0060A000 \SystemRoot\system32\kdcom.dll

0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x0064F000 \SystemRoot\system32\PSHED.dll

0x00663000 \SystemRoot\system32\CLFS.SYS

0x006C0000 \SystemRoot\system32\CI.dll

0x0080E000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008E8000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008F6000 \SystemRoot\system32\drivers\acpi.sys

0x0094C000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00955000 \SystemRoot\system32\drivers\msisadrv.sys

0x0095F000 \SystemRoot\system32\drivers\pci.sys

0x0098F000 \SystemRoot\System32\drivers\partmgr.sys

0x009A4000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x009A8000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x009B4000 \SystemRoot\system32\drivers\volmgr.sys

0x00772000 \SystemRoot\System32\drivers\volmgrx.sys

0x009C8000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A02000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x00B12000 \SystemRoot\system32\drivers\atapi.sys

0x00B1A000 \SystemRoot\system32\drivers\ataport.SYS

0x00B3E000 \SystemRoot\system32\drivers\msahci.sys

0x00B48000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x00B58000 \SystemRoot\system32\drivers\fltmgr.sys

0x00B9F000 \SystemRoot\system32\drivers\fileinfo.sys

0x00BB3000 \SystemRoot\system32\DRIVERS\lullaby.sys

0x00C07000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00E09000 \SystemRoot\system32\drivers\ndis.sys

0x00C8E000 \SystemRoot\system32\drivers\msrpc.sys

0x00CDE000 \SystemRoot\system32\drivers\NETIO.SYS

0x01003000 \SystemRoot\System32\drivers\tcpip.sys

0x01179000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x00D37000 \SystemRoot\system32\DRIVERS\timntr.sys

0x01205000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01385000 \SystemRoot\system32\drivers\volsnap.sys

0x0140C000 \SystemRoot\system32\DRIVERS\tdrpman.sys

0x014A0000 \SystemRoot\System32\Drivers\spldr.sys

0x014A8000 \SystemRoot\system32\DRIVERS\snapman.sys

0x014E1000 \SystemRoot\System32\Drivers\mup.sys

0x014F3000 \SystemRoot\System32\drivers\ecache.sys

0x0151F000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01548000 \SystemRoot\system32\drivers\disk.sys

0x0155C000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x01588000 \SystemRoot\system32\drivers\crcdisk.sys

0x02925000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02932000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x0293B000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x02A0D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0350A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x0350C000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x035EF000 \SystemRoot\System32\drivers\watchdog.sys

0x02A00000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x0294E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x02994000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03602000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x0380C000 \SystemRoot\system32\DRIVERS\athrx.sys

0x03971000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x039C2000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x039D4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x036EF000 \SystemRoot\system32\DRIVERS\sdbus.sys

0x039E4000 \SystemRoot\system32\DRIVERS\rimmpx64.sys

0x0370F000 \SystemRoot\system32\DRIVERS\rimspx64.sys

0x03726000 \SystemRoot\system32\DRIVERS\rixdpx64.sys

0x0377D000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x03800000 \SystemRoot\system32\DRIVERS\kbfiltr.sys

0x03793000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x037A1000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x03809000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x029A5000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x015A0000 \SystemRoot\system32\DRIVERS\itecir.sys

0x029B1000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x029CD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x039F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x037F5000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys

0x037FD000 \SystemRoot\system32\DRIVERS\wacomvhid.sys

0x029DA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x029EC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x029F4000 \SystemRoot\system32\DRIVERS\serscan.sys

0x01400000 \SystemRoot\system32\drivers\ksthunk.sys

0x013C9000 \SystemRoot\system32\drivers\ks.sys

0x011A5000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x03A0E000 \SystemRoot\system32\DRIVERS\storport.sys

0x03A6B000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03A78000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03A9B000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03AA7000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03AD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03AE8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03B06000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03B1E000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0x03BB8000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03BCB000 \SystemRoot\system32\DRIVERS\swenum.sys

0x03BCD000 \SystemRoot\system32\DRIVERS\circlass.sys

0x03BDE000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03BE9000 \SystemRoot\system32\DRIVERS\umbus.sys

0x03E04000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x03E4C000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x03E57000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys

0x03E5F000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05A03000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05BA4000 \SystemRoot\system32\drivers\portcls.sys

0x03E73000 \SystemRoot\system32\drivers\drmk.sys

0x03E96000 \SystemRoot\system32\DRIVERS\agrsm64.sys

0x05BDF000 \SystemRoot\system32\drivers\modem.sys

0x03FD2000 \SystemRoot\system32\drivers\nvhda64v.sys

0x05BEE000 \SystemRoot\system32\DRIVERS\hidir.sys

0x03FEA000 \SystemRoot\system32\drivers\MODEMCSA.sys

0x03A00000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x011DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x03FF7000 \SystemRoot\System32\Drivers\Null.SYS

0x011E8000 \SystemRoot\System32\drivers\vga.sys

0x00FCC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x011F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x00FF1000 \SystemRoot\system32\drivers\rdpencdd.sys

0x00DE7000 \SystemRoot\System32\Drivers\Msfs.SYS

0x00BBC000 \SystemRoot\System32\Drivers\Npfs.SYS

0x00E00000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x00BCD000 \SystemRoot\system32\DRIVERS\tdx.sys

0x009DB000 \SystemRoot\system32\DRIVERS\smb.sys

0x05803000 \SystemRoot\system32\drivers\afd.sys

0x0586E000 \SystemRoot\System32\DRIVERS\netbt.sys

0x058B2000 \SystemRoot\system32\DRIVERS\pacer.sys

0x058D0000 \SystemRoot\system32\DRIVERS\netbios.sys

0x058DF000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x058FA000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x05947000 \SystemRoot\system32\drivers\nsiproxy.sys

0x05953000 \SystemRoot\system32\drivers\csc.sys

0x059C9000 \SystemRoot\System32\Drivers\dfsc.sys

0x05C09000 \SystemRoot\System32\Drivers\fastfat.SYS

0x05C3E000 \SystemRoot\System32\Drivers\BTHUSB.sys

0x05C4C000 \SystemRoot\System32\Drivers\bthport.sys

0x05CFA000 \SystemRoot\System32\Drivers\crashdmp.sys

0x02800000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x05D08000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x05D1B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05D37000 \SystemRoot\system32\DRIVERS\etFilter64.sys

0x05D7D000 \SystemRoot\system32\DRIVERS\etDevice64.sys

0x059E6000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0x05C00000 \SystemRoot\system32\DRIVERS\etScan64.sys

