Solved svchost.exe error 0x7c91b21a

Jayman007 · 2010/06/17

[Resolved] svchost.exe error 0x7c91b21a

I'm rather new here at the forum but have visited the site many times via google search to fix issues I've had in the past.

This time I figured I'd start a post as I've been pulling my hair out on this one I'm getting close to formatting the drive and doing a fresh install which I don't really want to do.

When I boot up I am constantly getting the svchost.exe application error

"The instruction at "0x7c91b21a" referenced memory at "0x00000010 ". The memory could not be "written" "

The only option I get is to click ok to terminate the program. I find that if I click OK then the computer hangs and I can hardly do anything. If I just leave the error open then I can continue my work on trying to resolve the issue.

I ran the dds.exe and I will include my logs here...

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jay at 23:21:07.92 on Thu 06/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1207 [GMT 7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
svchost.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Ext2Fsd\Ext2Mgr.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\PSXRUN.EXE
C:\WINDOWS\system32\psxss.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\SFU\Mapper\mapsvc.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\SFU\usr\sbin\zzInterix
C:\SFU\usr\sbin\init
C:\SFU\usr\sbin\inetd
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\KeyScrambler\KeyScrambler.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRAM FILES\SIGMATEL\C-MAJOR AUDIO\WDM\STSYSTRA.EXE
C:\PROGRAM FILES\GLOBE SOFTWARE\STATBAR\STATBAR.EXE
C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\IFRMEWRK.EXE
C:\PROGRAM FILES\INTEL\WIFI\BIN\ZCFGSVC.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE
C:\PROGRAM FILES\CLIPOMATIC\CLIPOMATIC.EXE
C:\PROGRAM FILES\BASTA COMPUTING\HORAS\HORAS.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\DESKSWARE\POWER FAVORITES\BOOKMARK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jay\Desktop\dds.EXE
C:\Program Files\Avira\AntiVir Desktop\checkt.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061004
uSearch Bar = hxxp://www.google.com/ie
uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Powermarks IEC: {6172e460-fae3-11d2-b494-004005a47aaa} - c:\progra~1\powerm~1.5\iec.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Powermarks: {e166b4a2-83e7-11d3-b4fd-004005a47aaa} - c:\progra~1\powerm~1.5\iec.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\textaloud\TAForIE.dll
TB: Spb Wallet: {2913d3dd-9363-4c21-b205-c19a584a0674} - c:\program files\spb wallet\SpbWalletToolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {7792546F-70AE-4ABC-B2B6-BE68E9410002} - No File
TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [StartupMonitor] c:\windows\StartupMonitor.exe
uRun: [Antivirus System Tray Tool] c:\program files\avira\antivir desktop\avgnt.exe
uRun: [pgaccount] c:\program files\processguard\pgaccount.exe
uRun: [WinPatrol PLUS] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [KeyScrambler] c:\program files\keyscrambler\KeyScrambler.exe
uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
uRun: [cdloader] "c:\documents and settings\jay\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [!1_pgaccount] "c:\program files\processguard\pgaccount.exe "
mRun: [ProcessLassoManagementConsole] c:\program files\process lasso\processlasso.exe
mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe "
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bluetooth.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoStrCmpLogical = 00000000
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Power Favorites - c:\program files\desksware\power favorites\copyurl.htm
IE: Add to QQ Customized Panel
IE: Add to QQ Emoticons
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Download with Rapget - d:\rapget140\rapget.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Send the Picture by QQ MMS
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute\vrie.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
Trusted Zone: advanta.com\www
Trusted Zone: bankofamerica.com
Trusted Zone: commerceonline.com
Trusted Zone: forexdirectory.net\www
Trusted Zone: google.com
Trusted Zone: google.com\mail
Trusted Zone: ingdirect.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: macromedia.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\office
Trusted Zone: nv.gov\www.nevadatax
Trusted Zone: scbeasy.com\www
Trusted Zone: schickquattro.com\www
Trusted Zone: turbotax.com
Trusted Zone: vaporwarez.com\www
Trusted Zone: wamu.com
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: KeyScrambler - KeyScramblerLogon.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tall emu\online armor\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
IFEO: taskmgr.exe - "c:\documents and settings\jay\desktop\desktop nov 09\PROCEXP.EXE "
Hosts: 64.235.38.169 vwold
Hosts: 66.40.56.26 www.vaporwarez.com
Hosts: 192.168.1.1 router
Hosts: 192.168.1.8 nmt
Hosts: 192.168.1.7 dbthai

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\ruv5qlwc.original\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.slickdeals.net/
FF - component: c:\documents and settings\jay\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\jay\application data\mozilla\firefox\profiles\ruv5qlwc.original\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - component: c:\documents and settings\jay\application data\mozilla\firefox\profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\jay\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\jay\application data\mozilla\firefox\profiles\ruv5qlwc.original\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\jay\application data\mozilla\firefox\profiles\ruv5qlwc.original\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\jay\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jay\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20104]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2007-2-21 30820]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-25 11608]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-6-11 29768]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2010-3-24 651264]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-11-20 225936]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-11-20 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-11-20 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R2 AKEProtect;AKEProtect;c:\program files\anti keylogger elite\AKEProtect.sys [2007-12-17 13351]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-7-25 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-25 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-25 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-7-25 405672]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-25 60936]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\processguard\DCSUserProt.exe [2010-4-30 31744]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-7-10 38144]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [2009-4-7 12416]
R2 Ext2Mgr;Ext2 Volume Manger;c:\program files\ext2fsd\ext2mgr.exe -service -hide --> c:\program files\ext2fsd\Ext2Mgr.exe -service -hide [?]
R2 GtDetectSc;GtDetectSc;c:\program files\option\globetrotter connect\GtDetectSc.exe [2008-5-1 200704]
R2 HopperP;WiFi Hopper (XP);c:\windows\system32\drivers\hopperp.sys [2008-11-21 21888]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-7-12 47640]
R2 Mapsvc;User Name Mapping;c:\sfu\mapper\mapsvc.exe [2003-11-8 111728]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-27 50704]
R2 OAcat;OAcat;c:\program files\tall emu\online armor\oacat.exe [2009-11-20 1284600]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2010-4-30 26688]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2008-7-23 3712]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-5-21 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-5-20 539184]
R2 zzInterix;Interix Subsystem Startup;c:\windows\system32\PSXRUN.EXE [2003-11-8 66480]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-11-25 115312]
R3 Portmap;Portmap;c:\windows\system32\drivers\portmap.sys [2003-11-8 35072]
R3 PsxDrv;PsxDrv;c:\windows\system32\drivers\PSXDRV.SYS [2003-11-8 6128]
R3 RpcXdr;RpcXdr;c:\windows\system32\drivers\rpcxdr.sys [2003-11-8 55872]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2007-2-21 35107]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2007-10-29 26448]
S2 gupdate1c9ce7e24e1579e;Google Update Service (gupdate1c9ce7e24e1579e);c:\program files\google\update\GoogleUpdate.exe [2009-10-16 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
S2 SvcOnlineArmor;SvcOnlineArmor;c:\program files\tall emu\online armor\oasrv.exe [2009-11-20 3506680]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2008-9-5 111896]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys --> c:\windows\system32\drivers\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys --> c:\windows\system32\drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 25864]
S3 Client for NFS;Client for NFS;c:\windows\system32\nfsclnt.exe [2003-11-8 53408]
S3 CommIpw;[CommView] Intel(R) PRO/Wireless 7100 Adapter Driver;c:\windows\system32\drivers\commipw.sys [2008-10-27 238080]
S3 COMMSYM;CommView/WiFi Driver by TamoSoft;c:\windows\system32\drivers\commsym.sys [2008-10-27 91392]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [2000-9-19 3584]
S3 DrvSnSht;DrvSnSht;c:\program files\r-drive image\DrvSnSht.sys [2008-11-1 94608]
S3 ElcomSoftDistributedPasswordRecoveryServer;Elcomsoft Distributed Password Recovery Server;c:\program files\elcomsoft\distributed password recovery\esdprs.exe [2009-10-22 356008]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2007-10-29 52944]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2008-9-12 258048]
S3 gfi_lanss9_attservice;GFI LANguard 9.0 Attendant Service;c:\program files\gfi\languard 9.0\lnssatt.exe [2009-7-9 329072]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-19 107776]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-9 59648]
S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [2007-6-29 14848]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 23048]
S3 kguard;kguard;c:\program files\firelion softwares\anti keyloggers\kguard.sys [2007-12-15 31232]
S3 metasploitApache;metasploitApache;c:\metasploit\apache2\bin\httpd.exe [2010-6-9 24645]
S3 metasploitPostgreSQL-1;metasploitPostgreSQL-1;C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL-1" -D "C:/metasploit/postgresql/data" --> C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N metasploitPostgreSQL-1 [?]
S3 metasploitProSvc;Metasploit Express Pro Service;c:\metasploit\ruby\bin\rubyw.exe -c "c:\metasploit\apps\pro\engine" prosvc_service.rb -e production --> c:\metasploit\ruby\bin\rubyw.exe -c c:\metasploit\apps\pro\engine [?]
S3 metasploitThin;Metasploit Express Thin Service;c:\metasploit\ruby\bin\rubyw.exe -c "c:\metasploit\apps\pro\ui" thin_service.rb --> c:\metasploit\ruby\bin\rubyw.exe -c c:\metasploit\apps\pro\ui [?]
S3 NfsRdr;NfsRdr;c:\windows\system32\drivers\nfsrdr.sys [2003-11-8 305664]
S3 NfsSvc;Server for NFS;c:\windows\system32\nfssvc.exe [2003-11-8 58208]
S3 NfsSvr;NfsSvr;c:\windows\system32\drivers\nfssvr.sys [2003-11-8 259296]
S3 nxpgsql;NeXpose PostgreSQL Server;c:\program files\rapid7\nexpose\nsc\nxpgsql\pgsql\bin\pg_ctl.exe [2010-5-15 84657]
S3 Omni-NFS Server;Omni-NFS Server;c:\program files\nfserver\nfsd.exe [2007-7-25 237626]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-5-26 14424]
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-10-3 666624]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-5-15 38976]
S3 R-ImageDisk;R-ImageDisk;c:\program files\r-drive image\R-ImageDisk.sys [2009-12-3 126542]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2007-6-19 25773]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-5-15 27064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-7-19 335104]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2009-7-10 323328]
S3 SaxNDIS;Ax3soft Packet Driver (SaxNDIS);c:\windows\system32\drivers\SAXNDIS.sys [2008-10-30 35840]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2007-6-29 14848]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2005-12-12 9760]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-21 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-21 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [2004-7-10 24576]
S3 TivoBeacon2;TivoBeacon2; [x]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2007-5-19 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2007-5-19 498464]
S3 XLink LPD;XLink LPD;c:\program files\nfserver\Lpd.exe [2007-7-25 118784]
S4 CronService;Windows Cron Service;c:\sfu\common\cron.exe [2003-11-8 47536]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 metasploitPostgreSQL;metasploitPostgreSQL;C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/metasploit/postgresql/data" --> C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?]

============== File Associations ===============

.bat=TextPad.bat
.txt=TextPad.txt

=============== Created Last 30 ================

2010-06-17 05:46:52 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-06-16 18:26:19 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-16 15:43:47 14024 ----a-w- c:\documents and settings\jay\s
2010-06-11 04:51:09 0 d-----w- c:\program files\magicBlock
2010-06-10 17:07:30 0 d-----w- c:\program files\Xirrus
2010-06-10 16:59:09 0 d-----w- c:\documents and settings\jay\Ekahau Site Survey
2010-06-10 16:57:38 0 d-----w- c:\program files\Ekahau
2010-06-09 17:16:22 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 15:09:28 0 d-----w- c:\program files\WinPcap
2010-06-09 15:06:42 0 d-----w- C:\metasploit
2010-06-08 10:40:56 0 d-----w- c:\program files\Franson
2010-06-08 04:32:54 0 d-----w- c:\program files\MetaGeek
2010-06-07 10:08:48 0 d-----w- C:\pioneerpsg
2010-06-03 09:01:06 0 d-----w- c:\program files\common files\Config
2010-06-03 09:00:38 0 d-----w- c:\program files\common files\Inet
2010-05-29 20:22:06 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-05-29 20:22:04 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-05-29 20:22:01 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-05-29 20:21:53 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-05-29 20:21:33 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-05-29 20:20:35 0 d-----w- c:\program files\common files\VMware
2010-05-29 19:30:30 0 d-----w- C:\TopoGrafix Image Files
2010-05-26 21:50:17 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2010-05-26 21:49:46 0 d-----w- c:\program files\Security Task Manager
2010-05-26 19:10:14 0 d-----w- c:\docume~1\jay\applic~1\Malwarebytes
2010-05-26 19:09:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 19:09:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-26 19:09:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-26 19:09:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-25 17:13:40 0 d-----w- c:\program files\PeerBlock
2010-05-24 17:59:06 388823 ----a-w- C:\hping.exe
2010-05-23 15:57:43 0 d-----w- c:\docume~1\jay\applic~1\X-NetStat
2010-05-23 15:57:28 0 d-----w- c:\program files\X-NetStat Professional
2010-05-22 12:52:12 0 d-----w- c:\documents and settings\jay\.gem
2010-05-21 16:15:40 0 d-----w- c:\program files\CORE Security Technologies
2010-05-21 12:55:53 0 d-----w- c:\docume~1\jay\applic~1\ProcessLasso
2010-05-21 12:55:49 0 d-----w- c:\program files\Process Lasso
2010-05-20 21:57:14 0 d-----w- c:\program files\GFI
2010-05-20 21:00:04 0 d-----w- C:\Snort
2010-05-20 17:56:56 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-05-20 17:56:56 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-05-20 17:54:02 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-05-20 17:54:02 32688 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-05-20 16:40:08 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-05-20 16:13:38 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-05-20 14:19:20 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-20 14:19:20 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-05-20 14:19:20 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-05-20 14:19:20 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-05-20 13:15:33 0 d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2010-05-20 13:12:35 0 d-----w- C:\PhotoshopPortable
2010-05-20 09:13:02 0 d-----w- c:\program files\Cain
2010-05-19 19:45:01 264 ----a-w- c:\windows\system32\winsusrm.dll
2010-05-19 19:45:01 120 ----a-w- c:\windows\system32\winsusrx.dll
2010-05-19 19:45:01 0 d-----w- c:\windows\5350-8641-2429-7641-5705

==================== Find3M ====================

2010-06-17 16:20:08 326964 ----a-w- c:\windows\system32\pguard.dat
2010-06-17 16:18:01 543968 ----a-w- c:\windows\system32\pghash.dat
2010-06-09 17:11:17 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-05-17 11:43:26 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-17 11:43:26 361600 ----a-w- c:\windows\system32\dllcache\tcpip.sys
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-27 09:42:46 64960 ----a-w- c:\windows\system32\drivers\stcp2v30.sys
2010-04-25 06:25:50 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-04-25 06:25:46 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-04-25 06:25:41 225936 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-12 20:53:48 19545 ----a-w- c:\windows\hpoins01.dat
2010-04-12 10:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-05 21:52:46 2462720 ------w- c:\windows\system32\dllcache\WMVCore.dll
2010-04-01 15:28:18 111513 ----a-w- c:\windows\system32\3x4KT-HE.exe
2010-03-22 14:11:40 313168 ----a-w- c:\windows\system32\WPPFilt.dll
2009-12-22 08:42:25 56473960 ----a-w- c:\program files\Trillian.rar
2009-02-02 00:40:43 84480 ----a-w- c:\program files\RapidShare Plus.exe
2008-10-04 23:01:36 68 ----a-w- c:\program files\RSPlus.que
2008-02-17 12:55:44 21888 ----a-w- c:\windows\inf\hopperp.sys
2006-10-12 22:39:30 251 ----a-w- c:\program files\wt3d.ini
2007-06-18 17:03:40 2 --shatr- c:\windows\winstart.bat
2007-06-09 10:06:59 88 --sh--r- c:\windows\system32\9228A70804.sys
2007-07-04 10:50:21 23 --sha-w- c:\windows\system32\dcbbfaadd_r.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-06-09 10:07:00 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-07-31 20:01:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080120090802\index.dat

============= FINISH: 23:21:43.65 ===============

Jayman007 · 2010/06/17

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/12/2006 07:21:49
System Uptime: 6/17/2010 23:07:47 (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1997/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 50 GiB total, 2.132 GiB free.
D: is FIXED (NTFS) - 136 GiB total, 4.313 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1373: 5/29/2010 11:54:39 - System Checkpoint
RP1374: 5/29/2010 23:59:24 - Removed Garmin MapSource
RP1375: 5/29/2010 23:59:35 - Installed Garmin MapSource
RP1376: 6/8/2010 11:32:53 - Installed inSSIDer
RP1377: 6/8/2010 17:40:54 - Installed Franson GpsGate 2.6
RP1378: 6/10/2010 00:17:07 - Software Distribution Service 3.0
RP1379: 6/10/2010 14:05:46 - Revo Uninstaller Pro's restore point - Thailand5
RP1380: 6/10/2010 19:39:27 - Revo Uninstaller Pro's restore point - IndoChina Routable Ver. 1.33
RP1381: 6/10/2010 20:18:17 - Installed Garmin City Navigator North America NT 2011.10 Update
RP1382: 6/10/2010 20:22:15 - Revo Uninstaller Pro's restore point - Garmin City Navigator North America NT 2010.40
RP1383: 6/10/2010 20:25:20 - Removed Garmin City Navigator North America NT 2010.40
RP1384: 6/11/2010 00:07:23 - Installed Xirrus Wi-Fi Inspector.
RP1385: 6/12/2010 23:37:47 - Installed Bluesoleil 6.4.249.0
RP1386: 6/13/2010 00:07:56 - Removed Bluesoleil 6.4.249.0
RP1387: 6/16/2010 00:01:19 - Restore Operation
RP1388: 6/16/2010 12:57:52 - Restore Operation
RP1389: 6/16/2010 14:24:17 - Restore Operation
RP1390: 6/16/2010 14:25:04 - Restore Operation
RP1391: 6/16/2010 14:38:42 - Restore Operation
RP1392: 6/17/2010 00:19:22 - Restore Operation
RP1393: 6/17/2010 00:46:47 - Restore Operation
RP1394: 6/17/2010 00:53:08 - Restore Operation
RP1395: 6/17/2010 01:00:06 - Restore Operation
RP1396: 6/17/2010 01:24:44 - test
RP1397: 6/17/2010 01:25:37 - Restore Operation
RP1398: 6/17/2010 02:18:37 - Restore Operation
RP1399: 6/17/2010 02:34:22 - Restore Operation
RP1400: 6/17/2010 16:54:49 - Removed SUPERAntiSpyware Free Edition
RP1401: 6/17/2010 16:55:58 - Installed SUPERAntiSpyware Professional

==== Hosts File Hijack ======================

Hosts: 64.235.38.169 vwold
Hosts: 66.40.56.26 www.vaporwarez.com
Hosts: 192.168.1.1 router
Hosts: 192.168.1.8 nmt
Hosts: 192.168.1.7 dbthai
Hosts: 0.0.0.0 localhost

==== Installed Programs ======================

[FireLion] Anti Keyloggers
µTorrent
0.3
Acronis Disk Director Suite
Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Professional
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Premiere Pro 2.0
Adobe Reader 9.3.2
Adobe Stock Photos 1.0
AI RoboForm (All Users)
AnswerWorks 5.0 English Runtime
AnyDVD
Apple Application Support
Apple Software Update
AT&T Communication Manager
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Avi2Dvd 0.4.5 beta
Avira AntiVir Premium
Avira RootKit Detection
AviSynth 2.5
Batch Image Watermarker 3.5
BayGenie eBay Auction Sniper Pro Edition 3.3.4.0
Beyond Compare version 3.0.7
Broadcom 440x 10/100 Integrated Controller
Cain & Abel v4.9.35
CAS Interface Studio 8.3a
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCcamCC
CCleaner
CDBurnerXP
Channel Master
Clipomatic
CloneDVD2
Codec Checker
Collectorz.com Movie Collector
ConvertXtoDVD 3.3.4.107
CORE IMPACT
CORE IMPACT 4.0
Coupon Printer for Windows
Creative Vado HD Codec
Daniusoft Media Converter(Build 2.3.1.34)
Diagnostic Tool for the Microsoft VM
DiamondCS ProcessGuard v3.500
Distributed Password Recovery
DivX Converter
DivX Setup
DreamStreamer
Driver Genius Professional Edition
Driver Installer
DriverMax 4
DriverMax 5
DVD Identifier
DVDInfoPro
dvdSanta 4.50
Dziobas Rar Player 0.008.9
Ekahau HeatMapper
Elecard MPEG Player
EPSON Print CD
EPSON Printer Software
EPSON Scan
Eraser
Ext2Fsd 0.48
FastSatfinder 2.7.0
FastStone Capture 6.2
FastStone Image Viewer 3.5
ffdshow (remove only)
ffdshow [rev 1975] [2008-05-26]
FileZilla Client 3.3.2.1
FineRecovery 1.2.19
FLV Player 2.0 (build 25)
Folder Size for Windows
Franson GpsGate 2.6
FreshUI
FXCM Trading Station
G-Tones
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin
Garmin MapInstall
Garmin MapSource
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
gBurner
GFI LANguard 9.0
GlobeTrotter Connect
GlobeTrotter Connect
GOGInstaller
GoodSync
Google Chrome
Google Earth
Google Gears
Google Gmail Notifier
Google Talk Plugin
Google Update Helper
GoToMeeting 4.0.0.320
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB981793)
hp instant support
hp LaserJet 1010 Series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IETester v0.3.5 (remove only)
ImgBurn
Infinity SIMEditor 1.35
Infinity USB Unlimited 2.71
Inpaint
inSSIDer
InstallWatch Pro 2.5
Internet Download Manager
Intrusion Detection System - Sax2 2.0
Invision 2.0 Build 3515 Update
Java Auto Updater
Java(TM) 6 Update 20
KeePass Password Safe 2.06 Beta
KeyScrambler
Kismet 2008-05-R1 for Windows
Lame ACM MP3 Codec
LC5
LogMeIn
Magic DVD Ripper V5.3 build 7
MagicDisc 2.7.106
magicJack Outlook Add-In 1.0.3.521
Malwarebytes' Anti-Malware
Matroska Pack - Lazy Man's MKV 0.9.9
Maxthon2
Metasploit Express
Metasploit Framework 3.3.3
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Keyboard Layout Creator 1.4
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
mIRC
mkv2vob
MKVtoolnix 3.3.0
Mobile Secret CodeX v1.35
MOBILedit! 3.1
Motorola Driver Installation
Move Media Player
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Musatcha.com Advanced WiFi Mapping Engine 0.3.184
My Drivers 3.31
MyConnection PC Lite Edition
myiHome v5.1.3
Nero 8
Nero Mega Plugin Pack
Nessus
NetTools 5.0
Network Stumbler 0.4.0 (remove only)
NeXpose
NextUp-ScanSoft Jennifer US English Voice
NextUp.com-NeoSpeech Paul16 Voice
Nmap 5.10BETA1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
O&O Defrag Professional Edition
OEM Password Recovery
Online Armor 4.0
OpenVPN 2.1_rc9
PaperlessPrinter version 3.0
PC Connectivity Solution
PC Sync Manager
PDF Password Remover 3.1
PDF Password Remover v3.0
PeerBlock 1.0.0 (r181)
Power Favorites 1.7.1
PowerISO
Powermarks 3.5
Process Lasso
PuTTY version 0.60
Quicken 2010
QuickSpell
QuickTime
R-Drive Image 4.6
RAR Password Recovery v1.1 RC16 (remove only)
Real Alternative 1.7.5
REALTEK USB Wireless LAN Driver and Utility
REALTEK Wireless LAN Driver and Utility
RegCure
Resco Sudoku
Revo Uninstaller Pro 2.2.0
RoboForm for Pocket PC
Sandboxie 3.442
SeaTools for Windows
Security Task Manager 1.7h
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Sharp World Clock 4.1
SigmaTel Audio
SIMCardReaderPro
Skins
Skype™ 4.2
SMAC 2.0
SmartMovie Converter (for Symbian phones)
SNMPcfg Admin 1.4
Sony Download Taxi 1.5.0.0
SoodSood TelTel
SopCast 3.2.9
Spb Backup
Spb Backup 2.0.2
Spb Keyboard
Spb Mobile Shell
Spb Online
Spb Phone Suite
Spb Pocket Plus
Spb Traveler
Spb Wallet
Spb Wallet 2.0.0
Sports Connection
SSC Service Utility v4.30
Startup Faster!
Sun Download Manager 2.0 (web)
SUPER © Version 2009.bld.36 (June 10, 2009)
SUPERAntiSpyware Professional
System Requirements Lab for Intel
Tadawulfx Trader 4.00
Technitium MAC Address Changer v5.0
Technitium MAC Address Changer v5.0 Release 3
TextAloud
THAILAND-INDOCHINA
The Ultimate Troubleshooter
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Torrent Episode Downloader
Transmission Remote
TrendFX Markets 4 Mobile
Trillian
TrueCrypt
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Typograf4.8f
UltimateDefrag 2008
Uniblue DriverScanner 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
United States- Jason
United States-International - Custom
United States-International - Jason
Unscrambler 0.4 Right Clic 0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Video Converter
Virtual Earth 3D (Beta)
VirusTotal Uploader
VLC media player 1.0.3
VMware Workstation
VT Trader
VT Trader 2
VTTrader 2
VultureWare DOCSIS Config Editor 0.1
WBFS Manager 3.0
Web Forum Reader 2.0
WebCopier Pro 5.0
WIDCOMM Bluetooth Software
WiFi Hopper
WildPackets NetDoppler 1.1.1
Winamp
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinPatrol 2009
WinPcap 4.1.1
WinRAR archiver
WinSCP 4.1.8
WizdXP 1.5 - Media Server for Networked Players
World of Satellites II
X-NetStat Pro 5.56
Xirrus Wi-Fi Inspector
XP_Key_Changer 2.0.0
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

6/17/2010 15:04:03, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.
6/17/2010 04:15:10, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{41EC7751-9707-402C-86B1-28219DF8A0EA} because another computer on the network has the same name. The server could not start.
6/17/2010 04:14:55, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/17/2010 04:14:55, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
6/17/2010 04:09:20, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
6/17/2010 04:09:20, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Jay\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
6/17/2010 04:09:20, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
6/17/2010 03:54:11, error: Service Control Manager [7034] - The O&O Defrag service terminated unexpectedly. It has done this 1 time(s).
6/17/2010 03:53:41, error: Service Control Manager [7024] - The Avira AntiVir MailGuard service terminated with service-specific error 1 (0x1).
6/17/2010 03:53:02, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
6/17/2010 03:36:09, error: Service Control Manager [7022] - The IPv6 Helper Service service hung on starting.
6/17/2010 03:15:03, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7C0D49A6-4455-4133-A325-77FA11711D06} because another computer on the network has the same name. The server could not start.
6/17/2010 02:22:30, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/17/2010 02:19:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb bizVSerial ElbyCDIO ElRawDisk Fips intelppm IPSec MRxSmb NetBIOS OADevice OAmon OAnet RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu ssmdrv Tcpip Tcpip6 tcpipBM truecrypt WS2IFSL
6/17/2010 02:19:23, error: Service Control Manager [7001] - The User Name Mapping service depends on the Portmap service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2010 02:19:23, error: Service Control Manager [7001] - The RpcXdr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 02:19:23, error: Service Control Manager [7001] - The Portmap service depends on the RpcXdr service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2010 02:19:23, error: Service Control Manager [7001] - The NetBios over Tcpip service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 02:19:23, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2010 02:19:23, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: The dependency service or group failed to start.
6/17/2010 02:19:18, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/17/2010 02:19:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
6/17/2010 02:18:26, error: redbook [2] - Redbook could not open the MIXER device. It may not exist, be in use, or there may be other audio problems. Redbook requires both a WDM audio driver and kernel streaming to be enabled. The audio device may have changed in an unsafe manner, been removed, or have other problems.

==== End Of File ===========================

PeteC · 2010/06/17

Welcome to WindowsBBS

Please do not use CODE tags to post a log - it makes them very difficult to read.

I see you have P2P software ( Limewire, BitTorrent, uTorrent etcâ€¦ ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

PeteC · 2010/06/17

Another advisory from the Hardware point of view ....

C: is FIXED (NTFS) - 50 GiB total, 2.132 GiB free.
D: is FIXED (NTFS) - 136 GiB total, 4.313 GiB free.
Click to expand...

You are critically low on disk space - Windows requires a minimum of 15% free space to function correctly - especially in terms of defragmentation.

Jayman007 · 2010/06/17

Thanks Pete. Since I live overseas at the moment I use utorrent to get my favorite US tv shows. If uninstalling it is what I need to do in order to rectify this issue then I certainly will. I will also work on freeing up some disk space on both my drives as I do realize that they are way too full.

Thanks for taking the time to review my logs. I will try and edit the posts and pull out the code marks.

PeteC · 2010/06/17

I will try and edit the posts and pull out the code marks.
Click to expand...

I already did that

A Malware expert will have a look at your log in due course.

broni · 2010/06/17

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Jayman007 · 2010/06/18

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4211

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2010 14:42:05
mbam-log-2010-06-18 (14-42-05).txt

Scan type: Quick scan
Objects scanned: 185907
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jayman007 · 2010/06/18

Step 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-18 19:34:26
Windows 5.1.2600 Service Pack 3
Running: c66wtg28.exe; Driver: C:\DOCUME~1\Jay\LOCALS~1\Temp\ugtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xB41884B0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xB4188CE0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xB4186370]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwCreateFile [0xB43DA53C]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwCreateKey [0xB43DC678]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xB4185EB0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xB4182BF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xB4183000]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xB41824B0]
SSDT \SystemRoot\system32\DRIVERS\vdiskbus.sys (Virtual Disk Bus Enumerator/Winternals) ZwCreateSymbolicLinkObject [0xBA4710DC]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwCreateThread [0xB43DD534]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xB4185160]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwDeleteKey [0xB43DCD71]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwDeleteValueKey [0xB43DCC6F]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xB4185CC0]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwFsControlFile [0xB43DA55E]
SSDT BA68A40B ZwLoadDriver
SSDT BA68A3F2 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwOpenFile [0xB43DA51E]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwOpenKey [0xB43DC644]
SSDT BA68A3C0 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwOpenSection [0xB43DC0B3]
SSDT BA68A3C5 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwProtectVirtualMemory [0xB43DC452]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xB4188050]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xB4188E80]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwReadVirtualMemory [0xB43DC42F]
SSDT BA68A3FC ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestPort [0xB4186F70]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwRequestWaitReplyPort [0xB43DB7C8]
SSDT BA68A3F7 ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xB4185910]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xB4186760]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwSetContextThread [0xB43DD9B4]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwSetSystemInformation [0xB43DD1F7]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwSetValueKey [0xB43DC816]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xB4187950]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwSuspendProcess [0xB43DC475]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwSuspendThread [0xB43DD9F2]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xB4185510]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwTerminateProcess [0xB43DC410]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwTerminateThread [0xB43DD9D3]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xB4187D60]
SSDT \??\C:\WINDOWS\system32\drivers\procguard.sys (ProcessGuard Driver/DiamondCS) ZwWriteVirtualMemory [0xB43DC3ED]

Code 894E5C4C ZwTraceEvent
Code 894E5C4B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 12 Bytes [B0, 5E, 18, B4, F0, 2B, 18, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [75, C4, 3D, B4, F2, D9, 3D, ...]
.text ntkrnlpa.exe!NtTraceEvent 80535114 5 Bytes JMP 894E5C50
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9121000, 0x1C5D58, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE8F 5 Bytes JMP 894E5430
.text win32k.sys!EngCopyBits + 68D BF838EFF 5 Bytes JMP 894E5610
.text win32k.sys!EngCreateBitmap + 6F4 BF83E122 5 Bytes JMP 894E5750
.text win32k.sys!EngAlphaBlend + 350F BF8AA40A 5 Bytes JMP 894E5A70
.text win32k.sys!EngMulDiv + 90FA BF8B4264 5 Bytes JMP 894E56B0
.text win32k.sys!XLATEOBJ_iXlate + 3A50 BF8B9E25 5 Bytes JMP 894E5570
.text win32k.sys!EngUnicodeToMultiByteN + 1756 BF8C322E 5 Bytes JMP 894E57F0
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F98FC 5 Bytes JMP 894E59D0
.text win32k.sys!EngCreateClip + 1994 BF9132F6 5 Bytes JMP 894E5B10
.text win32k.sys!EngCreateClip + 1F24 BF913886 5 Bytes JMP 894E5BB0
.text win32k.sys!EngCreateClip + 256A BF913ECC 5 Bytes JMP 894E5890

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ProcessGuard\procguard.exe[1432] ntdll.dll!DbgUiRemoteBreakin 7C951E13 1 Byte [C3]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA1CB300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA1CB360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA1CB610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [BA1CB610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [BA1CB650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [BA1CB300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [BA1CB360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA1CB650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA1CB610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BA1CB360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BA1CB300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [BA1CB300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [BA1CB360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [BA1CB650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [BA1CB610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA1CB610] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA1CB650] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA1CB300] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA1CB360] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Tall Emu Pty Ltd)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip socketlock.sys
Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Kbdclass \Device\KeyboardClass0 AKEProtect.sys (Anti-Keylogger Elite Driver/ISecSoft Inc.)
Device \Driver\Kbdclass \Device\KeyboardClass1 AKEProtect.sys (Anti-Keylogger Elite Driver/ISecSoft Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Tcpip \Device\Tcp socketlock.sys
Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\usbhub \Device\000000c1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000c3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000c5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000c7 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Tcpip \Device\Udp socketlock.sys
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\RawIp socketlock.sys
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\usbhub \Device\000000c9 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST socketlock.sys
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016cffeb972 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cffeb972
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0016cffeb972 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION BCECE7E716C1175A2F644315D2C45867A3A2F01E8CEFD3F29AABD610EDCD41DA727BB966A00550A46882D14E91FAC71CA9EEF7ADCF4135CF78C05480F459A6CF5CB5AC0920C482C2E780B24502E1DB4E06D26FC2F221684662323CB8A302F9345727416F53E890AB72AC158719B677EE8602DAF9444173E14FBA7FFC421080D022AD7BB198EEA38330ABAE96F1CBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D679492F7C768EB2F42608545226C0F7421F2EA9E3C53B215F00A5878253A2698231A82F4290B313AEDE30DF9A02DE2DD51D1E817359202E135AC44394D11F9389219062BFA0A69D42E68DC70FE5E31EADF39E1655C3EA275F66841B4F93DAD981653FB1F533BB04B3AE237083E9D46D440F117643CD73197FD7C31E5DC4450AFEF1B0A06AE4A27DEF0DB9FD4C35A73C9065C0E25C4B3D0813BBA3BF80F7F746408DA144A6E35F0455172DC1ED9D70C6D6DE88F6CC5FAA565C18CC84F0B1DB013EC0EC70AD64FB4A602D57D60ABADE954D19E2833F629DA6346EB87FEB09E9F0DCA45121A10BE9E20CA4C4F484C49E888B798AA2573119D94A56869D1C2DA5F1478A4A87EA67FDDC2192FE7BC32686A09C2032A23B7D59E82DE2526C569F99261ECE301F
Reg HKLM\SOFTWARE\Classes\CLSID\{05c5cbfc-bcdd-4cfa-a603-21a243449a99}@Model 329
Reg HKLM\SOFTWARE\Classes\CLSID\{05c5cbfc-bcdd-4cfa-a603-21a243449a99}@Therad 39
Reg HKLM\SOFTWARE\Classes\CLSID\{05c5cbfc-bcdd-4cfa-a603-21a243449a99}@MData 0x2B 0x8F 0x78 0x29 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0xF8 0x0B 0x78 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x50 0x04 0x58 0xF8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{e4866172-1069-42f7-ae1d-904890359220}@Model 83
Reg HKLM\SOFTWARE\Classes\CLSID\{e4866172-1069-42f7-ae1d-904890359220}@Therad 22
Reg HKLM\SOFTWARE\Classes\CLSID\{e4866172-1069-42f7-ae1d-904890359220}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08D2654C-9275-604C-35D2-5C87A2860D2A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08D2654C-9275-604C-35D2-5C87A2860D2A}@abdcijppfopfkfcfaplclbiepocogeeldl 0x65 0x62 0x64 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08D2654C-9275-604C-35D2-5C87A2860D2A}@bbdcijppfopfkfcfapcdicohimcancfgdehc 0x61 0x62 0x69 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27BB9111-A1FB-2D48-41C8-CD6437B06101}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27BB9111-A1FB-2D48-41C8-CD6437B06101}@fabbhimegjfc 0x6F 0x62 0x6E 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27BB9111-A1FB-2D48-41C8-CD6437B06101}@gaepabcffepgdl 0x6F 0x61 0x66 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27BB9111-A1FB-2D48-41C8-CD6437B06101}@gabpbblhbdfpnm 0x63 0x62 0x68 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AFEB829-80AF-7B30-ABAE-A8AB6190F1DA}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AFEB829-80AF-7B30-ABAE-A8AB6190F1DA}@ialgpejkgfahfakejo 0x6A 0x61 0x69 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AFEB829-80AF-7B30-ABAE-A8AB6190F1DA}@hafgbdeoagfkceno 0x6A 0x61 0x69 0x61 ...