0x06205000 \SystemRoot\system32\DRIVERS\rfcomm.sys

0x06236000 \SystemRoot\system32\DRIVERS\BthEnum.sys

0x06243000 \SystemRoot\system32\DRIVERS\bthpan.sys

0x06262000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys

0x06296000 \SystemRoot\system32\DRIVERS\hidbth.sys

0x062A4000 \SystemRoot\system32\drivers\btwavdt.sys

0x0631C000 \SystemRoot\system32\drivers\btwaudio.sys

0x063A0000 \SystemRoot\system32\DRIVERS\btwl2cap.sys

0x063AC000 \SystemRoot\system32\DRIVERS\btwrchid.sys

0x063B0000 \SystemRoot\system32\drivers\usbaudio.sys

0x063C9000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x00030000 \SystemRoot\System32\win32k.sys

0x063D2000 \SystemRoot\System32\drivers\Dxapi.sys

0x063DE000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0x02910000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0x00BEA000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004A0000 \SystemRoot\System32\TSDDD.dll

0x00860000 \SystemRoot\System32\ATMFD.DLL

0x00690000 \SystemRoot\System32\cdd.dll

0x007D8000 \SystemRoot\system32\drivers\luafv.sys

0x09406000 \SystemRoot\system32\DRIVERS\tifsfilt.sys

0x0941D000 \SystemRoot\system32\drivers\spsys.sys

0x094B7000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x094CB000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x094FF000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x0950A000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x09522000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys

0x09529000 \SystemRoot\system32\drivers\HTTP.sys

0x095CC000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0A20A000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0A228000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0A242000 \SystemRoot\system32\drivers\mrxdav.sys

0x0A269000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0A292000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0A2DB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0A2FA000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0A32C000 \SystemRoot\System32\DRIVERS\srv.sys

0x0A3C1000 \SystemRoot\System32\Drivers\adfs.SYS

0x0A3D9000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys

0x0AE07000 \SystemRoot\system32\drivers\peauth.sys

0x0AEBD000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0AEC8000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0AED8000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x0AEE3000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x76F30000 \Windows\System32\ntdll.dll

Processes (total 99):

0 System Idle Process

4 System

640 C:\Windows\System32\smss.exe

724 csrss.exe

776 C:\Windows\System32\wininit.exe

796 csrss.exe

832 C:\Windows\System32\services.exe

844 C:\Windows\System32\lsass.exe

852 C:\Windows\System32\lsm.exe

988 C:\Windows\System32\svchost.exe

232 C:\Windows\SysWOW64\svchost.exe

500 C:\Windows\System32\nvvsvc.exe

516 C:\Windows\System32\svchost.exe

688 C:\Windows\System32\svchost.exe

936 C:\Windows\System32\svchost.exe

1028 C:\Windows\System32\svchost.exe

1044 C:\Windows\System32\svchost.exe

1112 C:\Windows\System32\audiodg.exe

1136 C:\Windows\System32\svchost.exe

1176 C:\Windows\System32\SLsvc.exe

1216 C:\Windows\System32\svchost.exe

1352 C:\Windows\System32\winlogon.exe

1420 C:\Windows\System32\svchost.exe

1528 C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe

1540 C:\Program Files\ATKGFNEX\GFNEXSrv.exe

1572 C:\Windows\System32\wlanext.exe

1704 C:\Windows\System32\spoolsv.exe

1728 C:\Windows\System32\svchost.exe

1936 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1964 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1976 C:\Windows\System32\svchost.exe

1988 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

2028 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

2176 C:\Windows\SysWOW64\svchost.exe

2264 C:\Windows\System32\svchost.exe

2312 C:\Program Files (x86)\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe

2336 C:\Windows\System32\nvvsvc.exe

2392 C:\Windows\System32\wisptis.exe

2400 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe

2500 C:\Windows\SysWOW64\IoctlSvc.exe

2636 C:\Windows\System32\svchost.exe

2652 C:\Windows\System32\svchost.exe

2680 C:\Program Files (x86)\Photodex\Proshow Producer Beta\scsiaccess.exe

2704 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

2740 C:\Windows\System32\svchost.exe

2756 C:\Windows\System32\Wacom_Tablet.exe

2820 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

2876 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

2940 C:\Windows\System32\svchost.exe

3000 C:\Windows\System32\SearchIndexer.exe

3724 C:\Windows\System32\taskeng.exe

2088 C:\Windows\System32\wisptis.exe

3232 C:\Windows\System32\taskeng.exe

3304 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe

3484 C:\Windows\System32\dwm.exe

3500 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe

3952 C:\Windows\Qpexaa.exe

3092 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

2688 C:\Windows\System32\WTablet\Wacom_TabletUser.exe

1092 C:\Windows\SysWOW64\explorer.exe

2528 C:\Windows\System32\Wacom_Tablet.exe

996 C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe

3956 C:\Program Files (x86)\ATK Hotkey\HControl.exe

3976 C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe

2364 C:\Program Files (x86)\ATK Hotkey\MsgTranAgt64.exe

4224 C:\Windows\System32\dllhost.exe

4276 C:\Program Files\Wireless Console 2\wcourier.exe

4284 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

4292 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe

4300 C:\Program Files\P4G\BatteryLife.exe

4336 ACEngSvr.exe

4452 C:\Program Files (x86)\ATK Hotkey\Atouch64.exe

4468 C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe

4496 C:\Program Files\ATKOSD2\ATKOSD2.exe

4520 C:\Windows\SysWOW64\rundll32.exe

4528 C:\Program Files\Windows Sidebar\sidebar.exe

4548 C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

4584 C:\Windows\splwow64.exe

4592 C:\Windows\ehome\ehtray.exe

4600 C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe

4616 C:\Program Files (x86)\SecCopy\SecCopy.exe

4632 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

4640 C:\Program Files (x86)\Palm\AlarmApp_PSI.exe

4696 C:\Users\Steve & Ellie\AppData\Local\Google\Update\GoogleUpdate.exe

4716 C:\Windows\ehome\ehmsas.exe

4808 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

4944 C:\Program Files (x86)\ATK Hotkey\WDC.exe

5116 C:\Program Files\Windows Sidebar\sidebar.exe

788 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

624 C:\Windows\System32\taskmgr.exe

4624 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

2564 C:\Program Files (x86)\Internet Explorer\iexplore.exe

3832 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2480 C:\Program Files (x86)\Internet Explorer\iexplore.exe

3864 C:\Windows\System32\SearchFilterHost.exe

1912 C:\Windows\System32\SearchProtocolHost.exe

4844 C:\Windows\SysWOW64\conime.exe

4352 C:\Windows\System32\SearchProtocolHost.exe

2164 C:\Users\Steve & Ellie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`b4000000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40C

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Will be out for a couple of hours and will look for your reply.

Thanks again,

Ellie

Link to post
Share on other sites

Hi Ellie, lets see if we can get MBAM installed first.