---- EOF - GMER 1.0.15 ----

broni · 2010/06/18

Download HostsXpert ( http://www.majorgeeks.com/Hoster_d4626.html ) and then follow the steps below:

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click Restore MS Hosts File and then click OK.
* Click the X to exit the program

Restart computer.

===========================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Jayman007 · 2010/06/19

Combofix

I did get a BSOD while this was running. "Bad Pool Caller" and then after I restarted combofix started up again and completed.

ComboFix 10-06-18.03 - Jay 06/19/2010 12:38:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1056 [GMT 7:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
c:\documents and settings\Jay\Application Data\inst.exe
c:\documents and settings\Jay\Application Data\Kaspersky_Key_Finder_(KKF
c:\documents and settings\Jay\Application Data\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.4_Url_12pelnnxj4ifovubsvdj05jrmqwklncs\1.4.3.0\user.config
c:\documents and settings\Jay\Application Data\RapidShare Plus.exe
c:\documents and settings\Jay\Favorites\.url
c:\documents and settings\Jay\g2mdlhlpx.exe
c:\documents and settings\Jay\s
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
c:\windows\system32\drivers\DELL_XPS_MM061 .MRK
c:\windows\system32\gotomon.log
c:\windows\system32\st325602.dll
c:\windows\system32\win.ini
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
c:\windows\system32\zlibwapi.dll
d:\my documents\wpabaln.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD

((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-18 21:50 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Jay\Application Data\mjusbsp\in00000\setup.exe
2010-06-18 21:49 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Jay\Application Data\mjusbsp\ar00000\install.exe
2010-06-18 21:49 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Jay\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2010-06-18 19:35 . 2010-06-18 19:49 -------- d-----w- C:\metasploit
2010-06-18 19:24 . 2010-06-18 19:24 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\MagicRingForever
2010-06-18 19:11 . 2010-06-18 19:27 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\MagicsilencePlugin
2010-06-17 21:29 . 2010-06-17 21:29 -------- d-----w- c:\documents and settings\Jay\Application Data\Dell
2010-06-17 21:16 . 2010-06-17 21:16 -------- d-----w- C:\iolo
2010-06-17 21:01 . 2010-06-17 21:01 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-06-17 21:01 . 2010-06-17 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-06-17 21:01 . 2010-06-17 21:01 -------- d-----w- c:\documents and settings\Jay\Application Data\iolo
2010-06-17 20:32 . 2010-06-17 20:32 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-06-17 18:46 . 2010-06-17 18:46 -------- d-----w- c:\program files\VirusTotalUploader2
2010-06-17 09:56 . 2010-06-17 09:58 63488 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-17 09:56 . 2010-06-17 09:56 52224 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-17 09:56 . 2010-06-17 09:58 117760 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-16 18:47 . 2010-06-16 18:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\AT&T
2010-06-16 18:26 . 2010-06-16 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-16 18:17 . 2010-03-17 04:35 309248 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fjz2ojv1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-06-16 18:11 . 2010-06-16 18:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-06-12 20:49 . 2010-06-16 17:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\OnlineArmor
2010-06-12 20:49 . 2010-06-12 20:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\ProcessLasso
2010-06-12 20:28 . 2010-06-12 20:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2010-06-12 20:22 . 2010-06-12 20:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-11 04:51 . 2010-06-16 20:56 -------- d-----w- c:\program files\magicBlock
2010-06-10 17:07 . 2010-06-10 17:07 -------- d-----w- c:\program files\Xirrus
2010-06-10 16:59 . 2010-06-10 17:06 -------- d-----w- c:\documents and settings\Jay\Ekahau Site Survey
2010-06-10 16:57 . 2010-06-10 16:57 -------- d-----w- c:\program files\Ekahau
2010-06-09 17:16 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 15:09 . 2010-06-09 15:09 -------- d-----w- c:\program files\WinPcap
2010-06-08 10:40 . 2010-06-08 10:40 -------- d-----w- c:\program files\Franson
2010-06-08 04:48 . 2010-06-08 04:48 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\MetaGeek,_LLC
2010-06-08 04:32 . 2010-06-08 04:32 45126 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_322FD67B4052E9187FCAD5.exe
2010-06-08 04:32 . 2010-06-08 04:32 45126 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_6FEFF9B68218417F98F549.exe
2010-06-08 04:32 . 2010-06-08 04:32 -------- d-----w- c:\program files\MetaGeek
2010-06-07 10:08 . 2010-06-07 10:28 -------- d-----w- C:\pioneerpsg
2010-06-03 23:18 . 2010-05-23 10:50 73216 ----a-w- c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-06-03 23:18 . 2010-04-18 07:33 307200 ----a-w- c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-06-03 23:18 . 2010-04-18 07:33 172032 ----a-w- c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-06-03 09:01 . 2010-06-03 09:02 -------- d-----w- c:\program files\Common Files\Config
2010-06-03 09:00 . 2010-06-03 09:00 -------- d-----w- c:\program files\Common Files\Inet
2010-06-03 08:59 . 2010-06-03 08:59 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-06-03 08:59 . 2010-06-03 08:59 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-06-03 08:59 . 2010-06-03 08:59 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2010-06-03 08:58 . 2010-06-03 08:58 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2010-05-29 20:37 . 2010-06-08 09:48 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\VMware
2010-05-29 20:23 . 2010-05-29 20:23 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-05-29 20:23 . 2010-05-29 20:23 629296 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-05-29 20:23 . 2010-05-29 20:11 360448 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-05-29 20:23 . 2010-05-29 20:11 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-05-29 20:23 . 2010-05-29 20:11 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-05-29 20:23 . 2010-05-29 20:11 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-05-29 20:23 . 2010-05-29 20:11 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-05-29 20:23 . 2010-05-29 20:11 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-05-29 20:23 . 2010-05-29 20:11 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-05-29 20:23 . 2010-05-29 20:11 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-05-29 20:22 . 2010-05-20 17:56 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-05-29 20:22 . 2010-05-20 17:56 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-05-29 20:22 . 2010-05-20 17:53 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-05-29 20:21 . 2010-05-20 17:55 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-05-29 20:21 . 2010-05-20 17:55 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-05-29 20:20 . 2010-05-29 20:20 -------- d-----w- c:\program files\Common Files\VMware
2010-05-29 19:30 . 2010-05-29 19:52 -------- d-----w- C:\TopoGrafix Image Files
2010-05-29 10:31 . 2010-05-29 10:31 3205464 ----a-w- c:\documents and settings\Jay\Application Data\IDM\idmupdt.exe
2010-05-26 21:50 . 2010-05-26 21:50 108 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2010-05-26 21:50 . 2010-05-26 21:50 720 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_09E8523867F131E4F9060A8FDE147EF6.dll
2010-05-26 21:50 . 2010-05-26 21:50 41 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_096825A1D2A65CB41B34C8A48E1DD969.dll
2010-05-26 21:50 . 2010-05-26 21:50 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_08BD18832AAEB210DAEA000000000000.dll
2010-05-26 21:50 . 2010-05-26 21:50 4181 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_05F579832AAEB210DA4B000000000000.dll
2010-05-26 21:50 . 2010-05-26 21:50 44 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_03643A832AAEB210DA6B000000000000.dll
2010-05-26 21:50 . 2010-05-26 21:50 376 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_033084351D1EAC148B8FF78746F4F705.dll
2010-05-26 21:50 . 2010-05-26 21:50 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0000196603B837941A95361743A5FF5A.dll
2010-05-26 21:50 . 2010-05-26 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-05-26 21:49 . 2010-05-26 21:50 -------- d-----w- c:\program files\Security Task Manager
2010-05-26 19:10 . 2010-05-26 19:10 -------- d-----w- c:\documents and settings\Jay\Application Data\Malwarebytes
2010-05-26 19:09 . 2010-04-29 08:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 19:09 . 2010-05-26 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-26 19:09 . 2010-04-29 08:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-26 19:09 . 2010-05-26 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-25 17:13 . 2010-06-01 03:09 -------- d-----w- c:\program files\PeerBlock
2010-05-24 17:59 . 2006-05-19 01:51 388823 ----a-w- C:\hping.exe
2010-05-23 15:57 . 2010-05-23 16:06 -------- d-----w- c:\documents and settings\Jay\Application Data\X-NetStat
2010-05-23 15:57 . 2010-05-23 15:57 -------- d-----w- c:\program files\X-NetStat Professional
2010-05-22 12:54 . 2010-05-22 12:54 -------- d-----w- c:\documents and settings\LocalService\.gem
2010-05-22 12:52 . 2010-05-22 12:52 -------- d-----w- c:\documents and settings\Jay\.gem
2010-05-21 16:15 . 2010-05-21 16:15 -------- d-----w- c:\program files\CORE Security Technologies
2010-05-21 12:55 . 2010-05-21 12:55 -------- d-----w- c:\documents and settings\Jay\Application Data\ProcessLasso
2010-05-21 12:55 . 2010-05-21 12:56 -------- d-----w- c:\program files\Process Lasso
2010-05-20 21:57 . 2010-05-20 21:57 -------- d-----w- c:\program files\GFI
2010-05-20 21:00 . 2010-05-20 21:00 -------- d-----w- C:\Snort
2010-05-20 17:56 . 2010-05-20 17:56 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-05-20 17:56 . 2010-05-20 17:56 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-05-20 17:54 . 2010-05-20 17:54 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-05-20 17:54 . 2010-05-20 17:54 32688 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-05-20 16:40 . 2010-05-20 16:40 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-05-20 16:13 . 2010-05-20 16:13 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-05-20 14:19 . 2010-05-20 14:19 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-20 14:19 . 2010-05-20 14:19 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-05-20 14:19 . 2010-05-20 14:19 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-05-20 14:19 . 2010-05-20 14:19 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-05-20 13:15 . 2010-05-20 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-05-20 13:12 . 2010-05-20 13:14 -------- d-----w- C:\PhotoshopPortable
2010-05-20 09:13 . 2010-05-20 09:26 -------- d-----w- c:\program files\Cain

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 05:55 . 2008-01-04 20:37 -------- d-----w- c:\documents and settings\Jay\Application Data\DMCache
2010-06-19 05:50 . 2009-07-13 07:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-06-19 05:50 . 2009-07-13 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-06-19 05:29 . 2008-10-01 08:37 326964 ----a-w- c:\windows\system32\pguard.dat
2010-06-19 05:29 . 2006-10-16 04:00 -------- d-----w- c:\documents and settings\Jay\Application Data\Skype
2010-06-19 05:29 . 2009-12-22 08:43 -------- d-----w- c:\program files\Trillian Astra
2010-06-19 05:29 . 2008-10-01 08:37 547024 ----a-w- c:\windows\system32\pghash.dat
2010-06-18 21:50 . 2008-07-03 23:06 -------- d-----w- c:\documents and settings\Jay\Application Data\mjusbsp
2010-06-18 21:32 . 2007-06-27 21:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-18 20:07 . 2009-11-13 05:02 -------- d-----w- c:\documents and settings\Jay\Application Data\vlc
2010-06-18 20:01 . 2010-05-14 21:29 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-06-18 15:22 . 2007-07-05 17:13 -------- d-----w- c:\program files\uTorrent
2010-06-18 10:15 . 2007-09-21 07:04 -------- d-----w- c:\program files\Clipomatic
2010-06-18 07:29 . 2006-10-16 03:35 -------- d-----w- c:\program files\Advanced JPEG Compressor
2010-06-17 16:52 . 2007-03-17 10:08 -------- d-----w- c:\program files\CCleaner
2010-06-17 14:11 . 2010-03-29 12:26 -------- d-----w- c:\program files\wizdxp
2010-06-17 09:59 . 2008-01-04 23:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-17 09:55 . 2008-01-04 23:53 -------- d-----w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com
2010-06-17 09:54 . 2007-04-17 03:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-16 19:27 . 2009-11-21 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-16 07:56 . 2007-12-13 17:39 -------- d-----w- c:\program files\Registry Genius
2010-06-12 05:00 . 2010-02-27 03:27 -------- d-----w- c:\program files\R-Drive Image
2010-06-10 13:59 . 2007-06-09 03:46 -------- d-----w- c:\program files\Garmin
2010-06-10 05:09 . 2008-01-29 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-08 09:48 . 2009-07-13 08:07 -------- d-----w- c:\documents and settings\Jay\Application Data\VMware
2010-06-07 10:29 . 2007-04-23 09:05 -------- d-----w- c:\documents and settings\Jay\Application Data\BPFTP
2010-06-07 07:03 . 2010-05-12 11:34 -------- d-----w- c:\program files\Tadawulfx Trader 4
2010-06-03 09:03 . 2010-04-13 13:40 -------- d-----w- c:\program files\Quicken
2010-06-03 08:57 . 2010-04-13 13:43 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-06-01 06:52 . 2010-04-14 16:50 -------- d-----w- c:\program files\FXCM MT4 powered by BT
2010-05-29 20:19 . 2009-07-13 07:05 -------- d-----w- c:\program files\VMware
2010-05-29 10:58 . 2009-11-17 04:51 218544 ----a-w- c:\documents and settings\Jay\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-29 10:57 . 2008-01-04 20:37 -------- d-----w- c:\program files\Internet Download Manager
2010-05-29 10:31 . 2008-01-04 20:37 -------- d-----w- c:\documents and settings\Jay\Application Data\IDM
2010-05-26 22:43 . 2009-03-19 09:35 -------- d-----w- c:\program files\oovooToolbar
2010-05-26 22:31 . 2006-10-05 03:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 21:14 . 2007-03-21 02:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-23 11:16 . 2006-10-13 07:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-21 18:20 . 2010-05-14 09:12 -------- d-----w- c:\program files\Nmap
2010-05-20 21:03 . 2006-10-05 03:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 07:20 . 2010-04-29 13:06 -------- d-----w- c:\documents and settings\Jay\Application Data\FileZilla
2010-05-18 16:15 . 2010-04-30 11:42 -------- d-----w- c:\program files\Avanquest
2010-05-17 11:43 . 2005-08-16 09:18 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-16 17:39 . 2009-07-12 20:40 -------- d-----w- c:\program files\CommViewWiFi
2010-05-15 08:23 . 2008-10-30 07:23 -------- d-----w- c:\program files\VS Revo Group
2010-05-15 08:08 . 2007-06-21 13:02 -------- d-----w- c:\documents and settings\Jay\Application Data\uTorrent
2010-05-15 04:47 . 2007-08-08 21:47 -------- d-----w- c:\documents and settings\Jay\Application Data\gtk-2.0
2010-05-14 20:08 . 2010-05-14 20:08 -------- d-----w- c:\program files\rapid7
2010-05-14 20:06 . 2006-10-05 03:32 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-14 10:17 . 2010-05-14 09:08 -------- d-----w- c:\program files\Metasploit
2010-05-13 21:49 . 2010-05-13 21:49 -------- d-----w- c:\program files\Common Files\Intel
2010-05-13 21:49 . 2006-10-05 03:32 -------- d-----w- c:\program files\Intel
2010-05-13 21:36 . 2010-05-13 21:36 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-13 21:35 . 2010-05-13 21:35 84480 ----a-w- c:\documents and settings\Jay\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-05-13 21:35 . 2010-05-13 21:35 -------- d-----w- c:\documents and settings\Jay\Application Data\SystemRequirementsLab
2010-05-13 12:40 . 2008-09-17 02:38 -------- d-----w- c:\program files\FXDD - MetaTrader 4
2010-05-13 12:39 . 2010-04-19 16:38 -------- d-----w- c:\program files\CMS MetaTrader 4 Client Terminal
2010-05-13 12:39 . 2010-04-22 16:55 -------- d-----w- c:\program files\MetaTrader - FXOpen
2010-05-12 15:47 . 2007-08-05 11:54 -------- d-----w- c:\documents and settings\Jay\Application Data\GoodSync
2010-05-10 21:22 . 2007-08-18 15:16 -------- d-----w- c:\program files\NetworkView35
2010-05-07 05:55 . 2010-05-07 05:55 255472 ----a-w- c:\documents and settings\Jay\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-05-06 19:20 . 2007-10-22 21:40 -------- d-----w- c:\program files\VTTrader
2010-05-06 10:41 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 13:02 . 2010-05-05 13:01 -------- d-----w- c:\program files\Typograf
2010-05-02 05:22 . 2005-08-16 09:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 21:01 . 2009-01-15 05:27 -------- d-----w- c:\program files\TextAloud
2010-04-30 18:34 . 2006-10-12 00:38 119224 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 18:30 . 2010-04-30 18:30 -------- d-----w- c:\documents and settings\Jay\Application Data\Serif
2010-04-30 16:30 . 2007-05-19 02:57 -------- d-----w- c:\program files\ProcessGuard
2010-04-30 15:58 . 2010-04-30 15:58 -------- d-----w- c:\program files\Sandboxie
2010-04-29 15:40 . 2007-07-15 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe-BackupByPhotoshopCS5Portable
2010-04-29 15:02 . 2006-10-05 03:42 -------- d-----w- c:\program files\QuickTime
2010-04-29 15:01 . 2010-03-28 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-29 13:05 . 2010-04-29 13:04 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-29 08:42 . 2006-10-05 03:28 -------- d-----w- c:\program files\Java
2010-04-27 09:42 . 2010-04-27 09:42 64960 ----a-w- c:\windows\system32\drivers\stcp2v30.sys
2010-04-27 07:42 . 2010-04-27 07:11 -------- d-----w- c:\program files\SopCast
2010-04-25 06:25 . 2009-11-20 09:07 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-04-25 06:25 . 2009-11-20 09:07 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-04-25 06:25 . 2009-11-20 09:07 225936 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-04-24 16:23 . 2006-10-16 03:11 -------- d-----w- c:\program files\Trillian
2010-04-23 15:21 . 2006-10-05 03:49 -------- d-----w- c:\program files\Google
2010-04-20 05:30 . 2005-08-16 09:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 13:45 . 2010-04-13 13:45 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-04-13 13:43 . 2010-04-13 13:43 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-04-13 13:43 . 2010-04-13 13:43 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-04-13 13:42 . 2010-04-13 13:42 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-04-13 13:42 . 2010-04-13 13:42 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-04-12 20:53 . 2010-04-12 20:48 19545 ----a-w- c:\windows\hpoins01.dat
2010-04-12 10:29 . 2010-04-29 08:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-06 11:33 . 2008-12-07 05:44 25864 ----a-w- c:\windows\system32\drivers\btnetBus.sys
2010-04-06 11:32 . 2008-07-02 07:58 23048 ----a-w- c:\windows\system32\drivers\IvtBtBus.sys
2010-04-06 11:32 . 2009-01-07 16:39 20104 ----a-w- c:\windows\system32\drivers\BtHidBus.sys
2010-04-05 11:40 . 2010-04-05 11:40 3584 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-01 15:28 . 2010-04-01 15:28 111513 ----a-w- c:\windows\system32\3x4KT-HE.exe
2010-03-27 15:34 . 2010-03-27 15:34 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-27 15:34 . 2010-03-27 15:34 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-27 15:33 . 2010-03-27 15:33 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-27 15:33 . 2010-03-27 15:33 57677 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-03-27 15:33 . 2010-03-27 15:33 84035 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2007-06-18 17:03 . 2007-06-08 12:47 2 --shatr- c:\windows\winstart.bat
2007-06-09 10:06 . 2007-05-18 12:51 88 --sh--r- c:\windows\system32\9228A70804.sys
2007-07-04 10:50 . 2007-07-04 10:50 23 --sha-w- c:\windows\system32\dcbbfaadd_r.dll
2006-05-03 09:06 . 2009-06-30 09:07 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-06-09 10:07 . 2007-05-18 12:51 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2009-06-30 09:07 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-06-30 09:07 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupMonitor "= "c:\windows\StartupMonitor.exe" [2000-05-20 86016]
"Antivirus System Tray Tool "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"pgaccount "= "c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]
"WinPatrol PLUS "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"KeyScrambler "= "c:\program files\KeyScrambler\KeyScrambler.exe" [2009-10-08 424688]
"!1_ProcessGuard_Startup "= "c:\program files\ProcessGuard\procguard.exe" [2008-07-25 267287]
"cdloader "= "c:\documents and settings\Jay\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!1_pgaccount "= "c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]
"ProcessLassoManagementConsole "= "c:\program files\Process Lasso\processlasso.exe" [2010-05-19 414736]
"ProcessGovernor "= "c:\program files\Process Lasso\processgovernor.exe" [2010-05-19 252944]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-14 110592]
"@OnlineArmor GUI "= "c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-25 6785808]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"IntelZeroConfig "= "c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless "= "c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler "= "c:\program files\KeyScrambler\getting_started.html" [X]