MALWAREBYTES ANTIMALWARE

-------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1

alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Link to post
Share on other sites

Thanks, Elise, am doing so now as I managed to install MBAM. I am not sure if I mentioned that I was unable yesterday to run regedit as it informed me that the administrator has blocked editing the registry. Obviously the malware doing that. So perhaps this will cause problems for MBAM? trying to run regedit this morning produced nothing, not even a failure message.

I cannot easily remove this laptop from the internet if I need these downloads etc I will see if I can remove it from the network somehow. Do you know how to do that, by chance? There is a Qnap (NAS) online and one computer on the network at the moment, the rest have been off since before this infection

Thanks again,

Ellie

Link to post
Share on other sites

Hi, you can just disable/enable the network card in device manager. That way you're be sure and no need to mess with cabling. :)

Click Start > Run, type devmgmt.msc and press enter. Locate your network card in the list, right click it and disable it. To re-enable, right click again and select Enable.

Please let me know if MBAM finished successfully and post me the log.

Link to post
Share on other sites

Results:

(about to restart computer, wanted to send this first)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4550

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

05/09/2010 1:43:08 PM

mbam-log-2010-09-05 (13-43-08).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 432735

Time elapsed: 1 hour(s), 23 minute(s), 39 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 4

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 13

Memory Processes Infected:

C:\Windows\Qpexaa.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:

C:\Windows\System32\winamnc.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Amnesiac (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winbackupdumper-id198mdkjaw76h (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b1ba40a2-75f2-51bd-f413-04b13a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acronis toolbar helper (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\winamnc.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\winamnc.dll -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\Qpexaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Steve & Ellie\AppData\Local\Temp\jytr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Steve & Ellie\AppData\Local\Temp\lnudls.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Steve & Ellie\AppData\Local\Temp\stpb0fcd.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Users\Steve & Ellie\AppData\Roaming\antispy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Steve & Ellie\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\Users\Steve & Ellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

C:\Windows\System32\winamnc.dll (Trojan.Agent) -> Delete on reboot.

C:\Users\Steve & Ellie\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Steve & Ellie\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Steve & Ellie\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll (Trojan.Agent) -> Delete on reboot.

Link to post
Share on other sites

Well done! Can you please run another MBAM quick scan so I can see if anything got recreated?

Phew! All seems well! Thanks SO much. Anything else I need to do?

Ellie

Pasted here is the latest log file:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4550

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

05/09/2010 1:57:13 PM

mbam-log-2010-09-05 (13-57-13).txt

Scan type: Quick scan

Objects scanned: 144848

Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Looks good indeed. :)

Please run another OTL quick scan and post me the new log together with a description of any remaining problems.

I do seem to still be redirecting on the google search pages, so something is still going on, am now running OTL quick scan.

Ellie

Link to post
Share on other sites

OTL text: I can only find this text. This has done funny things to my taskbar now so it is hard to find something placed on it)

OTL logfile created on: 05/09/2010 3:26:48 PM - Run 2

OTL by OldTimer - Version 3.2.11.0 Folder = c:\Users\Steve & Ellie\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free

18.00 Gb Paging File | 15.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 77.67 Gb Free Space | 52.11% Space Free | Partition Type: NTFS

Drive D: | 139.28 Gb Total Space | 79.77 Gb Free Space | 57.27% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive T: | 2746.27 Gb Total Space | 1063.83 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive V: | 2746.27 Gb Total Space | 1063.83 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive W: | 37.27 Gb Total Space | 13.14 Gb Free Space | 35.27% Space Free | Partition Type: NTFS

Drive X: | 2746.27 Gb Total Space | 1063.83 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive Y: | 2746.27 Gb Total Space | 1063.83 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive Z: | 698.65 Gb Total Space | 234.19 Gb Free Space | 33.52% Space Free | Partition Type: NTFS

Computer Name: OSCAR

Current User Name: Steve & Ellie

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/05 07:17:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- c:\Users\Steve & Ellie\Desktop\OTL.exe

PRC - [2010/08/12 07:05:59 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\Proshow Producer Beta\scsiaccess.exe

PRC - [2010/07/25 07:37:14 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

PRC - [2010/07/25 07:37:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/01/18 23:49:30 | 003,581,440 | ---- | M] (David Harris) -- X:\Pmail\Programs\winpm-32.exe

PRC - [2009/12/17 13:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

PRC - [2009/10/13 00:16:18 | 003,102,944 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager\AnVir.exe

PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

PRC - [2008/06/17 22:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008/04/10 12:12:40 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2008/01/23 15:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2008/01/03 18:28:08 | 000,458,752 | R--- | M] (PalmSource, Inc) -- C:\Program Files (x86)\Palm\AlarmApp_PSI.exe

PRC - [2007/12/11 16:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe

PRC - [2007/12/04 10:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe

PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/11/28 17:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe

PRC - [2007/11/28 15:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\Atouch64.exe

PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe

PRC - [2007/10/17 08:42:02 | 002,425,856 | ---- | M] (Centered Systems) -- C:\Program Files (x86)\SecCopy\SecCopy.exe

PRC - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe

PRC - [2007/08/29 11:22:02 | 001,539,470 | ---- | M] () -- C:\Program Files (x86)\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe

PRC - [2007/08/20 05:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe

PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2007/02/07 05:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe

PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

PRC - [2006/11/02 12:03:35 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe

========== Modules (SafeList) ==========

MOD - [2010/09/05 07:17:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- c:\Users\Steve & Ellie\Desktop\OTL.exe

MOD - [2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWOW64\APSHook.dll

MOD - [2009/10/13 00:16:02 | 000,102,112 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager\AnvirHook61.dll

MOD - [2009/04/11 03:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll

MOD - [2009/04/11 03:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll

MOD - [2009/04/11 03:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll

MOD - [2008/12/05 08:00:04 | 000,083,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

MOD - [2008/01/20 23:49:50 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll

MOD - [2008/01/20 23:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2006/12/04 13:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll

MOD - [2006/11/02 06:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/29 18:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2010/01/07 16:43:48 | 005,876,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV:64bit: - [2009/04/11 04:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)

SRV:64bit: - [2009/04/11 04:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)

SRV:64bit: - [2008/12/09 17:20:48 | 001,824,536 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV:64bit: - [2008/10/24 07:44:59 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2008/07/24 15:22:40 | 000,118,272 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)

SRV:64bit: - [2008/03/18 01:26:56 | 000,015,872 | ---- | M] (Agere Systems) [On_Demand | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2008/01/20 23:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008/01/20 23:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV:64bit: - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2010/08/12 07:05:59 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\Proshow Producer Beta\scsiaccess.exe -- (ScsiAccess)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/04/28 14:21:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/17 13:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2008/11/04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