c:\documents and settings\Jay\Start Menu\Programs\Startup\
MagicsilencePlugin.lnk - c:\documents and settings\Jay\Local Settings\Application Data\MagicsilencePlugin\MagicsilencePlugin.exe [2010-6-19 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} "= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{4F07DA45-8170-4859-9B5F-037EF2970034} "= "c:\progra~1\Tall Emu\Online Armor\oaevent.dll" [2010-04-25 925688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 08:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KeyScrambler]
2009-02-12 02:04 109032 ----a-w- c:\windows\system32\KeyScramblerLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-11-02 13:48 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\Gizmo Project\\mDNSResponder.exe "=
"c:\\Program Files\\Gizmo Project\\Gizmo.exe "=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe "=
"d:\\Downloads\\utorrent.exe "=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdprs.exe "=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdpr.exe "=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esda.exe "=
"c:\\Documents and Settings\\Jay\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\Jay\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe "=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe "=
"c:\\Documents and Settings\\Jay\\Application Data\\mjusbsp\\magicJack.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"1542:TCP "= 1542:TCP:WPS TCP Prot
"1542:UDP "= 1542:UDP:WPS UDP Prot
"53:UDP "= 53:UDP:AP UDP Prot
"12121:TCP "= 12121:TCP:ElcomSoft Distributed Agents TCP Port
"12122:TCP "= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 23:39 20104]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2/21/2007 03:53 30820]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [4/3/2006 22:00 14949]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [6/11/2008 19:05 29768]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [3/24/2010 11:40 651264]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [11/20/2009 16:07 225936]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [11/20/2009 16:07 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [11/20/2009 16:07 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 17:10 68168]
R2 AKEProtect;AKEProtect;c:\program files\Anti Keylogger Elite\AKEProtect.sys [12/17/2007 00:26 13351]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/25/2009 14:42 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/25/2009 14:42 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/25/2009 14:42 405672]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\ProcessGuard\DCSUserProt.exe [4/30/2010 23:30 31744]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [7/10/2009 19:56 38144]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [4/7/2009 19:45 12416]
R2 Ext2Mgr;Ext2 Volume Manger;c:\program files\Ext2Fsd\Ext2Mgr.exe -service -hide --> c:\program files\Ext2Fsd\Ext2Mgr.exe -service -hide [?]
R2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [5/1/2008 08:52 200704]
R2 HopperP;WiFi Hopper (XP);c:\windows\system32\drivers\hopperp.sys [11/21/2008 13:38 21888]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/29/2008 05:31 12856]
R2 metasploitApache;metasploitApache;c:\metasploit\apache2\bin\httpd.exe [6/19/2010 02:35 24645]
R2 metasploitPostgreSQL-1;metasploitPostgreSQL-1;C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL-1" -D "C:/metasploit/postgresql/data" --> C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N metasploitPostgreSQL-1 [?]
R2 metasploitProSvc;Metasploit Express Pro Service;c:\metasploit\ruby\bin\rubyw.exe -C "c:\metasploit\apps\pro\engine" prosvc_service.rb -E production --> c:\metasploit\ruby\bin\rubyw.exe -C c:\metasploit\apps\pro\engine [?]
R2 metasploitThin;Metasploit Express Thin Service;c:\metasploit\ruby\bin\rubyw.exe -C "c:\metasploit\apps\pro\ui" thin_service.rb --> c:\metasploit\ruby\bin\rubyw.exe -C c:\metasploit\apps\pro\ui [?]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/27/2010 09:09 50704]
R2 OAcat;OAcat;c:\program files\Tall Emu\Online Armor\oacat.exe [11/20/2009 16:07 1284600]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [4/30/2010 23:30 26688]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [7/23/2008 17:33 3712]
R2 SvcOnlineArmor;SvcOnlineArmor;c:\program files\Tall Emu\Online Armor\oasrv.exe [11/20/2009 16:07 3506680]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [5/21/2010 00:56 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [5/20/2010 23:40 539184]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [11/25/2008 17:55 115312]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2/21/2007 03:47 35107]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [10/29/2007 04:23 26448]
S2 gupdate1c9ce7e24e1579e;Google Update Service (gupdate1c9ce7e24e1579e);c:\program files\Google\Update\GoogleUpdate.exe [10/16/2009 01:49 133104]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [9/5/2008 05:09 111896]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 25864]
S3 CommIpw;[CommView] Intel(R) PRO/Wireless 7100 Adapter Driver;c:\windows\system32\drivers\commipw.sys [10/27/2008 20:23 238080]
S3 COMMSYM;CommView/WiFi Driver by TamoSoft;c:\windows\system32\drivers\commsym.sys [10/27/2008 20:23 91392]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 11336]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [9/19/2000 11:16 3584]
S3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [11/1/2008 22:46 94608]
S3 ElcomSoftDistributedPasswordRecoveryServer;Elcomsoft Distributed Password Recovery Server;c:\program files\ElcomSoft\Distributed Password Recovery\esdprs.exe [10/22/2009 16:27 356008]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [10/29/2007 04:23 52944]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [9/12/2008 01:58 258048]
S3 gfi_lanss9_attservice;GFI LANguard 9.0 Attendant Service;c:\program files\GFI\LANguard 9.0\lnssatt.exe [7/9/2009 22:02 329072]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/19/2008 06:14 107776]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/9/2008 02:00 59648]
S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [6/29/2007 15:00 14848]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 14:58 23048]
S3 kguard;kguard;c:\program files\FireLion Softwares\Anti Keyloggers\kguard.sys [12/15/2007 05:20 31232]
S3 nxpgsql;NeXpose PostgreSQL Server;c:\program files\rapid7\nexpose\nsc\nxpgsql\pgsql\bin\pg_ctl.exe [5/15/2010 03:09 84657]
S3 Omni-NFS Server;Omni-NFS Server;c:\program files\Nfserver\nfsd.exe [7/25/2007 02:10 237626]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5/26/2010 00:13 14424]
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [10/3/2003 05:47 666624]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [5/15/2010 04:29 38976]
S3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [12/3/2009 00:06 126542]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [6/19/2007 00:03 25773]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/15/2010 15:14 27064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [7/19/2009 02:00 335104]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [7/10/2009 17:16 323328]
S3 SaxNDIS;Ax3soft Packet Driver (SaxNDIS);c:\windows\system32\drivers\SAXNDIS.sys [10/30/2008 09:52 35840]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [6/29/2007 15:00 14848]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [12/12/2005 08:36 9760]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/21/2008 03:35 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/21/2008 03:36 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 19:37 26624]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [7/10/2004 21:54 24576]
S3 TivoBeacon2;TivoBeacon2; [x]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [5/19/2007 09:35 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [5/19/2007 09:35 498464]
S3 XLink LPD;XLink LPD;c:\program files\Nfserver\Lpd.exe [7/25/2007 02:10 118784]
S4 metasploitPostgreSQL;metasploitPostgreSQL;C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/metasploit/postgresql/data" --> C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 18:49]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 18:49]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030420016-499448262-1378471451-1006Core.job
- c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-31 08:04]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030420016-499448262-1378471451-1006UA.job
- c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-31 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Power Favorites - c:\program files\Desksware\Power Favorites\copyurl.htm
IE: Add to QQ Customized Panel
IE: Add to QQ Emoticons
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\INTERNET DOWNLOAD MANAGER\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\INTERNET DOWNLOAD MANAGER\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\INTERNET DOWNLOAD MANAGER\IEGetVL2.htm
IE: Download with IDM - c:\program files\INTERNET DOWNLOAD MANAGER\IEExt.htm
IE: Download with Rapget
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Send the Picture by QQ MMS
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b}
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: advanta.com\www
Trusted Zone: bankofamerica.com
Trusted Zone: commerceonline.com
Trusted Zone: forexdirectory.net\www
Trusted Zone: google.com
Trusted Zone: google.com\mail
Trusted Zone: ingdirect.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: macromedia.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\office
Trusted Zone: nv.gov\www.nevadatax
Trusted Zone: scbeasy.com\www
Trusted Zone: schickquattro.com\www
Trusted Zone: turbotax.com
Trusted Zone: vaporwarez.com\www
Trusted Zone: wamu.com
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - KickassTorrents
FF - prefs.js: browser.startup.homepage - hxxp://www.slickdeals.net/
FF - component: c:\documents and settings\Jay\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
Notify-GoToMyPC - (no file)
Notify-WgaLogon - (no file)

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
!1_pgaccount = "c:\program files\ProcessGuard\pgaccount.exe "??????????????%???????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\metasploitPostgreSQL]
"ImagePath "= "C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N \ "metasploitPostgreSQL\" -D \ "C:/metasploit/postgresql/data\" "

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\metasploitPostgreSQL-1]
"ImagePath "= "C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N \ "metasploitPostgreSQL-1\" -D \ "C:/metasploit/postgresql/data\" "

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\metasploitPostgreSQL]
"ImagePath "= "C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N \ "metasploitPostgreSQL\" -D \ "C:/metasploit/postgresql/data\" "

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\metasploitPostgreSQL-1]
"ImagePath "= "C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N \ "metasploitPostgreSQL-1\" -D \ "C:/metasploit/postgresql/data\" "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08D2654C-9275-604C-35D2-5C87A2860D2A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdcijppfopfkfcfaplclbiepocogeeldl "=hex:65,62,64,63,6e,6a,6c,66,6a,63,67,68,
6a,6f,6e,6f,6e,6e,6c,6c,6e,6f,61,6a,6c,62,6b,68,67,6c,68,66,63,65,62,6e,6d,\
"bbdcijppfopfkfcfapcdicohimcancfgdehc "=hex:61,62,69,65,6b,61,6e,65,67,6e,66,6e,
67,62,70,70,6f,6d,65,6e,69,67,66,6c,6e,63,6d,66,6b,6e,63,68,69,61,00,6e

[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27BB9111-A1FB-2D48-41C8-CD6437B06101}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"fabbhimegjfc "=hex:6f,62,6e,70,69,69,61,6b,6f,66,68,69,6c,69,69,6f,6d,70,62,65,
69,67,6e,64,64,69,6b,62,62,61,69,70,70,61,64,67,67,6d,6c,6d,6c,70,6c,6a,68,\
"gaepabcffepgdl "=hex:6f,61,66,63,61,6e,66,6e,68,67,67,6c,64,6b,67,6b,65,70,62,
6b,67,64,6f,62,6f,68,66,6b,6e,70,00,00
"gabpbblhbdfpnm "=hex:63,62,68,63,6b,6d,63,64,70,67,6c,65,62,6e,68,6f,6c,65,69,
6f,70,6a,6d,61,69,70,6e,6c,64,63,6c,66,6a,68,67,67,6d,6d,00,76

[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AFEB829-80AF-7B30-ABAE-A8AB6190F1DA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialgpejkgfahfakejo "=hex:6a,61,69,61,6f,6f,6e,69,69,63,68,6e,6a,61,6b,66,67,67,
68,64,00,f5
"hafgbdeoagfkceno "=hex:6a,61,69,61,6f,6f,6e,69,69,63,68,6e,6a,61,6b,66,67,67,
68,64,00,fa

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05c5cbfc-bcdd-4cfa-a603-21a243449a99}]
@Denied: (Full) (Everyone)
"Model "=dword:00000149
"Therad "=dword:00000027
"MData "=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):f8,0b,78,a7,c0,40,c8,66,7a,cb,95,de,a3,ce,fc,12,cd,7c,a1,09,7b,
68,19,0e,f2,4a,2e,26,53,29,36,13,e2,c8,2a,51,74,fa,02,22,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):50,04,58,f8,41,6c,9d,36,37,f4,08,e3,c6,9e,77,dc,c3,8f,9e,04,1b,
2e,73,4d,eb,08,4b,33,76,99,57,37,89,f0,37,5a,ef,2a,48,dc,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e4866172-1069-42f7-ae1d-904890359220}]
@Denied: (Full) (Everyone)
"Model "=dword:00000053
"Therad "=dword:00000016
"MData "=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION "= "BCECE7E716C1175A2F644315D2C45867A3A2F01E8CEFD3F29AABD610EDCD41DA727BB966A00550A46882D14E91FAC71CA9EEF7ADCF4135CF78C05480F459A6CF5CB5AC0920C482C2E780B24502E1DB4E06D26FC2F221684662323CB8A302F9345727416F53E890AB72AC158719B677EE8602DAF9444173E14FBA7FFC421080D022AD7BB198EEA38330ABAE96F1CBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D679492F7C768EB2F42608545226C0F7421F2EA9E3C53B215F00A5878253A2698231A82F4290B313AEDE30DF9A02DE2DD51D1E817359202E135AC44394D11F9389219062BFA0A69D42E68DC70FE5E31EADF39E1655C3EA275F66841B4F93DAD981653FB1F533BB04B3AE237083E9D46D440F117643CD73197FD7C31E5DC4450AFEF1B0A06AE4A27DEF0DB9FD4C35A73C9065C0E25C4B3D0813BBA3BF80F7F746408DA144A6E35F0455172DC1ED9D70C6D6DE88F6CC5FAA565C18CC84F0B1DB013EC0EC70AD64FB4A602D57D60ABADE954D19E2833F629DA6346EB87FEB09E9F0DCA45121A10BE9E20CA4C4F484C49E888B798AA2573119D94A56869D1C2DA5F1478A4A87EA67FDDC2192FE7BC32686A09C2032A23B7D59E82DE2526C569F99261ECE301F38A5EA6147D6C9ED3349FD2473EA2024228F014AD1459B68A2F7B62A0C2D0D5E69001AF8C2D03105891578AA818CBCCCA89AF39870C51D90704AF76F23CC9A8FAF05B361A808B1DCA6B49FD87E1E96E3808B0C8F732EA1154BA3DFDEBBB443906C7B9F89CF42CE85FC5889F3350FA0A3C30EB0759151AA2408B9DAC124948921496BA3B692BA3DAFA8BF5E0EB3F10093BF527387BE7E6994C921F396311717BE140CFC549E7C2223C0ACA3E69AB5299CC2F01A5A1026AC3AD4DE1DCCEE2F187638F42E27A95EFAA70729231D4B7F8AC3F16E91E82DC5632CD9F5DD639B28B07BDADAAE22DBE23AC9CD9AB3B4B2AD37690C8A573C798EC3B4B52DA6BF81898914C2EF8998515EA9DF73ACCE1DFEA45F0784A4FF912F7057AF60F785EDB4F04829E82EF5E9EEE673AECEF7B2E1988C3D85C01D00CF4E08A4DD566A7FCA1394EF97485258D04C34D039B3D14AAEF35D7AF5BB6EC87F460FC5522CBAD94FD570DD9C6F20506B6AFE73D584746E9524822BAC39A38CD8FA36FF94915A5779854E6C93F694D2B2DF5146E2A9796FEA33953829B3F9AC3B2FC08E46C00FB7D0D7919B43DEF11E5CEF94164CB9C5C0439A732541B9951D442E48303E12AF2016DB8734AD1ED372078C3F530AE254215DBD39942AE05ECED14F5B0873218A0DFBBA4D97C442F7ACBFC824C2474E849D2CBA5F59F76C0D300736E72681B30ED7D70F5C5048E "
.