SRV - [2008/09/20 18:03:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/10/30 20:07:46 | 000,599,320 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007/08/29 11:22:02 | 001,539,470 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe -- (PDHelper.exe)

SRV - [2007/02/07 05:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)

SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

SRV - [2006/06/21 22:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/03/04 13:50:18 | 000,321,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2010/01/26 03:46:44 | 000,066,592 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)

DRV:64bit: - [2009/11/10 08:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/11/10 08:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/09/30 21:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/09/21 19:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2009/09/05 15:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)

DRV:64bit: - [2009/08/21 21:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/11 02:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/04/11 01:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)

DRV:64bit: - [2008/09/16 08:38:14 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)

DRV:64bit: - [2008/09/16 08:38:14 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)

DRV:64bit: - [2008/09/16 08:38:12 | 000,229,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)

DRV:64bit: - [2008/09/16 08:38:10 | 000,593,440 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)

DRV:64bit: - [2008/06/03 18:41:50 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2008/05/29 10:21:00 | 000,016,440 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)

DRV:64bit: - [2008/05/07 06:40:38 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/03/21 01:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/03/16 21:42:30 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2008/03/16 21:42:28 | 000,121,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2008/03/16 21:42:26 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2008/02/15 18:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2008/01/28 23:46:58 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2008/01/20 23:46:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)

DRV:64bit: - [2008/01/20 23:46:02 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV:64bit: - [2007/11/16 02:09:50 | 000,317,488 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2007/10/15 04:40:50 | 000,284,416 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etFilter64.sys -- (FiltUSBET)

DRV:64bit: - [2007/09/06 15:52:52 | 000,009,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etScan64.sys -- (ScanUSBET)

DRV:64bit: - [2007/09/06 05:44:40 | 000,530,944 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etDevice64.sys -- (DCamUSBET)

DRV:64bit: - [2007/08/09 13:27:00 | 000,041,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)

DRV:64bit: - [2007/08/09 13:27:00 | 000,041,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIM)

DRV:64bit: - [2007/08/03 01:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2007/07/26 09:28:54 | 000,055,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srs_sscfilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)

DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

DRV:64bit: - [2007/06/16 21:28:16 | 000,217,352 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV:64bit: - [2007/02/16 15:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2006/10/27 10:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)

DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/09/05 07:41:44 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2008/12/05 08:00:04 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onecare.live.com/site/en-us/center/howsafe.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.6

FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.55

FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.8.3

FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19

FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.1

FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.7

FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/25 07:37:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/20 06:53:47 | 000,000,000 | ---D | M]

[2008/09/16 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Extensions

[2010/09/05 14:53:58 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions

[2010/04/02 07:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}

[2010/08/03 07:10:04 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

[2009/12/12 21:07:13 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}

[2009/06/23 16:30:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/06/02 18:09:50 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\DeviceDetection@logitech.com

[2010/08/12 06:37:59 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\en-CA@dictionaries.addons.mozilla.org

[2008/11/05 21:11:39 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/04/09 06:24:17 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\exif_viewer@mozilla.doslash.org

[2010/09/05 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\twitternotifier@naan.net

[2010/09/05 14:53:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2009/01/02 10:29:49 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: ([2006/09/18 18:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (ASUS Security Protect Manager) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKCU..\Run: [AnVir Task Manager] C:\Program Files (x86)\AnVir Task Manager\AnVir.exe (AnVir Software)

O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

O4 - HKCU..\Run: [second Copy] C:\Program Files (x86)\SecCopy\SecCopy.exe (Centered Systems)

O4 - Startup: C:\Users\Steve & Ellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alarm Manager.LNK = C:\Program Files (x86)\Palm\AlarmApp_PSI.exe (PalmSource, Inc)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.177.2.130 142.166.145.137

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (APSHook64.dll) - C:\Windows\SysNative\APSHook64.dll (Cognizance Corporation)

O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\SysWow64\APSHook.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - Unable to obtain root file information for disk W:\

O33 - MountPoints2\{7e87d936-de66-11de-b1b3-002243a38580}\Shell\AutoRun\command - "" = J:\Windows\bin\eblSetup.exe -- File not found

O33 - MountPoints2\{adad394c-7db6-11de-846a-002243a38580}\Shell - "" = AutoRun

O33 - MountPoints2\{adad394c-7db6-11de-846a-002243a38580}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{adad395c-7db6-11de-846a-002243a38580}\Shell - "" = AutoRun

O33 - MountPoints2\{adad395c-7db6-11de-846a-002243a38580}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{c78b2674-9847-11dd-9407-002243a38580}\Shell - "" = AutoRun

O33 - MountPoints2\{c78b2674-9847-11dd-9407-002243a38580}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

O33 - MountPoints2\{fb00c976-835e-11dd-8fca-806e6f6e6963}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (autocheck SBBD.exe /d \Device\HarddiskVolume2\VIPRERESCUE\Definitions) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/05 12:16:16 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Roaming\Malwarebytes

[2010/09/05 12:16:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/09/05 12:16:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/09/05 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/09/05 12:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/05 12:13:54 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve & Ellie\Desktop\mbam-setup-1.46.exe

[2010/09/05 07:17:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

[2010/09/04 23:00:02 | 000,093,872 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\drivers\SBREDrv.sys

[2010/09/04 23:00:02 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\sbbd.exe

[2010/09/04 22:59:52 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE

[2010/09/04 22:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist

[2010/09/04 21:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications

[2010/09/04 17:36:16 | 000,140,288 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\pcre3.dll

[2010/09/04 17:36:16 | 000,000,000 | -HSD | C] -- C:\Users\Steve & Ellie\.COMMgr

[2010/09/04 17:36:16 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Local\Desktop Cleanup Wizard

[2010/09/04 17:36:04 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Local\Windows Server

[2010/09/04 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Roaming\7AC030EA297C16500581C5161ADF316C

[2010/08/30 09:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\ImageMagick-6.6.3-Q16

[2010/08/08 18:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/08/08 18:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/08/01 17:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2010/07/11 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\Desktop\Daniel Heikalo with Sarah Pound

[2010/07/02 14:38:50 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Roaming\NCH Software

[2010/06/24 07:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/06/18 13:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared

[2008/12/05 10:00:18 | 013,558,640 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp040917457

[2008/12/05 10:00:02 | 011,216,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp040917404

========== Files - Modified Within 90 Days ==========

[2010/09/05 15:29:51 | 008,912,896 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT

[2010/09/05 14:55:03 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3216189027-3680855661-446482604-1000UA.job

[2010/09/05 14:45:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/05 13:53:52 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/05 13:53:52 | 000,609,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/05 13:53:52 | 000,108,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/05 13:46:35 | 000,137,931 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/09/05 13:46:33 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2010/09/05 13:46:26 | 000,137,931 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/09/05 13:46:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/05 13:46:18 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/05 13:46:18 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/05 13:46:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/05 13:46:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/05 13:45:19 | 000,001,647 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/09/05 13:45:18 | 000,524,288 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{29fcbcba-9f19-11df-9dcb-002243a38580}.TMContainer00000000000000000001.regtrans-ms

[2010/09/05 13:45:18 | 000,065,536 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{29fcbcba-9f19-11df-9dcb-002243a38580}.TM.blf

[2010/09/05 13:45:16 | 002,850,528 | -H-- | M] () -- C:\Users\Steve & Ellie\AppData\Local\IconCache.db

[2010/09/05 12:16:09 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/05 12:13:54 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve & Ellie\Desktop\mbam-setup-1.46.exe

[2010/09/05 09:45:00 | 000,080,384 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\MBRCheck.exe

[2010/09/05 07:41:44 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/09/05 07:34:53 | 000,133,632 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\RKUnhookerLE.EXE

[2010/09/05 07:17:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

[2010/09/04 22:35:06 | 000,000,889 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[2010/09/04 17:55:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3216189027-3680855661-446482604-1000Core.job

[2010/09/04 17:36:16 | 000,140,288 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\pcre3.dll

[2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWow64\winamnc_backup.dll

[2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWow64\APSHook.dll

[2010/09/04 16:22:22 | 000,019,968 | ---- | M] () -- C:\Users\Steve & Ellie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/04 13:03:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010/09/04 10:58:29 | 000,001,027 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\hasselblad_softar2_effect.zip

[2010/09/04 10:12:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2010/09/03 20:56:52 | 003,921,973 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\BMC_I9000M_UG_EN_07272010_D4[1].pdf

[2010/09/03 20:52:31 | 000,000,162 | -H-- | M] () -- C:\Users\Steve & Ellie\Desktop\~$C_I9000M_UG_EN_07272010_D4[1].doc

[2010/09/01 08:44:10 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.2 64-bit.lnk

[2010/08/30 20:00:00 | 000,000,574 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Steve & Ellie.job

[2010/08/30 09:25:16 | 000,000,000 | ---- | M] () -- C:\Users\Steve & Ellie\convert

[2010/08/27 08:37:36 | 000,130,048 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\Menu.doc

[2010/08/25 08:18:06 | 000,000,980 | ---- | M] () -- C:\Windows\ODBC.INI

[2010/08/12 07:06:20 | 000,002,052 | ---- | M] () -- C:\Users\Steve & Ellie\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Producer.lnk

[2010/08/12 06:31:38 | 003,216,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/03 21:24:58 | 000,524,288 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{29fcbcba-9f19-11df-9dcb-002243a38580}.TMContainer00000000000000000002.regtrans-ms

[2010/08/03 20:46:55 | 000,002,044 | ---- | M] () -- C:\Users\Steve & Ellie\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk

[2010/08/03 20:46:55 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk

[2010/08/02 22:17:20 | 000,524,288 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms

[2010/08/02 22:17:20 | 000,065,536 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf

[2010/07/24 18:51:52 | 000,081,674 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\32095_131681393510330_118883614790108_351913_1185902_n[1].jpg

[2010/07/20 19:31:28 | 000,002,447 | ---- | M] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk

[2010/07/11 14:56:21 | 001,940,480 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\CatchTheMoment2-.pps

[2010/07/02 18:46:19 | 000,036,352 | ---- | M] () -- C:\Users\Steve & Ellie\Documents\Getting Florette.doc

[2010/07/01 16:29:16 | 000,025,088 | ---- | M] () -- C:\Users\Steve & Ellie\Documents\General-France.doc

[2010/07/01 16:23:09 | 000,027,648 | ---- | M] () -- C:\Users\Steve & Ellie\Documents\Tous Compris.doc

[2010/07/01 16:19:08 | 000,025,088 | ---- | M] () -- C:\Users\Steve & Ellie\Documents\Chicken_P

Link to post
Share on other sites

Hi, what browser is redirecting you? Both Firefox and IE or only one of them?

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Dear Elise,

Here is the latest report after completing the above.

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Steve

User: Steve & Ellie

->Temp folder emptied: 14712373 bytes

->Temporary Internet Files folder emptied: 94416125 bytes

->Java cache emptied: 29572556 bytes

->FireFox cache emptied: 108864676 bytes

->Google Chrome cache emptied: 489245941 bytes

->Flash cache emptied: 8394718 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9816398 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 16356766 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2932859 bytes

Total Files Cleaned = 738.00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 09052010_164043

Files\Folders moved on Reboot...

C:\Users\Steve & Ellie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Steve & Ellie\AppData\Local\Temp\~DFA749.tmp not found!

File\Folder C:\Users\Steve & Ellie\AppData\Local\Temp\~DFA750.tmp not found!

File\Folder C:\Users\Steve & Ellie\AppData\Local\Temp\~DFA7B3.tmp not found!

File\Folder C:\Users\Steve & Ellie\AppData\Local\Temp\~DFA7BA.tmp not found!

File\Folder C:\Users\Steve & Ellie\AppData\Local\Temp\~DFA7EB.tmp not found!

File\Folder C:\Users\Steve & Ellie\AppData\Local\Temp\~DFA7F6.tmp not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi, lets do a few additional OTL scans.

OTL

-----

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

/md5start
hlp.dat
explorer.exe
wininit.exe /64
/md5stop
netsvcs
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

[*]Push runscanbutton.png

[*]A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Am doing so, now, thank you Elise.

It appears that even Bing is now having the same redirect issues. The only thing to do is to copy and paste the URL found in the search results.