Jayman007 · 2010/06/19

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\KeyScramblerLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(5348)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\SymbianWare\DesktopFileManager\DropHookExt.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Ext2Fsd\Ext2Mgr.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\metasploit\postgresql\bin\pg_ctl.exe
c:\metasploit\ruby\bin\rubyw.exe
c:\metasploit\ruby\bin\rubyw.exe
c:\metasploit\postgresql\bin\postgres.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\oodag.exe
c:\metasploit\postgresql\bin\postgres.exe
c:\metasploit\postgresql\bin\postgres.exe
c:\metasploit\postgresql\bin\postgres.exe
c:\metasploit\postgresql\bin\postgres.exe
c:\metasploit\postgresql\bin\postgres.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\vmnat.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\metasploit\postgresql\bin\postgres.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\rundll32.exe
c:\program files\Tall Emu\Online Armor\OAhlp.exe
c:\metasploit\postgresql\bin\postgres.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\SIGMATEL\C-MAJOR AUDIO\WDM\STSYSTRA.EXE
c:\program files\GLOBE SOFTWARE\STATBAR\STATBAR.EXE
c:\program files\CLIPOMATIC\CLIPOMATIC.EXE
c:\program files\BASTA COMPUTING\HORAS\HORAS.EXE
.
**************************************************************************
.
Completion time: 2010-06-19 12:59:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-19 05:59

Pre-Run: 1,775,255,552 bytes free
Post-Run: 2,610,503,680 bytes free

- - End Of File - - D5CF40FF65C272C5B2E52D41DD8D3CFE

broni · 2010/06/19

Did you start to move some stuff out of your C drive to get more free space?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\9228A70804.sys
c:\windows\system32\dcbbfaadd_r.dll



Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=-
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Jayman007 · 2010/06/19

ComboFix 10-06-18.03 - Jay 06/20/2010 0:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.770 [GMT 7:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
* Created a new restore point

FILE ::
"c:\windows\system32\9228A70804.sys "
"c:\windows\system32\dcbbfaadd_r.dll "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\9228A70804.sys
c:\windows\system32\dcbbfaadd_r.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-19 16:02 . 2010-02-26 23:51 6870864 ---ha-w- c:\documents and settings\Jay\Application Data\mjusbsp\in00000\setup.exe
2010-06-19 16:01 . 2010-02-26 23:45 743872 ---ha-w- c:\documents and settings\Jay\Application Data\mjusbsp\ar00000\install.exe
2010-06-19 16:01 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Jay\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2010-06-18 19:35 . 2010-06-18 19:49 -------- d-----w- C:\metasploit
2010-06-18 19:24 . 2010-06-18 19:24 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\MagicRingForever
2010-06-18 19:11 . 2010-06-18 19:27 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\MagicsilencePlugin
2010-06-17 21:29 . 2010-06-17 21:29 -------- d-----w- c:\documents and settings\Jay\Application Data\Dell
2010-06-17 21:16 . 2010-06-17 21:16 -------- d-----w- C:\iolo
2010-06-17 21:01 . 2010-06-17 21:01 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-06-17 21:01 . 2010-06-17 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-06-17 21:01 . 2010-06-17 21:01 -------- d-----w- c:\documents and settings\Jay\Application Data\iolo
2010-06-17 20:32 . 2010-06-17 20:32 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-06-17 18:46 . 2010-06-17 18:46 -------- d-----w- c:\program files\VirusTotalUploader2
2010-06-17 09:56 . 2010-06-17 09:58 63488 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-17 09:56 . 2010-06-17 09:56 52224 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-17 09:56 . 2010-06-17 09:58 117760 ----a-w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-16 18:47 . 2010-06-16 18:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\AT&T
2010-06-16 18:26 . 2010-06-16 18:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-16 18:17 . 2010-03-17 04:35 309248 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fjz2ojv1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-06-16 18:11 . 2010-06-16 18:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-06-12 20:49 . 2010-06-16 17:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\OnlineArmor
2010-06-12 20:49 . 2010-06-12 20:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\ProcessLasso
2010-06-12 20:28 . 2010-06-12 20:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2010-06-12 20:22 . 2010-06-12 20:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-11 04:51 . 2010-06-16 20:56 -------- d-----w- c:\program files\magicBlock
2010-06-10 17:07 . 2010-06-10 17:07 -------- d-----w- c:\program files\Xirrus
2010-06-10 16:59 . 2010-06-10 17:06 -------- d-----w- c:\documents and settings\Jay\Ekahau Site Survey
2010-06-10 16:57 . 2010-06-10 16:57 -------- d-----w- c:\program files\Ekahau
2010-06-09 17:16 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 15:09 . 2010-06-09 15:09 -------- d-----w- c:\program files\WinPcap
2010-06-08 10:40 . 2010-06-08 10:40 -------- d-----w- c:\program files\Franson
2010-06-08 04:48 . 2010-06-08 04:48 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\MetaGeek,_LLC
2010-06-08 04:32 . 2010-06-08 04:32 45126 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_322FD67B4052E9187FCAD5.exe
2010-06-08 04:32 . 2010-06-08 04:32 45126 ----a-r- c:\documents and settings\Jay\Application Data\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_6FEFF9B68218417F98F549.exe
2010-06-08 04:32 . 2010-06-08 04:32 -------- d-----w- c:\program files\MetaGeek
2010-06-07 10:08 . 2010-06-07 10:28 -------- d-----w- C:\pioneerpsg
2010-06-03 23:18 . 2010-05-23 10:50 73216 ----a-w- c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-06-03 23:18 . 2010-04-18 07:33 307200 ----a-w- c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-06-03 23:18 . 2010-04-18 07:33 172032 ----a-w- c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-06-03 09:01 . 2010-06-03 09:02 -------- d-----w- c:\program files\Common Files\Config
2010-06-03 09:00 . 2010-06-03 09:00 -------- d-----w- c:\program files\Common Files\Inet
2010-06-03 08:59 . 2010-06-03 08:59 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-06-03 08:59 . 2010-06-03 08:59 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-06-03 08:59 . 2010-06-03 08:59 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2010-06-03 08:58 . 2010-06-03 08:58 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2010-05-29 20:37 . 2010-06-08 09:48 -------- d-----w- c:\documents and settings\Jay\Local Settings\Application Data\VMware
2010-05-29 20:23 . 2010-05-29 20:23 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-05-29 20:23 . 2010-05-29 20:23 629296 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-05-29 20:23 . 2010-05-29 20:11 360448 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-05-29 20:23 . 2010-05-29 20:11 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-05-29 20:23 . 2010-05-29 20:11 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-05-29 20:23 . 2010-05-29 20:11 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-05-29 20:23 . 2010-05-29 20:11 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-05-29 20:23 . 2010-05-29 20:11 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-05-29 20:23 . 2010-05-29 20:11 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-05-29 20:23 . 2010-05-29 20:11 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-05-29 20:22 . 2010-05-20 17:56 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-05-29 20:22 . 2010-05-20 17:56 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-05-29 20:22 . 2010-05-20 17:53 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-05-29 20:21 . 2010-05-20 17:55 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-05-29 20:21 . 2010-05-20 17:55 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-05-29 20:20 . 2010-05-29 20:20 -------- d-----w- c:\program files\Common Files\VMware
2010-05-29 19:30 . 2010-05-29 19:52 -------- d-----w- C:\TopoGrafix Image Files
2010-05-29 10:31 . 2010-05-29 10:31 3205464 ----a-w- c:\documents and settings\Jay\Application Data\IDM\idmupdt.exe
2010-05-26 21:50 . 2010-05-26 21:50 108 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2010-05-26 21:50 . 2010-05-26 21:50 720 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_09E8523867F131E4F9060A8FDE147EF6.dll
2010-05-26 21:50 . 2010-05-26 21:50 41 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_096825A1D2A65CB41B34C8A48E1DD969.dll
2010-05-26 21:50 . 2010-05-26 21:50 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_08BD18832AAEB210DAEA000000000000.dll
2010-05-26 21:50 . 2010-05-26 21:50 4181 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_05F579832AAEB210DA4B000000000000.dll
2010-05-26 21:50 . 2010-05-26 21:50 44 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_03643A832AAEB210DA6B000000000000.dll
2010-05-26 21:50 . 2010-05-26 21:50 376 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_033084351D1EAC148B8FF78746F4F705.dll
2010-05-26 21:50 . 2010-05-26 21:50 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0000196603B837941A95361743A5FF5A.dll
2010-05-26 21:50 . 2010-05-26 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-05-26 21:49 . 2010-05-26 21:50 -------- d-----w- c:\program files\Security Task Manager
2010-05-26 19:10 . 2010-05-26 19:10 -------- d-----w- c:\documents and settings\Jay\Application Data\Malwarebytes
2010-05-26 19:09 . 2010-04-29 08:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-26 19:09 . 2010-05-26 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-26 19:09 . 2010-04-29 08:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-26 19:09 . 2010-05-26 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-25 17:13 . 2010-06-01 03:09 -------- d-----w- c:\program files\PeerBlock
2010-05-24 17:59 . 2006-05-19 01:51 388823 ----a-w- C:\hping.exe
2010-05-23 15:57 . 2010-05-23 16:06 -------- d-----w- c:\documents and settings\Jay\Application Data\X-NetStat
2010-05-23 15:57 . 2010-05-23 15:57 -------- d-----w- c:\program files\X-NetStat Professional
2010-05-22 12:54 . 2010-05-22 12:54 -------- d-----w- c:\documents and settings\LocalService\.gem
2010-05-22 12:52 . 2010-05-22 12:52 -------- d-----w- c:\documents and settings\Jay\.gem
2010-05-21 16:15 . 2010-05-21 16:15 -------- d-----w- c:\program files\CORE Security Technologies
2010-05-21 12:55 . 2010-05-21 12:55 -------- d-----w- c:\documents and settings\Jay\Application Data\ProcessLasso
2010-05-21 12:55 . 2010-05-21 12:56 -------- d-----w- c:\program files\Process Lasso
2010-05-20 21:57 . 2010-05-20 21:57 -------- d-----w- c:\program files\GFI
2010-05-20 21:00 . 2010-05-20 21:00 -------- d-----w- C:\Snort

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 17:45 . 2009-12-22 08:43 -------- d-----w- c:\program files\Trillian Astra
2010-06-19 17:34 . 2006-10-16 04:00 -------- d-----w- c:\documents and settings\Jay\Application Data\Skype
2010-06-19 17:26 . 2008-10-01 08:37 326964 ----a-w- c:\windows\system32\pguard.dat
2010-06-19 17:25 . 2008-10-01 08:37 547788 ----a-w- c:\windows\system32\pghash.dat
2010-06-19 16:03 . 2008-07-03 23:06 -------- d-----w- c:\documents and settings\Jay\Application Data\mjusbsp
2010-06-19 16:00 . 2009-07-13 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-06-19 16:00 . 2009-07-13 07:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-06-19 15:56 . 2007-06-27 21:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-19 05:55 . 2008-01-04 20:37 -------- d-----w- c:\documents and settings\Jay\Application Data\DMCache
2010-06-18 20:07 . 2009-11-13 05:02 -------- d-----w- c:\documents and settings\Jay\Application Data\vlc
2010-06-18 20:01 . 2010-05-14 21:29 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-06-18 15:22 . 2007-07-05 17:13 -------- d-----w- c:\program files\uTorrent
2010-06-18 10:15 . 2007-09-21 07:04 -------- d-----w- c:\program files\Clipomatic
2010-06-18 07:29 . 2006-10-16 03:35 -------- d-----w- c:\program files\Advanced JPEG Compressor
2010-06-17 16:52 . 2007-03-17 10:08 -------- d-----w- c:\program files\CCleaner
2010-06-17 14:11 . 2010-03-29 12:26 -------- d-----w- c:\program files\wizdxp
2010-06-17 09:59 . 2008-01-04 23:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-17 09:55 . 2008-01-04 23:53 -------- d-----w- c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com
2010-06-17 09:54 . 2007-04-17 03:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-16 19:27 . 2009-11-21 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-16 07:56 . 2007-12-13 17:39 -------- d-----w- c:\program files\Registry Genius
2010-06-12 05:00 . 2010-02-27 03:27 -------- d-----w- c:\program files\R-Drive Image
2010-06-10 13:59 . 2007-06-09 03:46 -------- d-----w- c:\program files\Garmin
2010-06-10 05:09 . 2008-01-29 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-08 09:48 . 2009-07-13 08:07 -------- d-----w- c:\documents and settings\Jay\Application Data\VMware
2010-06-07 10:29 . 2007-04-23 09:05 -------- d-----w- c:\documents and settings\Jay\Application Data\BPFTP
2010-06-07 07:03 . 2010-05-12 11:34 -------- d-----w- c:\program files\Tadawulfx Trader 4
2010-06-03 09:03 . 2010-04-13 13:40 -------- d-----w- c:\program files\Quicken
2010-06-03 08:57 . 2010-04-13 13:43 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-06-01 06:52 . 2010-04-14 16:50 -------- d-----w- c:\program files\FXCM MT4 powered by BT
2010-05-29 20:19 . 2009-07-13 07:05 -------- d-----w- c:\program files\VMware
2010-05-29 10:58 . 2009-11-17 04:51 218544 ----a-w- c:\documents and settings\Jay\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-29 10:57 . 2008-01-04 20:37 -------- d-----w- c:\program files\Internet Download Manager
2010-05-29 10:31 . 2008-01-04 20:37 -------- d-----w- c:\documents and settings\Jay\Application Data\IDM
2010-05-26 22:43 . 2009-03-19 09:35 -------- d-----w- c:\program files\oovooToolbar
2010-05-26 22:31 . 2006-10-05 03:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 21:14 . 2007-03-21 02:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-23 11:16 . 2006-10-13 07:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-21 18:20 . 2010-05-14 09:12 -------- d-----w- c:\program files\Nmap
2010-05-20 21:03 . 2006-10-05 03:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-20 17:56 . 2010-05-20 17:56 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-05-20 17:56 . 2010-05-20 17:56 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-05-20 17:54 . 2010-05-20 17:54 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-05-20 17:54 . 2010-05-20 17:54 32688 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-05-20 16:40 . 2010-05-20 16:40 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-05-20 16:13 . 2010-05-20 16:13 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-05-20 14:19 . 2010-05-20 14:19 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-20 14:19 . 2010-05-20 14:19 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys
2010-05-20 14:19 . 2010-05-20 14:19 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-05-20 14:19 . 2010-05-20 14:19 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-05-20 13:15 . 2010-05-20 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-05-20 09:26 . 2010-05-20 09:13 -------- d-----w- c:\program files\Cain
2010-05-20 07:20 . 2010-04-29 13:06 -------- d-----w- c:\documents and settings\Jay\Application Data\FileZilla
2010-05-18 16:15 . 2010-04-30 11:42 -------- d-----w- c:\program files\Avanquest
2010-05-17 11:43 . 2005-08-16 09:18 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-16 17:39 . 2009-07-12 20:40 -------- d-----w- c:\program files\CommViewWiFi
2010-05-15 08:23 . 2008-10-30 07:23 -------- d-----w- c:\program files\VS Revo Group
2010-05-15 08:08 . 2007-06-21 13:02 -------- d-----w- c:\documents and settings\Jay\Application Data\uTorrent
2010-05-15 04:47 . 2007-08-08 21:47 -------- d-----w- c:\documents and settings\Jay\Application Data\gtk-2.0
2010-05-14 20:08 . 2010-05-14 20:08 -------- d-----w- c:\program files\rapid7
2010-05-14 20:06 . 2006-10-05 03:32 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-14 10:17 . 2010-05-14 09:08 -------- d-----w- c:\program files\Metasploit
2010-05-13 21:49 . 2010-05-13 21:49 -------- d-----w- c:\program files\Common Files\Intel
2010-05-13 21:49 . 2006-10-05 03:32 -------- d-----w- c:\program files\Intel
2010-05-13 21:36 . 2010-05-13 21:36 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-13 21:35 . 2010-05-13 21:35 84480 ----a-w- c:\documents and settings\Jay\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-05-13 21:35 . 2010-05-13 21:35 -------- d-----w- c:\documents and settings\Jay\Application Data\SystemRequirementsLab
2010-05-13 12:40 . 2008-09-17 02:38 -------- d-----w- c:\program files\FXDD - MetaTrader 4
2010-05-13 12:39 . 2010-04-19 16:38 -------- d-----w- c:\program files\CMS MetaTrader 4 Client Terminal
2010-05-13 12:39 . 2010-04-22 16:55 -------- d-----w- c:\program files\MetaTrader - FXOpen
2010-05-12 15:47 . 2007-08-05 11:54 -------- d-----w- c:\documents and settings\Jay\Application Data\GoodSync
2010-05-10 21:22 . 2007-08-18 15:16 -------- d-----w- c:\program files\NetworkView35
2010-05-07 05:55 . 2010-05-07 05:55 255472 ----a-w- c:\documents and settings\Jay\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-05-06 19:20 . 2007-10-22 21:40 -------- d-----w- c:\program files\VTTrader
2010-05-06 10:41 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 13:02 . 2010-05-05 13:01 -------- d-----w- c:\program files\Typograf
2010-05-02 05:22 . 2005-08-16 09:18 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 21:01 . 2009-01-15 05:27 -------- d-----w- c:\program files\TextAloud
2010-04-30 18:34 . 2006-10-12 00:38 119224 ----a-w- c:\documents and settings\Jay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 18:30 . 2010-04-30 18:30 -------- d-----w- c:\documents and settings\Jay\Application Data\Serif
2010-04-30 16:30 . 2007-05-19 02:57 -------- d-----w- c:\program files\ProcessGuard
2010-04-30 15:58 . 2010-04-30 15:58 -------- d-----w- c:\program files\Sandboxie
2010-04-29 15:40 . 2007-07-15 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe-BackupByPhotoshopCS5Portable
2010-04-29 15:02 . 2006-10-05 03:42 -------- d-----w- c:\program files\QuickTime
2010-04-29 15:01 . 2010-03-28 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-29 13:05 . 2010-04-29 13:04 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-29 08:42 . 2006-10-05 03:28 -------- d-----w- c:\program files\Java
2010-04-27 09:42 . 2010-04-27 09:42 64960 ----a-w- c:\windows\system32\drivers\stcp2v30.sys
2010-04-27 07:42 . 2010-04-27 07:11 -------- d-----w- c:\program files\SopCast
2010-04-25 06:25 . 2009-11-20 09:07 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-04-25 06:25 . 2009-11-20 09:07 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-04-25 06:25 . 2009-11-20 09:07 225936 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-04-24 16:23 . 2006-10-16 03:11 -------- d-----w- c:\program files\Trillian
2010-04-23 15:21 . 2006-10-05 03:49 -------- d-----w- c:\program files\Google
2010-04-20 05:30 . 2005-08-16 09:18 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 13:45 . 2010-04-13 13:45 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-04-13 13:43 . 2010-04-13 13:43 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-04-13 13:43 . 2010-04-13 13:43 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-04-13 13:42 . 2010-04-13 13:42 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-04-13 13:42 . 2010-04-13 13:42 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2007-06-18 17:03 . 2007-06-08 12:47 2 --shatr- c:\windows\winstart.bat
2006-05-03 09:06 . 2009-06-30 09:07 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-06-09 10:07 . 2007-05-18 12:51 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2009-06-30 09:07 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-06-30 09:07 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupMonitor "= "c:\windows\StartupMonitor.exe" [2000-05-20 86016]
"Antivirus System Tray Tool "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"pgaccount "= "c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]
"WinPatrol PLUS "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"KeyScrambler "= "c:\program files\KeyScrambler\KeyScrambler.exe" [2009-10-08 424688]
"!1_ProcessGuard_Startup "= "c:\program files\ProcessGuard\procguard.exe" [2008-07-25 267287]
"cdloader "= "c:\documents and settings\Jay\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!1_pgaccount "= "c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]
"ProcessLassoManagementConsole "= "c:\program files\Process Lasso\processlasso.exe" [2010-05-19 414736]
"ProcessGovernor "= "c:\program files\Process Lasso\processgovernor.exe" [2010-05-19 252944]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-14 110592]
"@OnlineArmor GUI "= "c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-25 6785808]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"IntelZeroConfig "= "c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless "= "c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler "= "c:\program files\KeyScrambler\getting_started.html" [X]

c:\documents and settings\Jay\Start Menu\Programs\Startup\
MagicsilencePlugin.lnk - c:\documents and settings\Jay\Local Settings\Application Data\MagicsilencePlugin\MagicsilencePlugin.exe [2010-6-19 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "= 00000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} "= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{4F07DA45-8170-4859-9B5F-037EF2970034} "= "c:\progra~1\Tall Emu\Online Armor\oaevent.dll" [2010-04-25 925688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 08:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KeyScrambler]
2009-02-12 02:04 109032 ----a-w- c:\windows\system32\KeyScramblerLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-11-02 13:48 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\Gizmo Project\\mDNSResponder.exe "=
"c:\\Program Files\\Gizmo Project\\Gizmo.exe "=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe "=
"d:\\Downloads\\utorrent.exe "=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdprs.exe "=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esdpr.exe "=
"c:\\Program Files\\ElcomSoft\\Distributed Password Recovery\\esda.exe "=
"c:\\Documents and Settings\\Jay\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\Jay\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe "=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Documents and Settings\\Jay\\Application Data\\mjusbsp\\magicJack.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"1542:TCP "= 1542:TCP:WPS TCP Prot
"1542:UDP "= 1542:UDP:WPS UDP Prot
"53:UDP "= 53:UDP:AP UDP Prot
"12121:TCP "= 12121:TCP:ElcomSoft Distributed Agents TCP Port
"12122:TCP "= 12122:TCP:ElcomSoft Distributed Password Recovery Console TCP Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 23:39 20104]
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2/21/2007 03:53 30820]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [4/3/2006 22:00 14949]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [6/11/2008 19:05 29768]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [3/24/2010 11:40 651264]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [11/20/2009 16:07 225936]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [11/20/2009 16:07 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [11/20/2009 16:07 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 17:10 68168]
R2 AKEProtect;AKEProtect;c:\program files\Anti Keylogger Elite\AKEProtect.sys [12/17/2007 00:26 13351]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/25/2009 14:42 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/25/2009 14:42 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/25/2009 14:42 405672]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\ProcessGuard\DCSUserProt.exe [4/30/2010 23:30 31744]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [7/10/2009 19:56 38144]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [4/7/2009 19:45 12416]
R2 Ext2Mgr;Ext2 Volume Manger;c:\program files\Ext2Fsd\Ext2Mgr.exe -service -hide --> c:\program files\Ext2Fsd\Ext2Mgr.exe -service -hide [?]
R2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [5/1/2008 08:52 200704]
R2 HopperP;WiFi Hopper (XP);c:\windows\system32\drivers\hopperp.sys [11/21/2008 13:38 21888]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/29/2008 05:31 12856]
R2 metasploitApache;metasploitApache;c:\metasploit\apache2\bin\httpd.exe [6/19/2010 02:35 24645]
R2 metasploitPostgreSQL-1;metasploitPostgreSQL-1;C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL-1" -D "C:/metasploit/postgresql/data" --> C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N metasploitPostgreSQL-1 [?]
R2 metasploitProSvc;Metasploit Express Pro Service;c:\metasploit\ruby\bin\rubyw.exe -C "c:\metasploit\apps\pro\engine" prosvc_service.rb -E production --> c:\metasploit\ruby\bin\rubyw.exe -C c:\metasploit\apps\pro\engine [?]
R2 metasploitThin;Metasploit Express Thin Service;c:\metasploit\ruby\bin\rubyw.exe -C "c:\metasploit\apps\pro\ui" thin_service.rb --> c:\metasploit\ruby\bin\rubyw.exe -C c:\metasploit\apps\pro\ui [?]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/27/2010 09:09 50704]
R2 OAcat;OAcat;c:\program files\Tall Emu\Online Armor\oacat.exe [11/20/2009 16:07 1284600]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [4/30/2010 23:30 26688]
R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [7/23/2008 17:33 3712]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [5/21/2010 00:56 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [5/20/2010 23:40 539184]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [11/25/2008 17:55 115312]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2/21/2007 03:47 35107]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [10/29/2007 04:23 26448]
S2 gupdate1c9ce7e24e1579e;Google Update Service (gupdate1c9ce7e24e1579e);c:\program files\Google\Update\GoogleUpdate.exe [10/16/2009 01:49 133104]
S2 SvcOnlineArmor;SvcOnlineArmor;c:\program files\Tall Emu\Online Armor\oasrv.exe [11/20/2009 16:07 3506680]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [9/5/2008 05:09 111896]
S3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys --> c:\windows\system32\DRIVERS\btcomport.sys [?]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 25864]
S3 CommIpw;[CommView] Intel(R) PRO/Wireless 7100 Adapter Driver;c:\windows\system32\drivers\commipw.sys [10/27/2008 20:23 238080]
S3 COMMSYM;CommView/WiFi Driver by TamoSoft;c:\windows\system32\drivers\commsym.sys [10/27/2008 20:23 91392]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 11336]
S3 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.SYS [9/19/2000 11:16 3584]
S3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [11/1/2008 22:46 94608]
S3 ElcomSoftDistributedPasswordRecoveryServer;Elcomsoft Distributed Password Recovery Server;c:\program files\ElcomSoft\Distributed Password Recovery\esdprs.exe [10/22/2009 16:27 356008]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [10/29/2007 04:23 52944]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [9/12/2008 01:58 258048]
S3 gfi_lanss9_attservice;GFI LANguard 9.0 Attendant Service;c:\program files\GFI\LANguard 9.0\lnssatt.exe [7/9/2009 22:02 329072]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/19/2008 06:14 107776]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/9/2008 02:00 59648]
S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [6/29/2007 15:00 14848]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 14:58 23048]
S3 kguard;kguard;c:\program files\FireLion Softwares\Anti Keyloggers\kguard.sys [12/15/2007 05:20 31232]
S3 nxpgsql;NeXpose PostgreSQL Server;c:\program files\rapid7\nexpose\nsc\nxpgsql\pgsql\bin\pg_ctl.exe [5/15/2010 03:09 84657]
S3 Omni-NFS Server;Omni-NFS Server;c:\program files\Nfserver\nfsd.exe [7/25/2007 02:10 237626]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5/26/2010 00:13 14424]
S3 PRISM_USB;D-Link Air Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [10/3/2003 05:47 666624]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [5/15/2010 04:29 38976]
S3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [12/3/2009 00:06 126542]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [6/19/2007 00:03 25773]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/15/2010 15:14 27064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [7/19/2009 02:00 335104]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [7/10/2009 17:16 323328]
S3 SaxNDIS;Ax3soft Packet Driver (SaxNDIS);c:\windows\system32\drivers\SAXNDIS.sys [10/30/2008 09:52 35840]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [6/29/2007 15:00 14848]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [12/12/2005 08:36 9760]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/21/2008 03:35 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/21/2008 03:36 142976]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 19:37 26624]
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);c:\windows\system32\drivers\tap0801co.sys [7/10/2004 21:54 24576]
S3 TivoBeacon2;TivoBeacon2; [x]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [5/19/2007 09:35 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [5/19/2007 09:35 498464]
S3 XLink LPD;XLink LPD;c:\program files\Nfserver\Lpd.exe [7/25/2007 02:10 118784]
S4 metasploitPostgreSQL;metasploitPostgreSQL;C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/metasploit/postgresql/data" --> C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PROCEXP141

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
CtServ REG_MULTI_SZ CtServ
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 18:49]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 18:49]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030420016-499448262-1378471451-1006Core.job
- c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-31 08:04]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030420016-499448262-1378471451-1006UA.job
- c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-31 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Power Favorites - c:\program files\Desksware\Power Favorites\copyurl.htm
IE: Add to QQ Customized Panel
IE: Add to QQ Emoticons
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\INTERNET DOWNLOAD MANAGER\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\INTERNET DOWNLOAD MANAGER\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\INTERNET DOWNLOAD MANAGER\IEGetVL2.htm
IE: Download with IDM - c:\program files\INTERNET DOWNLOAD MANAGER\IEExt.htm
IE: Download with Rapget
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Send the Picture by QQ MMS
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b}
LSP: c:\windows\system32\idmmbc.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: advanta.com\www
Trusted Zone: bankofamerica.com
Trusted Zone: commerceonline.com
Trusted Zone: forexdirectory.net\www
Trusted Zone: google.com
Trusted Zone: google.com\mail
Trusted Zone: ingdirect.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: macromedia.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\office
Trusted Zone: nv.gov\www.nevadatax
Trusted Zone: scbeasy.com\www
Trusted Zone: schickquattro.com\www
Trusted Zone: turbotax.com
Trusted Zone: vaporwarez.com\www
Trusted Zone: wamu.com
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.slickdeals.net/
FF - component: c:\documents and settings\Jay\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - component: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\Jay\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 00:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
!1_pgaccount = "c:\program files\ProcessGuard\pgaccount.exe "??????????????%???????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\metasploitPostgreSQL]
"ImagePath "= "C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N \ "metasploitPostgreSQL\" -D \ "C:/metasploit/postgresql/data\" "

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\metasploitPostgreSQL-1]
"ImagePath "= "C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N \ "metasploitPostgreSQL-1\" -D \ "C:/metasploit/postgresql/data\" "

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\metasploitPostgreSQL]
"ImagePath "= "C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N \ "metasploitPostgreSQL\" -D \ "C:/metasploit/postgresql/data\" "

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\metasploitPostgreSQL-1]
"ImagePath "= "C:/metasploit/postgresql/bin/pg_ctl.exe runservice -N \ "metasploitPostgreSQL-1\" -D \ "C:/metasploit/postgresql/data\" "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{08D2654C-9275-604C-35D2-5C87A2860D2A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdcijppfopfkfcfaplclbiepocogeeldl "=hex:65,62,64,63,6e,6a,6c,66,6a,63,67,68,
6a,6f,6e,6f,6e,6e,6c,6c,6e,6f,61,6a,6c,62,6b,68,67,6c,68,66,63,65,62,6e,6d,\
"bbdcijppfopfkfcfapcdicohimcancfgdehc "=hex:61,62,69,65,6b,61,6e,65,67,6e,66,6e,
67,62,70,70,6f,6d,65,6e,69,67,66,6c,6e,63,6d,66,6b,6e,63,68,69,61,00,6e

[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27BB9111-A1FB-2D48-41C8-CD6437B06101}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"fabbhimegjfc "=hex:6f,62,6e,70,69,69,61,6b,6f,66,68,69,6c,69,69,6f,6d,70,62,65,
69,67,6e,64,64,69,6b,62,62,61,69,70,70,61,64,67,67,6d,6c,6d,6c,70,6c,6a,68,\
"gaepabcffepgdl "=hex:6f,61,66,63,61,6e,66,6e,68,67,67,6c,64,6b,67,6b,65,70,62,
6b,67,64,6f,62,6f,68,66,6b,6e,70,00,00
"gabpbblhbdfpnm "=hex:63,62,68,63,6b,6d,63,64,70,67,6c,65,62,6e,68,6f,6c,65,69,
6f,70,6a,6d,61,69,70,6e,6c,64,63,6c,66,6a,68,67,67,6d,6d,00,76

[HKEY_USERS\S-1-5-21-3030420016-499448262-1378471451-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AFEB829-80AF-7B30-ABAE-A8AB6190F1DA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialgpejkgfahfakejo "=hex:6a,61,69,61,6f,6f,6e,69,69,63,68,6e,6a,61,6b,66,67,67,
68,64,00,f5
"hafgbdeoagfkceno "=hex:6a,61,69,61,6f,6f,6e,69,69,63,68,6e,6a,61,6b,66,67,67,
68,64,00,fa

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05c5cbfc-bcdd-4cfa-a603-21a243449a99}]
@Denied: (Full) (Everyone)
"Model "=dword:00000149
"Therad "=dword:00000027
"MData "=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):f8,0b,78,a7,c0,40,c8,66,7a,cb,95,de,a3,ce,fc,12,cd,7c,a1,09,7b,
68,19,0e,f2,4a,2e,26,53,29,36,13,e2,c8,2a,51,74,fa,02,22,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):50,04,58,f8,41,6c,9d,36,37,f4,08,e3,c6,9e,77,dc,c3,8f,9e,04,1b,
2e,73,4d,eb,08,4b,33,76,99,57,37,89,f0,37,5a,ef,2a,48,dc,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e4866172-1069-42f7-ae1d-904890359220}]
@Denied: (Full) (Everyone)
"Model "=dword:00000053
"Therad "=dword:00000016
"MData "=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION "= "BCECE7E716C1175A2F644315D2C45867A3A2F01E8CEFD3F29AABD610EDCD41DA727BB966A00550A46882D14E91FAC71CA9EEF7ADCF4135CF78C05480F459A6CF5CB5AC0920C482C2E780B24502E1DB4E06D26FC2F221684662323CB8A302F9345727416F53E890AB72AC158719B677EE8602DAF9444173E14FBA7FFC421080D022AD7BB198EEA38330ABAE96F1CBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452BA7FD869164D679492F7C768EB2F42608545226C0F7421F2EA9E3C53B215F00A5878253A2698231A82F4290B313AEDE30DF9A02DE2DD51D1E817359202E135AC44394D11F9389219062BFA0A69D42E68DC70FE5E31EADF39E1655C3EA275F66841B4F93DAD981653FB1F533BB04B3AE237083E9D46D440F117643CD73197FD7C31E5DC4450AFEF1B0A06AE4A27DEF0DB9FD4C35A73C9065C0E25C4B3D0813BBA3BF80F7F746408DA144A6E35F0455172DC1ED9D70C6D6DE88F6CC5FAA565C18CC84F0B1DB013EC0EC70AD64FB4A602D57D60ABADE954D19E2833F629DA6346EB87FEB09E9F0DCA45121A10BE9E20CA4C4F484C49E888B798AA2573119D94A56869D1C2DA5F1478A4A87EA67FDDC2192FE7BC32686A09C2032A23B7D59E82DE2526C569F99261ECE301F38A5EA6147D6C9ED3349FD2473EA2024228F014AD1459B68A2F7B62A0C2D0D5E69001AF8C2D03105891578AA818CBCCCA89AF39870C51D90704AF76F23CC9A8FAF05B361A808B1DCA6B49FD87E1E96E3808B0C8F732EA1154BA3DFDEBBB443906C7B9F89CF42CE85FC5889F3350FA0A3C30EB0759151AA2408B9DAC124948921496BA3B692BA3DAFA8BF5E0EB3F10093BF527387BE7E6994C921F396311717BE140CFC549E7C2223C0ACA3E69AB5299CC2F01A5A1026AC3AD4DE1DCCEE2F187638F42E27A95EFAA70729231D4B7F8AC3F16E91E82DC5632CD9F5DD639B28B07BDADAAE22DBE23AC9CD9AB3B4B2AD37690C8A573C798EC3B4B52DA6BF81898914C2EF8998515EA9DF73ACCE1DFEA45F0784A4FF912F7057AF60F785EDB4F04829E82EF5E9EEE673AECEF7B2E1988C3D85C01D00CF4E08A4DD566A7FCA1394EF97485258D04C34D039B3D14AAEF35D7AF5BB6EC87F460FC5522CBAD94FD570DD9C6F20506B6AFE73D584746E9524822BAC39A38CD8FA36FF94915A5779854E6C93F694D2B2DF5146E2A9796FEA33953829B3F9AC3B2FC08E46C00FB7D0D7919B43DEF11E5CEF94164CB9C5C0439A732541B9951D442E48303E12AF2016DB8734AD1ED372078C3F530AE254215DBD39942AE05ECED14F5B0873218A0DFBBA4D97C442F7ACBFC824C2474E849D2CBA5F59F76C0D300736E72681B30ED7D70F5C5048E "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Jay\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\KeyScramblerLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-06-20 00:59:05
ComboFix-quarantined-files.txt 2010-06-19 17:59
ComboFix2.txt 2010-06-19 05:59

Pre-Run: 2,967,506,944 bytes free
Post-Run: 2,911,911,936 bytes free

- - End Of File - - 38A865A1CCF1AF5F90922277A0317D04

broni · 2010/06/19

Did you start to move some stuff out of your C drive to get more free space?
Click to expand...

Are you still getting errors?

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Jayman007 · 2010/06/20

I think the problems are sorted now. I need to do several more reboots and see if the BSOD comes back. It seems the svchost error is gone.

The one thing I noticed is that when I boot into the recovery console I am no longer prompted for the admin password to login. I still have to use the login password to login to the admin account booting to the GUI but no password prompt for the recovery console. Kinda seems like a security risk since anyone can boot it and copy files off the drive.