Scan results as directed above:

OTL logfile created on: 05/09/2010 5:40:02 PM - Run 3

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Steve & Ellie\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free

18.00 Gb Paging File | 16.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149.04 Gb Total Space | 78.34 Gb Free Space | 52.56% Space Free | Partition Type: NTFS

Drive D: | 139.28 Gb Total Space | 79.77 Gb Free Space | 57.28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive T: | 2746.27 Gb Total Space | 1063.83 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive V: | 2746.27 Gb Total Space | 1063.83 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive W: | 37.27 Gb Total Space | 13.14 Gb Free Space | 35.27% Space Free | Partition Type: NTFS

Drive X: | 2746.27 Gb Total Space | 1063.83 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive Y: | 2746.27 Gb Total Space | 1063.83 Gb Free Space | 38.74% Space Free | Partition Type: NTFS

Drive Z: | 698.65 Gb Total Space | 234.19 Gb Free Space | 33.52% Space Free | Partition Type: NTFS

Computer Name: OSCAR

Current User Name: Steve & Ellie

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/05 17:39:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

PRC - [2010/08/12 07:05:59 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\Proshow Producer Beta\scsiaccess.exe

PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2009/12/17 13:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

PRC - [2009/10/13 00:16:18 | 003,102,944 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager\AnVir.exe

PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

PRC - [2008/06/17 22:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008/04/10 12:12:40 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2008/01/23 15:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2008/01/03 18:28:08 | 000,458,752 | R--- | M] (PalmSource, Inc) -- C:\Program Files (x86)\Palm\AlarmApp_PSI.exe

PRC - [2007/12/11 16:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\WDC.exe

PRC - [2007/12/04 10:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe

PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/11/28 17:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files (x86)\ATK Hotkey\HControl.exe

PRC - [2007/11/28 15:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\Atouch64.exe

PRC - [2007/11/04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe

PRC - [2007/10/17 08:42:02 | 002,425,856 | ---- | M] (Centered Systems) -- C:\Program Files (x86)\SecCopy\SecCopy.exe

PRC - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe

PRC - [2007/08/29 11:22:02 | 001,539,470 | ---- | M] () -- C:\Program Files (x86)\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe

PRC - [2007/08/20 05:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

PRC - [2007/08/15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe

PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2007/02/07 05:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe

PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

PRC - [2006/11/02 12:03:35 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe

========== Modules (SafeList) ==========

MOD - [2010/09/05 17:39:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

MOD - [2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWOW64\APSHook.dll

MOD - [2009/10/13 00:16:02 | 000,102,112 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager\AnvirHook61.dll

MOD - [2009/04/11 03:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll

MOD - [2008/01/20 23:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2006/12/04 13:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/29 18:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2010/01/07 16:43:48 | 005,876,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV:64bit: - [2009/04/11 04:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)

SRV:64bit: - [2009/04/11 04:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)

SRV:64bit: - [2008/12/09 17:20:48 | 001,824,536 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV:64bit: - [2008/10/24 07:44:59 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2008/07/24 15:22:40 | 000,118,272 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)

SRV:64bit: - [2008/03/18 01:26:56 | 000,015,872 | ---- | M] (Agere Systems) [On_Demand | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2008/01/20 23:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008/01/20 23:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV:64bit: - [2007/08/03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2010/08/12 07:05:59 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\Proshow Producer Beta\scsiaccess.exe -- (ScsiAccess)

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/04/28 14:21:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)

SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/17 13:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2008/11/04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

SRV - [2008/09/20 18:03:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/10/30 20:07:46 | 000,599,320 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/10/02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007/08/29 11:22:02 | 001,539,470 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TastyBytes Software\PD+Rescue for iPod\PDHelper.exe -- (PDHelper.exe)

SRV - [2007/02/07 05:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)

SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

SRV - [2006/06/21 22:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/03/04 13:50:18 | 000,321,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2010/01/26 03:46:44 | 000,066,592 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)

DRV:64bit: - [2009/11/10 08:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/11/10 08:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/09/30 21:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/09/21 19:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2009/09/05 15:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)

DRV:64bit: - [2009/08/21 21:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/11 02:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/04/11 01:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)

DRV:64bit: - [2008/09/16 08:38:14 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)

DRV:64bit: - [2008/09/16 08:38:14 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)

DRV:64bit: - [2008/09/16 08:38:12 | 000,229,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)

DRV:64bit: - [2008/09/16 08:38:10 | 000,593,440 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)

DRV:64bit: - [2008/06/03 18:41:50 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2008/05/29 10:21:00 | 000,016,440 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\lullaby.sys -- (lullaby)

DRV:64bit: - [2008/05/07 06:40:38 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/03/21 01:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/03/16 21:42:30 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2008/03/16 21:42:28 | 000,121,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2008/03/16 21:42:26 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2008/02/15 18:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2008/01/28 23:46:58 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2008/01/20 23:46:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)

DRV:64bit: - [2008/01/20 23:46:02 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV:64bit: - [2007/11/16 02:09:50 | 000,317,488 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2007/10/15 04:40:50 | 000,284,416 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etFilter64.sys -- (FiltUSBET)

DRV:64bit: - [2007/09/06 15:52:52 | 000,009,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etScan64.sys -- (ScanUSBET)

DRV:64bit: - [2007/09/06 05:44:40 | 000,530,944 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\etDevice64.sys -- (DCamUSBET)

DRV:64bit: - [2007/08/09 13:27:00 | 000,041,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIMMP)

DRV:64bit: - [2007/08/09 13:27:00 | 000,041,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SymIM.sys -- (SymIM)

DRV:64bit: - [2007/08/03 01:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2007/07/26 09:28:54 | 000,055,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srs_sscfilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)

DRV:64bit: - [2007/07/24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

DRV:64bit: - [2007/06/16 21:28:16 | 000,217,352 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV:64bit: - [2007/02/16 15:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2006/10/27 10:01:08 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)

DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/09/05 07:41:44 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2008/12/05 08:00:04 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onecare.live.com/site/en-us/center/howsafe.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.6

FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.55

FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.8.3

FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19

FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.1

FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.7

FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/25 07:37:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/20 06:53:47 | 000,000,000 | ---D | M]

[2008/09/16 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Extensions

[2010/09/05 14:53:58 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions

[2010/04/02 07:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}

[2010/08/03 07:10:04 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

[2009/12/12 21:07:13 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}

[2009/06/23 16:30:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2010/06/02 18:09:50 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\DeviceDetection@logitech.com

[2010/08/12 06:37:59 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\en-CA@dictionaries.addons.mozilla.org

[2008/11/05 21:11:39 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/04/09 06:24:17 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\exif_viewer@mozilla.doslash.org

[2010/09/05 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\Steve & Ellie\AppData\Roaming\Mozilla\Firefox\Profiles\2rp0lqjy.default\extensions\twitternotifier@naan.net

[2010/09/05 14:53:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2009/01/02 10:29:49 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\FFComm.dll

O1 HOSTS File: ([2006/09/18 18:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (ASUS Security Protect Manager) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKCU..\Run: [AnVir Task Manager] C:\Program Files (x86)\AnVir Task Manager\AnVir.exe (AnVir Software)

O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

O4 - HKCU..\Run: [second Copy] C:\Program Files (x86)\SecCopy\SecCopy.exe (Centered Systems)

O4 - Startup: C:\Users\Steve & Ellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alarm Manager.LNK = C:\Program Files (x86)\Palm\AlarmApp_PSI.exe (PalmSource, Inc)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.177.2.130 142.166.145.137