OTL logfile created on: 6/20/2010 17:47:56 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.75 Gb Total Space | 6.21 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive D: | 136.43 Gb Total Space | 4.13 Gb Free Space | 3.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ME
Current User Name: Jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/20 17:21:55 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
PRC - [2010/05/29 17:57:57 | 003,220,912 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/05/27 05:08:36 | 000,436,267 | ---- | M] (http://www.ruby-lang.org/) -- C:\metasploit\ruby\bin\rubyw.exe
PRC - [2010/05/21 00:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2010/05/21 00:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/05/21 00:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2010/05/20 23:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/05/19 07:49:40 | 000,414,736 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2010/05/19 07:49:40 | 000,252,944 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2010/04/25 13:37:07 | 003,075,576 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/04/25 13:34:44 | 006,785,808 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/04/25 13:29:11 | 003,506,680 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/04/25 13:23:58 | 001,284,600 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2010/04/19 20:03:32 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/04/19 20:03:32 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/19 20:03:32 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/17 17:56:06 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/03/24 16:38:23 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/03/24 16:38:19 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/24 16:38:19 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/03/18 15:07:02 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/03/02 22:33:24 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Jay\Local Settings\Application Data\MagicsilencePlugin\MagicsilencePlugin.exe
PRC - [2010/02/27 06:46:32 | 012,526,424 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Jay\Application Data\mjusbsp\magicJack.exe
PRC - [2009/11/03 15:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 15:45:52 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/11/03 15:45:48 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/11/03 15:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/11/03 15:35:14 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/11/03 15:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/10/11 04:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/09/30 00:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/29 05:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) -- C:\metasploit\apache2\bin\httpd.exe
PRC - [2009/07/30 19:39:12 | 001,216,648 | ---- | M] (Ext2Fsd Group (www.ext2fsd.com)) -- C:\Program Files\Ext2Fsd\Ext2Mgr.exe
PRC - [2009/06/28 05:42:41 | 004,505,600 | ---- | M] (PostgreSQL Global Development Group) -- C:\metasploit\postgresql\bin\postgres.exe
PRC - [2009/06/28 05:42:41 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\metasploit\postgresql\bin\pg_ctl.exe
PRC - [2008/10/27 11:27:12 | 002,620,416 | ---- | M] (Desksware) -- C:\Program Files\Desksware\Power Favorites\Bookmark.exe
PRC - [2008/07/25 13:22:52 | 000,031,744 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\DCSUserProt.exe
PRC - [2008/07/25 13:22:50 | 000,267,287 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\procguard.exe
PRC - [2008/07/25 13:11:58 | 000,120,832 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\pgaccount.exe
PRC - [2008/05/01 08:52:36 | 000,200,704 | ---- | M] (OptionNV) -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
PRC - [2008/04/14 07:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 15:11:56 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/11/15 11:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007/05/11 16:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/11/03 10:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2004/06/15 15:02:04 | 000,582,144 | ---- | M] (Basta Computing) -- C:\Program Files\Basta Computing\Horas\Horas.exe
PRC - [2003/07/25 02:40:06 | 000,335,872 | ---- | M] (Globe Software) -- C:\Program Files\Globe Software\StatBar\StatBar.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe
PRC - [1999/05/15 10:48:00 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\Clipomatic\Clipomatic.exe

========== Modules (SafeList) ==========

MOD - [2010/06/20 17:21:55 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
MOD - [2010/04/25 13:24:58 | 001,004,024 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/04/14 07:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 07:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 07:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 07:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 07:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/01/29 15:05:22 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007/03/27 01:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (TivoBeacon2)
SRV - [2010/06/15 23:38:10 | 001,585,152 | ---- | M] (NanJing Nagasoft Co, LTD.) [On_Demand | Stopped] -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2010/05/27 05:08:36 | 000,436,267 | ---- | M] (http://www.ruby-lang.org/) [Auto | Running] -- C:\metasploit\ruby\bin\rubyw.exe -- (metasploitThin)
SRV - [2010/05/27 05:08:36 | 000,436,267 | ---- | M] (http://www.ruby-lang.org/) [Auto | Running] -- C:\metasploit\ruby\bin\rubyw.exe -- (metasploitProSvc)
SRV - [2010/05/21 00:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/05/21 00:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/05/21 00:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/05/20 23:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/05/12 05:07:04 | 000,084,657 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- C:\Program Files\rapid7\nexpose\nsc\nxpgsql\pgsql\bin\pg_ctl.exe -- (nxpgsql)
SRV - [2010/04/27 16:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/04/25 13:29:11 | 003,506,680 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/04/25 13:23:58 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/04/19 20:03:32 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/04/19 20:03:32 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/04/19 20:03:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/17 17:56:06 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/04/12 09:24:12 | 000,010,240 | ---- | M] (Tenable Network Security, Inc) [On_Demand | Stopped] -- C:\Program Files\Tenable\Nessus\nessus-service.exe -- (Tenable Nessus)
SRV - [2010/03/24 16:38:23 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/01/27 09:09:02 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/11/03 15:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/11/03 15:45:52 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2009/11/03 15:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/11/03 15:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/10/22 16:27:36 | 000,356,008 | ---- | M] (Elcomsoft Co. Ltd.) [On_Demand | Stopped] -- C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe -- (ElcomSoftDistributedPasswordRecoveryServer)
SRV - [2009/09/30 00:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/29 05:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\metasploit\apache2\bin\httpd.exe -- (metasploitApache)
SRV - [2009/07/30 19:39:12 | 001,216,648 | ---- | M] (Ext2Fsd Group (www.ext2fsd.com)) [Auto | Running] -- C:\Program Files\Ext2Fsd\Ext2Mgr.exe -- (Ext2Mgr)
SRV - [2009/07/09 22:02:02 | 000,329,072 | ---- | M] (GFI Software Ltd.) [On_Demand | Stopped] -- C:\Program Files\GFI\LANguard 9.0\lnssatt.exe -- (gfi_lanss9_attservice)
SRV - [2009/06/28 05:42:41 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\metasploit\postgresql\bin\pg_ctl.exe -- (metasploitPostgreSQL-1)
SRV - [2009/06/28 05:42:41 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\metasploit\postgresql\bin\pg_ctl.exe -- (metasploitPostgreSQL)
SRV - [2008/12/19 01:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2008/11/02 20:48:48 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/09/12 01:58:40 | 000,258,048 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe -- (Franson GpsGate 2.0)
SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/09/05 05:09:02 | 000,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/08/01 05:41:46 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008/07/25 13:22:52 | 000,031,744 | ---- | M] (DiamondCS) [Auto | Running] -- C:\Program Files\ProcessGuard\dcsuserprot.exe -- (DCSPGSRV)
SRV - [2008/05/01 08:52:36 | 000,200,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2008/02/29 05:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/11/15 11:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/07/15 15:30:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/11 16:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2006/11/03 10:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/07/07 08:41:42 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gizmo Project\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/05/04 09:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2005/01/04 02:11:00 | 000,237,626 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Nfserver\nfsd.exe -- (Omni-NFS Server)
SRV - [2003/04/08 02:11:00 | 000,118,784 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Nfserver\Lpd.exe -- (XLink LPD)

========== Driver Services (SafeList) ==========

DRV - [2010/06/19 03:01:27 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2010/05/21 00:56:56 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/05/21 00:56:56 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2010/05/21 00:55:04 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/05/21 00:54:02 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/05/21 00:53:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/05/20 23:40:08 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/05/20 21:19:20 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2010/05/20 21:19:20 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 16:41:40 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/04/25 13:25:50 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/04/25 13:25:46 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/04/25 13:25:41 | 000,225,936 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/04/17 17:56:02 | 000,115,944 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/04/06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010/04/06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010/04/06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010/03/24 16:38:23 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/03/24 16:38:23 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 19:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/27 09:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/08 22:06:09 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/12/03 00:06:12 | 000,126,542 | ---- | M] (R-TT Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\R-Drive Image\R-ImageDisk.sys -- (R-ImageDisk)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/26 05:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/10/05 04:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/27 00:57:34 | 000,025,768 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/07/26 16:22:34 | 000,651,264 | ---- | M] (www.ext2fsd.com) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2009/06/26 14:21:34 | 000,323,328 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2009/06/11 15:22:26 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/07 19:45:24 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ekauio.sys -- (Ekauio)
DRV - [2009/03/15 17:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/26 05:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/30 14:43:59 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/11/21 11:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/11/02 20:48:39 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/11/02 20:48:39 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/11/01 22:46:48 | 000,094,608 | ---- | M] (R-TT Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\R-Drive Image\DrvSnSht.sys -- (DrvSnSht)
DRV - [2008/09/05 05:03:54 | 000,032,408 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/21 03:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/08/21 03:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2008/08/14 07:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/08/01 05:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/07/25 13:33:06 | 000,026,688 | ---- | M] (DiamondCS) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\procguard.sys -- (procguard)
DRV - [2008/07/23 17:33:07 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
DRV - [2008/06/26 06:26:36 | 000,335,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/06/20 06:38:34 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/06/08 23:37:56 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2008/06/08 23:37:46 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2008/04/14 01:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 01:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 01:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 01:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 01:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 01:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 01:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 23:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 05:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/17 19:55:44 | 000,021,888 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hopperp.sys -- (HopperP) WiFi Hopper (XP)
DRV - [2008/02/17 09:15:06 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/02/17 09:15:04 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/02/17 09:15:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/02/17 09:15:00 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/17 09:14:58 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/17 09:14:56 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/02/17 09:14:52 | 000,539,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/02/09 02:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2008/01/21 08:36:56 | 000,035,840 | ---- | M] (Sax software company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SAXNDIS.sys -- (SaxNDIS) Ax3soft Packet Driver (SaxNDIS)
DRV - [2008/01/04 07:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/11/10 04:57:58 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FireLion Softwares\Anti Keyloggers\kguard.sys -- (kguard)
DRV - [2007/09/24 17:12:46 | 000,029,768 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2007/06/27 12:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 12:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/06/19 02:15:44 | 000,025,773 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2007/06/17 12:43:50 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/06/12 11:08:44 | 000,052,944 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate)
DRV - [2007/06/12 11:08:38 | 000,026,448 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software)
DRV - [2007/05/29 11:38:10 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2007/05/29 11:38:10 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (INFUNLTD)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/03 21:22:04 | 000,188,672 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2007/04/04 20:27:14 | 001,471,104 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b) Vimicro USB PC Camera (ZC0301PL)
DRV - [2007/03/31 02:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/02/26 23:45:39 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2007/02/07 15:46:52 | 000,017,280 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2007/01/15 11:00:06 | 000,045,056 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2006/11/21 18:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R)
DRV - [2006/10/01 19:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/09/08 17:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/07/25 00:00:00 | 000,498,464 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0230VID.sys -- (V0230VID)
DRV - [2006/04/27 04:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/04/03 22:00:56 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006/03/27 01:51:14 | 000,030,820 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2006/03/24 00:00:00 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0230Vfx.sys -- (V0230Vfx)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/03/07 22:36:20 | 000,013,351 | ---- | M] (ISecSoft Inc.) [Kernel | Auto | Running] -- C:\Program Files\Anti Keylogger Elite\AKEProtect.sys -- (AKEProtect)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/12 08:36:00 | 000,009,760 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\softctrl.sys -- (softctrl)
DRV - [2005/11/01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/23 13:38:54 | 000,068,260 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005/09/20 06:23:02 | 000,238,080 | ---- | M] (TamoSoft, Inc.) [CommView] Intel(R) PRO/Wireless 7100 Adapter Driver [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\commipw.sys -- (CommIpw)
DRV - [2005/08/13 05:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 08:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 08:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 08:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/07/15 02:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/01/13 10:06:48 | 000,035,107 | ---- | M] (Winternals) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VDiskBus.sys -- (vdiskbus)
DRV - [2004/10/15 18:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/21 00:44:48 | 000,005,652 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/08/04 10:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/10 21:54:26 | 000,024,576 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801co.sys -- (tap0801co) TAP-Win32 Adapter V8 (coLinux)
DRV - [2004/04/02 03:13:36 | 000,091,392 | ---- | M] (TamoSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\commsym.sys -- (COMMSYM)
DRV - [2004/03/24 09:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/02/13 21:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/10/03 05:47:14 | 000,666,624 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMUSB.sys -- (PRISM_USB)
DRV - [2002/12/16 18:11:02 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2002/12/16 18:11:02 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2001/08/18 04:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/18 02:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 02:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 02:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 02:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 02:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 01:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 01:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 01:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 01:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 01:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 01:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 01:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 01:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 01:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 01:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/09/19 11:16:56 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DLPORTIO.SYS -- (DLPortIO)

Jayman007 · 2010/06/20

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061004
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061004

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 13:55:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/06/27 21:35:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/10 00:03:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/17 01:29:11 | 000,000,000 | ---D | M]

[2008/07/01 15:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions
[2008/10/06 15:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\3b24fhi1.New profile\extensions
[2010/06/20 11:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions
[2010/01/17 11:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/18 20:15:18 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/29 02:44:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/26 06:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/06/02 17:27:10 | 000,000,000 | ---D | M] (Leet Key) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{3335F91D-2AEF-4097-B831-C96C60349822}
[2010/03/17 11:56:44 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/12 16:22:52 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/06/12 14:57:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/01 04:38:36 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2010/06/04 06:18:45 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/05/29 11:26:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010/04/30 19:09:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/18 04:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/11/22 06:02:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/08/01 03:15:46 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/05/27 00:02:15 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/04/29 02:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\amznUWL@amazon.com
[2010/05/19 20:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\bettergmail2@ginatrapani.org
[2009/01/07 10:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\bkmrksync@nokia.com
[2010/06/10 12:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\canitbecheaper@trafficbroker.co.uk
[2010/02/12 13:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\change@c-est-simple.com
[2010/06/04 06:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\firefox-tagger@yapta.com
[2010/05/28 15:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\izer@camelcamelcamel.com
[2009/02/24 11:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\LogMeInClient@logmein.com
[2010/03/13 02:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\master@desksware.com
[2010/05/12 15:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\ShortenURL@loucypher
[2009/07/13 18:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\TabSidebar@blueprintit.co.uk
[2010/03/16 18:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\ruv5qlwc.original\extensions\tinyurl.addon@fast-chat.co.uk
[2010/06/20 11:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/05 00:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/15 14:06:43 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2010/04/29 15:42:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/12/16 08:41:23 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2008/06/18 13:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/02 23:37:48 | 000,061,440 | ---- | M] (Joost Technologies B.V. ) -- C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
[2006/01/19 02:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2010/06/20 02:01:54 | 000,001,437 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Powermarks IEC) - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\Program Files\Powermarks 3.5\iec.dll (Kaylon Technologies Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Spb Wallet) - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Powermarks) - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\Program Files\Powermarks 3.5\iec.dll (Kaylon Technologies Inc.)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
O4 - HKLM..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
O4 - HKCU..\Run: [!1_ProcessGuard_Startup] C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
O4 - HKCU..\Run: [Antivirus System Tray Tool] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Jay\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\KeyScrambler.exe (QFX Software Corporation)
O4 - HKCU..\Run: [pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKCU..\Run: [StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKCU..\Run: [WinPatrol PLUS] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Jay\Start Menu\Programs\Startup\MagicsilencePlugin.lnk = C:\Documents and Settings\Jay\Local Settings\Application Data\MagicsilencePlugin\MagicsilencePlugin.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Power Favorites - C:\Program Files\Desksware\Power Favorites\copyurl.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files\Internet Download Manager\IEGetVL2.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll (VisualWare)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKCU\..Trusted Domains: advanta.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: commerceonline.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: forexdirectory.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ingdirect.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: macromedia.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: nv.gov ([www.nevadatax] https in Trusted sites)
O15 - HKCU\..Trusted Domains: scbeasy.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: schickquattro.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: vaporwarez.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vaporwarez.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wamu.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\KeyScrambler: DllName - KeyScramblerLogon.dll - C:\WINDOWS\System32\KeyScramblerLogon.dll (QFX Software Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jay\Application Data\FastStone\FSIV\FSViewerWallPaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jay\Application Data\FastStone\FSIV\FSViewerWallPaper.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 16:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/07 18:50:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/20 17:21:58 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay\Desktop\OTL.exe
[2010/06/20 17:19:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/20 02:10:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/19 12:32:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/19 12:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\HostsXpert
[2010/06/19 05:08:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jay\Recent
[2010/06/19 02:35:25 | 000,000,000 | ---D | C] -- C:\metasploit
[2010/06/19 02:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\MagicRingForever
[2010/06/19 02:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\MagicsilencePlugin
[2010/06/18 04:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Dell
[2010/06/18 04:16:28 | 000,000,000 | ---D | C] -- C:\iolo
[2010/06/18 04:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\iolo
[2010/06/18 04:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/06/18 03:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/06/18 01:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2010/06/17 13:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\RegCure download from 7sky.at.ua
[2010/06/13 01:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\BlueSoleil 6.4.314.3
[2010/06/12 23:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\BlueSol.ver6.4.249.0.KEYMAKER.maxiumaaaaa
[2010/06/11 11:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\magicBlock
[2010/06/11 00:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2010/06/10 23:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Ekahau Site Survey
[2010/06/10 23:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\Ekahau
[2010/06/09 22:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/06/08 17:42:07 | 000,000,000 | ---D | C] -- D:\My Documents\GpsGate
[2010/06/08 17:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Franson
[2010/06/08 11:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\MetaGeek,_LLC
[2010/06/08 11:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2010/06/07 17:08:48 | 000,000,000 | ---D | C] -- C:\pioneerpsg
[2010/06/07 16:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\PioneerPSG
[2010/06/03 16:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Config
[2010/06/03 16:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Inet
[2010/06/02 22:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\Traders Pro Elite
[2010/05/30 05:08:45 | 000,000,000 | ---D | C] -- D:\My Documents\My Virtual Machines
[2010/05/30 03:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\VMware
[2010/05/30 03:22:06 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2010/05/30 03:22:04 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2010/05/30 03:22:01 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2010/05/30 03:21:53 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2010/05/30 03:21:33 | 000,024,624 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2010/05/30 03:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/05/30 02:30:30 | 000,000,000 | ---D | C] -- C:\TopoGrafix Image Files
[2010/05/27 04:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/05/27 04:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/05/27 02:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Malwarebytes
[2010/05/27 02:09:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/27 02:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/27 02:09:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/27 02:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 00:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/05/23 22:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\X-NetStat
[2010/05/23 22:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\X-NetStat Professional
[2010/05/22 23:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\SAK
[2010/05/22 19:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\.gem
[2010/05/21 23:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\backup-date250109
[2010/05/21 23:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\CORE Security Technologies
[2010/05/21 23:10:23 | 000,090,112 | ---- | C] (E-Tech.CA) -- C:\Documents and Settings\Jay\Desktop\dc2000.exe
[2010/05/21 19:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\ProcessLasso
[2010/05/21 19:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
[2010/05/21 04:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\Security Tools
[2010/05/21 04:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\GFI
[2010/05/21 04:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\GLNSS9020090709
[2010/05/21 04:00:04 | 000,000,000 | ---D | C] -- C:\Snort
[2010/05/21 00:56:56 | 000,854,064 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmx86.sys
[2010/05/21 00:56:56 | 000,070,704 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmci.sys
[2010/05/21 00:54:02 | 000,051,248 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetbridge.dll
[2010/05/21 00:54:02 | 000,032,688 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetbridge.sys
[2010/05/20 23:40:08 | 000,032,304 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\hcmon.sys
[2010/05/20 23:13:38 | 000,252,464 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnc.dll
[2010/05/20 21:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\Rob
[2010/05/20 21:19:20 | 000,059,952 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetinst.dll
[2010/05/20 21:19:20 | 000,031,280 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmusb.sys
[2010/05/20 21:19:20 | 000,018,736 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnet.sys
[2010/05/20 21:19:20 | 000,016,560 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetadapter.sys
[2010/05/20 20:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/20 20:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/20 20:12:35 | 000,000,000 | ---D | C] -- C:\PhotoshopPortable
[2010/05/20 16:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2010/05/20 02:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\5350-8641-2429-7641-5705
[2010/05/19 18:55:00 | 000,000,000 | ---D | C] -- D:\My Documents\Pioneer Protective Services Group
[2010/05/15 15:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\VS Revo Group
[2010/05/15 15:14:39 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/05/15 04:29:25 | 000,038,976 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys
[2010/05/15 03:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\rapid7
[2010/05/14 16:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\.zenmap
[2010/05/14 16:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nmap
[2010/05/14 16:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Metasploit
[2010/05/14 04:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/05/14 04:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/14 04:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\SystemRequirementsLab
[2010/05/12 18:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Tadawulfx Trader 4
[2010/05/11 08:49:01 | 000,000,000 | ---D | C] -- C:\Hashfile
[2010/05/11 07:58:01 | 000,000,000 | ---D | C] -- D:\My Documents\vaporstore payments
[2010/05/09 16:49:14 | 000,000,000 | ---D | C] -- D:\My Documents\Avatars
[2010/05/06 17:52:31 | 000,000,000 | ---D | C] -- C:\Device
[2010/05/05 20:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Typograf
[2010/05/03 15:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\New Folder
[2010/05/01 01:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Serif
[2010/04/30 23:30:28 | 000,044,544 | ---- | C] (DiamondCS) -- C:\WINDOWS\System32\procguard.dll
[2010/04/30 23:30:28 | 000,026,688 | ---- | C] (DiamondCS) -- C:\WINDOWS\System32\drivers\procguard.sys
[2010/04/30 22:59:07 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010/04/30 22:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/04/30 18:56:46 | 000,000,000 | ---D | C] -- D:\My Documents\Web Easy
[2010/04/30 18:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest
[2010/04/30 18:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\site pics
[2010/04/29 20:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\FileZilla
[2010/04/29 20:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/04/27 16:42:46 | 000,064,960 | ---- | C] (StorageCraft Technology Corporation) -- C:\WINDOWS\System32\drivers\stcp2v30.sys
[2010/04/27 14:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/04/25 19:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\Coins
[2010/04/22 23:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\MetaTrader - FXOpen
[2010/04/19 23:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\CMS MetaTrader 4 Client Terminal
[2010/04/17 11:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\FX Zapper V1.2 Package
[2010/04/16 17:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Desktop\soons phone vids
[2010/04/15 00:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Candleworks
[2010/04/14 23:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\FXCM MT4 powered by BT
[2010/04/13 20:40:44 | 004,199,784 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2010/04/13 20:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2010/04/11 03:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Password Remover
[2010/04/08 00:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\mkvtoolnix
[2010/04/08 00:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix
[2010/04/05 18:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/05 18:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/04/04 12:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Transmission Remote
[2010/04/03 15:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/04/03 11:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Application Data\Canneverbe Limited
[2010/04/03 11:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/04/03 11:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/03/29 19:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\wizdXP
[2010/03/29 19:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\wizdxp
[2010/03/28 12:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/03/28 12:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/03/28 12:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\Apple
[2010/03/28 12:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/03/28 12:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/03/28 12:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jay\Local Settings\Application Data\Apple Computer
[2010/03/27 22:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/03/27 21:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/03/24 11:40:30 | 000,651,264 | ---- | C] (www.ext2fsd.com) -- C:\WINDOWS\System32\drivers\ext2fsd.sys
[2010/03/24 11:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ext2Fsd
[2010/03/22 21:11:40 | 000,313,168 | ---- | C] (Serif (Europe) Ltd) -- C:\WINDOWS\System32\WPPFilt.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\Documents and Settings\Jay\*.tmp files -> C:\Documents and Settings\Jay\*.tmp -> ]