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (APSHook64.dll) - C:\Windows\SysNative\APSHook64.dll (Cognizance Corporation)

O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\SysWow64\APSHook.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - Unable to obtain root file information for disk W:\

O33 - MountPoints2\{7e87d936-de66-11de-b1b3-002243a38580}\Shell\AutoRun\command - "" = J:\Windows\bin\eblSetup.exe -- File not found

O33 - MountPoints2\{adad394c-7db6-11de-846a-002243a38580}\Shell - "" = AutoRun

O33 - MountPoints2\{adad394c-7db6-11de-846a-002243a38580}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{adad395c-7db6-11de-846a-002243a38580}\Shell - "" = AutoRun

O33 - MountPoints2\{adad395c-7db6-11de-846a-002243a38580}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{c78b2674-9847-11dd-9407-002243a38580}\Shell - "" = AutoRun

O33 - MountPoints2\{c78b2674-9847-11dd-9407-002243a38580}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

O33 - MountPoints2\{fb00c976-835e-11dd-8fca-806e6f6e6963}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (autocheck SBBD.exe /d \Device\HarddiskVolume2\VIPRERESCUE\Definitions) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: wave2 - serwvdrv.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.MFZ0 - C:\Windows\SysWow64\MyFlashZip0.ax (Moyea Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: wave2 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/05 16:40:43 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/09/05 12:16:16 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Roaming\Malwarebytes

[2010/09/05 12:16:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/09/05 12:16:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/09/05 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/09/05 12:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/05 12:13:54 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve & Ellie\Desktop\mbam-setup-1.46.exe

[2010/09/05 07:17:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

[2010/09/04 23:00:02 | 000,093,872 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\drivers\SBREDrv.sys

[2010/09/04 23:00:02 | 000,027,944 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\sbbd.exe

[2010/09/04 22:59:52 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE

[2010/09/04 22:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist

[2010/09/04 21:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications

[2010/09/04 17:36:16 | 000,140,288 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\pcre3.dll

[2010/09/04 17:36:16 | 000,000,000 | -HSD | C] -- C:\Users\Steve & Ellie\.COMMgr

[2010/09/04 17:36:16 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Local\Desktop Cleanup Wizard

[2010/09/04 17:36:04 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Local\Windows Server

[2010/09/04 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Steve & Ellie\AppData\Roaming\7AC030EA297C16500581C5161ADF316C

[2010/08/30 09:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\ImageMagick-6.6.3-Q16

[2010/08/20 06:54:09 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll

[2010/08/11 19:42:10 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2010/08/11 19:42:05 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll

[2010/08/11 19:42:02 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010/08/11 19:42:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010/08/11 19:42:02 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2010/08/11 19:42:01 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010/08/11 19:42:01 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010/08/11 19:42:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2010/08/11 19:42:01 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2010/08/11 19:42:00 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2010/08/11 19:42:00 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2010/08/11 19:41:59 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2010/08/11 19:41:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010/08/11 19:41:59 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010/08/11 19:41:59 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2010/08/11 19:41:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2010/08/11 19:41:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2010/08/11 19:41:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2010/08/11 19:41:59 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2010/08/11 19:41:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2010/08/11 19:41:59 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2010/08/11 19:41:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2010/08/11 19:41:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010/08/11 19:41:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010/08/11 19:41:35 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll

[2010/08/11 19:41:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll

[2010/08/11 19:41:31 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2010/08/08 18:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/08/08 18:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2008/12/05 10:00:18 | 013,558,640 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp040917457

[2008/12/05 10:00:02 | 011,216,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp040917404

========== Files - Modified Within 30 Days ==========

[2010/09/05 17:40:07 | 008,912,896 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT

[2010/09/05 17:39:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve & Ellie\Desktop\OTL.exe

[2010/09/05 16:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3216189027-3680855661-446482604-1000UA.job

[2010/09/05 16:50:13 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/09/05 16:50:13 | 000,609,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/09/05 16:50:13 | 000,108,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/09/05 16:45:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/05 16:43:52 | 000,137,931 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/09/05 16:43:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2010/09/05 16:43:46 | 000,137,931 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/09/05 16:43:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/05 16:43:38 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/05 16:43:38 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/05 16:43:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/05 16:43:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/05 16:42:33 | 000,001,647 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/09/05 16:42:32 | 000,524,288 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{29fcbcba-9f19-11df-9dcb-002243a38580}.TMContainer00000000000000000001.regtrans-ms

[2010/09/05 16:42:32 | 000,065,536 | -HS- | M] () -- C:\Users\Steve & Ellie\NTUSER.DAT{29fcbcba-9f19-11df-9dcb-002243a38580}.TM.blf

[2010/09/05 16:42:29 | 002,884,616 | -H-- | M] () -- C:\Users\Steve & Ellie\AppData\Local\IconCache.db

[2010/09/05 12:16:09 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/05 12:13:54 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve & Ellie\Desktop\mbam-setup-1.46.exe

[2010/09/05 09:45:00 | 000,080,384 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\MBRCheck.exe

[2010/09/05 07:41:44 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/09/05 07:34:53 | 000,133,632 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\RKUnhookerLE.EXE

[2010/09/04 22:35:06 | 000,000,889 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[2010/09/04 17:55:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3216189027-3680855661-446482604-1000Core.job

[2010/09/04 17:36:16 | 000,140,288 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\Windows\SysWow64\pcre3.dll

[2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWow64\winamnc_backup.dll

[2010/09/04 17:36:15 | 000,039,936 | ---- | M] () -- C:\Windows\SysWow64\APSHook.dll

[2010/09/04 16:22:22 | 000,019,968 | ---- | M] () -- C:\Users\Steve & Ellie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/04 13:03:49 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010/09/04 10:58:29 | 000,001,027 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\hasselblad_softar2_effect.zip

[2010/09/04 10:12:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2010/09/03 20:56:52 | 003,921,973 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\BMC_I9000M_UG_EN_07272010_D4[1].pdf

[2010/09/03 20:52:31 | 000,000,162 | -H-- | M] () -- C:\Users\Steve & Ellie\Desktop\~$C_I9000M_UG_EN_07272010_D4[1].doc

[2010/09/01 08:44:10 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.2 64-bit.lnk

[2010/08/30 20:00:00 | 000,000,574 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Steve & Ellie.job

[2010/08/30 09:25:16 | 000,000,000 | ---- | M] () -- C:\Users\Steve & Ellie\convert

[2010/08/27 08:37:36 | 000,130,048 | ---- | M] () -- C:\Users\Steve & Ellie\Desktop\Menu.doc

[2010/08/25 08:18:06 | 000,000,980 | ---- | M] () -- C:\Windows\ODBC.INI

[2010/08/12 07:06:20 | 000,002,052 | ---- | M] () -- C:\Users\Steve & Ellie\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Producer.lnk

[2010/08/12 06:31:38 | 003,216,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/09/05 12:16:09 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/05 09:45:00 | 000,080,384 | ---- | C] () -- C:\Users\Steve & Ellie\Desktop\MBRCheck.exe

[2010/09/05 07:35:49 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/09/05 07:34:52 | 000,133,632 | ---- | C] () -- C:\Users\Steve & Ellie\Desktop\RKUnhookerLE.EXE

[2010/09/04 17:36:17 | 000,039,936 | ---- | C] () -- C:\Windows\SysWow64\winamnc_backup.dll

[2010/09/04 10:58:29 | 000,001,027 | ---- | C] () -- C:\Users\Steve & Ellie\Desktop\hasselblad_softar2_effect.zip

[2010/09/04 10:12:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2010/09/03 20:56:50 | 003,921,973 | ---- | C] () -- C:\Users\Steve & Ellie\Desktop\BMC_I9000M_UG_EN_07272010_D4[1].pdf

[2010/09/03 20:52:31 | 000,000,162 | -H-- | C] () -- C:\Users\Steve & Ellie\Desktop\~$C_I9000M_UG_EN_07272010_D4[1].doc

[2010/09/01 08:44:10 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.2 64-bit.lnk

[2010/08/30 09:21:55 | 000,000,000 | ---- | C] () -- C:\Users\Steve & Ellie\convert

[2010/08/27 08:37:36 | 000,130,048 | ---- | C] () -- C:\Users\Steve & Ellie\Desktop\Menu.doc

[2010/06/09 21:14:31 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll

[2010/06/03 07:11:51 | 000,228,298 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_ATL90SP1_KB973924MSI19B7.txt

[2010/06/03 07:11:49 | 000,011,700 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_ATL90SP1_KB973924UI19B7.txt

[2010/06/02 18:48:51 | 000,431,920 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_vcredistMSI610F.txt

[2010/06/02 18:48:50 | 000,011,458 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_vcredistUI610F.txt

[2010/02/04 07:53:06 | 000,230,682 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_ATL90SP1_KB973924MSI677D.txt

[2010/02/04 07:53:06 | 000,011,764 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_ATL90SP1_KB973924UI677D.txt

[2010/02/02 19:21:49 | 000,433,644 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_vcredistMSI5A58.txt

[2010/02/02 19:21:49 | 000,012,722 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_vcredistUI5A58.txt

[2010/01/15 20:40:10 | 000,000,180 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Roaming\setup.log

[2010/01/15 20:40:08 | 000,000,760 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Roaming\setup_ldm.iss

[2010/01/05 11:45:53 | 000,000,269 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Roaming\PD+Rescue v2 Prefs

[2010/01/05 11:43:48 | 000,000,046 | -H-- | C] () -- C:\Users\Steve & Ellie\AppData\Roaming\PD+Rescue_OwnerName

[2010/01/05 11:16:53 | 000,000,009 | -H-- | C] () -- C:\Users\Steve & Ellie\AppData\Roaming\PD+Rescue_Time

[2010/01/02 00:07:15 | 000,000,680 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\d3d9caps.dat

[2009/11/02 10:36:57 | 048,904,704 | ---- | C] () -- C:\Program Files\ScreenDASH_3_x64.msi

[2009/09/03 20:54:36 | 000,000,600 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\PUTTY.RND

[2009/07/29 06:51:44 | 000,548,730 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_ATL80SP1_KB973923MSI3B41.txt

[2009/07/29 06:51:44 | 000,011,716 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_ATL80SP1_KB973923UI3B41.txt

[2009/07/29 06:51:39 | 000,536,944 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_ATL80SP1_KB973923MSI3B30.txt

[2009/07/29 06:51:39 | 000,011,796 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\dd_ATL80SP1_KB973923UI3B30.txt

[2009/07/20 22:12:02 | 000,015,620 | ---- | C] () -- C:\Windows\SysWow64\SystemRes13.sm.SYS

[2009/05/29 09:23:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/05/29 09:22:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/05/02 09:02:48 | 003,032,064 | ---- | C] () -- C:\Windows\SysWow64\hpbcfgre.DLL

[2009/05/02 07:55:19 | 000,000,636 | ---- | C] () -- C:\Windows\hpntwksetup.ini

[2009/05/02 07:51:11 | 000,000,312 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/04/19 15:43:06 | 000,000,187 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\RAExpertHistory.xml

[2009/01/16 16:12:57 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\Implode.dll

[2008/10/25 20:07:16 | 000,019,968 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/21 09:37:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/09/20 17:31:36 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll

[2008/09/19 17:46:15 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2008/09/19 10:52:37 | 000,000,805 | ---- | C] () -- C:\Windows\Common.ini

[2008/09/19 10:37:36 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI

[2008/09/19 09:16:37 | 000,000,980 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/09/15 21:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2008/09/15 21:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest

[2008/09/15 21:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest

[2008/09/15 21:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll

[2008/09/15 18:14:52 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2008/09/15 17:54:02 | 000,137,931 | ---- | C] () -- C:\ProgramData\nvModes.001

[2008/09/15 17:53:55 | 000,137,931 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2008/09/15 16:32:48 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll

[2008/09/15 16:02:24 | 000,000,732 | ---- | C] () -- C:\Users\Steve & Ellie\AppData\Local\d3d9caps64.dat

[2008/01/20 23:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006/07/12 20:55:00 | 000,039,936 | ---- | C] () -- C:\Windows\SysWow64\APSHook.dll

[2005/04/03 11:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\scardsyn.dll

[1998/05/06 16:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\ODMA32.dll

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2008/10/29 03:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2008/10/29 03:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2008/10/29 03:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2008/10/30 00:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2009/04/11 04:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe

[2008/10/27 23:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2008/10/29 03:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe

[2008/10/30 02:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2009/04/11 04:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=E6EF6707DF2E9FBF8100AC0C23D3AD9A -- C:\Windows\explorer.exe

[2008/10/27 23:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008/01/20 23:47:50 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008/01/20 23:48:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 08:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll

[2009/03/08 08:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:574F41BA

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:3EFB0FE0

< End of report >

Link to post
Share on other sites

Can you please also run the following custom scan:

/md5start
wininit.exe
/md5stop

Click first the NONE button and then the Run Scan button; this will shorten the log.

Also, try the following:

UPLOAD A FILE

--------------------

We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

c:\windows\explorer.exe

c:\windows\syswow64\wininit.exe

If you get the message that the file has already been scanned before, please click Reanalyse file now.

Please post back the results of the scan in your next post.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.