Jayman007 · 2010/06/20

========== Files Created - No Company Name ==========

[2010/06/19 05:22:01 | 000,008,330 | ---- | C] () -- D:\My Documents\cc_20100619_052157.reg
[2010/06/19 04:29:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/06/19 02:11:45 | 000,001,209 | ---- | C] () -- C:\Documents and Settings\Jay\Start Menu\Programs\Startup\MagicsilencePlugin.lnk
[2010/06/18 19:24:43 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\c66wtg28.exe
[2010/06/18 14:29:17 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Advanced JPEG Compressor.lnk
[2010/06/18 04:29:45 | 000,002,630 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Dell Driver Download Manager.lnk
[2010/06/18 04:01:15 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/06/18 03:32:14 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/06/17 23:58:55 | 000,115,398 | ---- | C] () -- D:\My Documents\cc_20100617_235848.reg
[2010/06/17 23:19:43 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\dds.EXE
[2010/06/17 16:56:00 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/06/15 22:51:03 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/06/11 13:52:42 | 011,137,024 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\gmapsupp.img
[2010/06/11 00:07:32 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xirrus Wi-Fi Inspector.lnk
[2010/06/08 17:46:52 | 000,089,210 | ---- | C] () -- D:\My Documents\50012_1.8WSolarManual.pdf
[2010/06/07 16:49:05 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\logo.png
[2010/06/07 12:06:30 | 000,098,204 | ---- | C] () -- D:\My Documents\Welcome to SCB Easy Net headset redacted.pdf
[2010/06/07 12:05:56 | 000,096,887 | ---- | C] () -- D:\My Documents\Welcome to SCB Easy Net headset.pdf
[2010/06/07 11:16:32 | 000,111,889 | ---- | C] () -- D:\My Documents\Welcome to SCB Easy Net 1500 528 .pdf
[2010/06/04 14:54:21 | 004,280,249 | ---- | C] () -- D:\My Documents\joomla_15_quickstart.pdf
[2010/06/01 14:24:50 | 002,615,349 | ---- | C] () -- D:\My Documents\41910.pdf
[2010/06/01 09:57:42 | 000,429,832 | ---- | C] () -- D:\My Documents\alfa-awus036h-awus050nh-installing-drivers.pdf
[2010/05/31 11:40:25 | 000,358,803 | ---- | C] () -- D:\My Documents\GoldWars.pdf
[2010/05/27 05:59:47 | 000,132,622 | ---- | C] () -- D:\My Documents\Statement_May 2010.pdf
[2010/05/26 20:53:37 | 001,400,639 | ---- | C] () -- D:\My Documents\PPSG_Logo_2.pdf
[2010/05/26 01:30:56 | 001,018,694 | ---- | C] () -- D:\My Documents\PPSG_Logo.pdf
[2010/05/25 15:47:55 | 000,817,550 | ---- | C] () -- D:\My Documents\Cannot start magicJack.pdf
[2010/05/25 00:59:06 | 000,388,823 | ---- | C] () -- C:\hping.exe
[2010/05/24 02:25:43 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\StopAutoShares.reg
[2010/05/23 23:03:59 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\keygen.exe
[2010/05/22 15:52:52 | 000,060,270 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Welcome to SCB Easy Net new.pdf
[2010/05/20 21:30:17 | 001,569,290 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Welcome to SCB Easy Net.psd
[2010/05/20 19:30:52 | 000,044,059 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Welcome to SCB Easy Net.pdf
[2010/05/20 01:43:13 | 000,428,501 | ---- | C] () -- D:\My Documents\browser-uniqueness.pdf
[2010/05/19 23:14:34 | 000,246,971 | ---- | C] () -- D:\My Documents\051810_virtual_townhall.pdf
[2010/05/18 01:19:59 | 000,040,597 | ---- | C] () -- D:\My Documents\LNB+V-H.pdf
[2010/05/18 01:18:56 | 000,053,552 | ---- | C] () -- D:\My Documents\DiseqPositioner.pdf
[2010/05/18 01:18:29 | 000,021,109 | ---- | C] () -- D:\My Documents\LNB-4.pdf
[2010/05/18 01:18:10 | 000,010,785 | ---- | C] () -- D:\My Documents\LNB-2.pdf
[2010/05/18 01:17:39 | 000,063,572 | ---- | C] () -- D:\My Documents\mixTV.pdf
[2010/05/18 01:17:07 | 000,145,220 | ---- | C] () -- D:\My Documents\compass.pdf
[2010/05/18 01:16:33 | 000,085,500 | ---- | C] () -- D:\My Documents\4x4Great.pdf
[2010/05/18 01:15:01 | 000,087,432 | ---- | C] () -- D:\My Documents\4x4LNBMazz.pdf
[2010/05/18 01:13:29 | 000,103,714 | ---- | C] () -- D:\My Documents\Mz830-C-Ku.pdf
[2010/05/18 01:12:59 | 000,059,542 | ---- | C] () -- D:\My Documents\C-Ku-2.pdf
[2010/05/16 09:13:32 | 000,278,356 | ---- | C] () -- D:\My Documents\Cracking_Passwords_Guide.pdf
[2010/05/16 07:37:55 | 001,732,286 | ---- | C] () -- D:\My Documents\OASettings100516.OA
[2010/05/15 15:14:40 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/05/15 11:47:14 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Jay\.recently-used.xbel
[2010/05/15 04:21:04 | 000,209,898 | ---- | C] () -- D:\My Documents\Nessus_Activation_Code_Installation.pdf
[2010/05/15 03:02:27 | 000,308,210 | ---- | C] () -- D:\My Documents\NeXpose_Extended_API_v1.2_Guide.pdf
[2010/05/15 03:00:35 | 000,206,869 | ---- | C] () -- D:\My Documents\NeXposeQuickInstall.pdf
[2010/05/14 04:40:46 | 000,021,963 | ---- | C] () -- D:\My Documents\wordlist_tools.sh
[2010/05/14 03:43:07 | 000,377,271 | ---- | C] () -- D:\My Documents\Silky_report.pdf
[2010/05/12 22:28:30 | 000,274,247 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\post-a75824-cambodia-inter3.jpg.html
[2010/05/12 19:06:57 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\FXDD - MetaTrader.lnk
[2010/05/12 18:34:27 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tadawulfx trader 4.lnk
[2010/05/10 06:05:07 | 000,346,624 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\epen.jpg
[2010/05/10 02:49:02 | 000,002,472 | ---- | C] () -- D:\My Documents\QOS.w54
[2010/05/09 03:31:28 | 001,022,470 | ---- | C] () -- D:\My Documents\Backtrack_4_How_To_Nessus_4_2_Persistent_Changes.pdf
[2010/05/09 03:30:39 | 000,999,251 | ---- | C] () -- D:\My Documents\Backtrack_4_USB_Full_Disk_Encryption.pdf
[2010/05/04 04:46:01 | 000,988,342 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\wpa-01.cap
[2010/05/04 02:22:33 | 017,350,974 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Hack.wmv
[2010/05/03 01:55:17 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\windirstat.exe.lnk
[2010/05/03 01:33:20 | 000,041,451 | ---- | C] () -- D:\My Documents\margin_change.pdf
[2010/05/02 18:38:18 | 000,002,803 | ---- | C] () -- C:\settings.cfg
[2010/04/30 22:58:26 | 000,005,278 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/04/29 03:08:56 | 000,665,088 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Webpage PPSG.pub
[2010/04/29 03:02:48 | 000,029,027 | ---- | C] () -- D:\My Documents\2010_4_15_18_0_1_2.pdf
[2010/04/27 14:11:55 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\SopCast.lnk
[2010/04/24 23:33:51 | 000,019,374 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Bhumbol_and_Sirikit.jpg
[2010/04/22 23:55:10 | 000,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MetaTrader - FXOpen.lnk
[2010/04/22 21:16:01 | 000,064,384 | ---- | C] () -- D:\My Documents\UGN-3050_Personal-Tracker.pdf
[2010/04/22 18:33:38 | 000,845,132 | ---- | C] () -- D:\My Documents\bluediving-0.9.gz
[2010/04/22 18:28:13 | 000,820,137 | ---- | C] () -- D:\My Documents\bluediving-0.8.gz
[2010/04/22 18:19:06 | 000,043,748 | ---- | C] () -- D:\My Documents\Blooover.jar
[2010/04/22 18:08:38 | 000,362,135 | ---- | C] () -- D:\My Documents\21c3_Bluetooth_Hacking.pdf
[2010/04/22 17:45:40 | 000,188,361 | ---- | C] () -- D:\My Documents\FANTOMDRIVES22-207-017Apr16Apr3010ls41.pdf
[2010/04/22 17:04:06 | 001,273,638 | ---- | C] () -- D:\My Documents\DEE-iN_GPS_TRACKING.pdf
[2010/04/22 16:51:01 | 000,337,176 | ---- | C] () -- D:\My Documents\ACCESSORIESGPS.pdf
[2010/04/22 16:43:49 | 000,909,936 | ---- | C] () -- D:\My Documents\fulltext.pdf
[2010/04/20 19:03:15 | 000,293,909 | ---- | C] () -- D:\My Documents\en_US-customer_agreement-fxddmalta.pdf
[2010/04/20 09:31:16 | 000,894,503 | ---- | C] () -- D:\My Documents\FXS Express Monthly - April 10.pdf
[2010/04/19 23:38:57 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CMS MetaTrader 4 Client Terminal.lnk
[2010/04/19 22:58:41 | 000,029,027 | ---- | C] () -- D:\My Documents\2010_4_15_18_0_1.pdf
[2010/04/19 22:47:03 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VTTrader 2.lnk
[2010/04/19 13:20:51 | 000,134,389 | ---- | C] () -- D:\My Documents\2e.tuckwellLBMAConf2003.pdf
[2010/04/19 13:15:17 | 000,020,464 | ---- | C] () -- D:\My Documents\cometa.pdf
[2010/04/19 13:12:16 | 002,053,006 | ---- | C] () -- D:\My Documents\COMETA_part2.pdf
[2010/04/19 13:11:19 | 000,773,433 | ---- | C] () -- D:\My Documents\COMETA_part1.pdf
[2010/04/19 10:03:46 | 000,045,928 | ---- | C] () -- D:\My Documents\obama-briefing-intro-letter.pdf
[2010/04/16 10:58:12 | 000,008,790 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\n781974571_4410.jpg
[2010/04/16 10:57:37 | 000,009,664 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\5453_1177520566373_1478899103_448840_7975285_n.jpg
[2010/04/16 10:46:38 | 000,046,800 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\23968_102493123125729_100000951257443_15513_5303731_n.jpg
[2010/04/15 00:31:25 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FXCM Trading Station.lnk
[2010/04/14 23:50:06 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FXCM MT4 powered by BT.lnk
[2010/04/14 09:46:52 | 000,328,857 | ---- | C] () -- D:\My Documents\CCTV.pdf
[2010/04/13 20:39:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/04/13 20:35:26 | 000,030,461 | ---- | C] () -- D:\My Documents\securepay.fxcm.co.u...pdf
[2010/04/13 08:56:38 | 000,035,526 | ---- | C] () -- D:\My Documents\ESign Nevada.pdf
[2010/04/13 03:56:49 | 000,907,607 | ---- | C] () -- D:\My Documents\Passport_SSN_CADL.pdf
[2010/04/13 03:48:48 | 000,019,545 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/04/13 03:48:48 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/04/12 12:16:32 | 000,059,829 | ---- | C] () -- D:\My Documents\Online trading application fxcm ...pdf
[2010/04/12 12:13:11 | 000,010,504 | ---- | C] () -- D:\My Documents\Online trading application ...pdf
[2010/04/11 22:02:31 | 000,522,781 | ---- | C] () -- D:\My Documents\user guide for connecttalk softphone.pdf
[2010/04/11 03:08:40 | 000,059,289 | ---- | C] () -- D:\My Documents\loat_signed.pdf
[2010/04/11 03:07:47 | 000,644,687 | ---- | C] () -- D:\My Documents\loat.1.pdf
[2010/04/09 20:16:08 | 000,161,196 | ---- | C] () -- C:\Documents and Settings\Jay\Desktop\Buzz.mp3
[2010/04/08 00:58:57 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mkvmerge GUI.lnk
[2010/04/07 22:58:39 | 000,292,650 | ---- | C] () -- D:\My Documents\file_4.pdf
[2010/04/07 01:27:37 | 000,648,745 | ---- | C] () -- D:\My Documents\LOAT_2.pdf
[2010/04/06 02:44:50 | 000,386,462 | ---- | C] () -- D:\My Documents\SF4000_Account_Transfer_Form.pdf
[2010/04/06 02:28:14 | 000,156,985 | ---- | C] () -- D:\My Documents\file_3.pdf
[2010/04/05 22:08:01 | 000,317,024 | ---- | C] () -- D:\My Documents\[OPEN_SOURCE_GUIDE]BN68-02223A_3.pdf
[2010/04/05 22:07:02 | 000,317,024 | ---- | C] () -- D:\My Documents\[OPEN_SOURCE_GUIDE]BN68-02223A_2.pdf
[2010/04/05 22:05:38 | 000,317,024 | ---- | C] () -- D:\My Documents\[OPEN_SOURCE_GUIDE]BN68-02223A.pdf
[2010/04/05 22:04:44 | 000,265,074 | ---- | C] () -- D:\My Documents\TV_Software_Upgrade_Guide_2.pdf
[2010/04/05 22:00:08 | 000,420,296 | ---- | C] () -- D:\My Documents\swupgrade_Guide_-_Eng.pdf
[2010/04/05 21:57:43 | 000,265,074 | ---- | C] () -- D:\My Documents\TV_Software_Upgrade_Guide.pdf
[2010/04/05 19:59:50 | 003,432,834 | ---- | C] () -- D:\My Documents\BN68-01983A-00Eng-0317.pdf
[2010/04/05 02:37:26 | 500,236,323 | ---- | C] () -- C:\Exploited teen asia Filipino bar teen anal.wmv
[2010/04/04 04:39:33 | 001,272,114 | ---- | C] () -- D:\My Documents\OASettings100404.OA
[2010/04/03 11:21:51 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/04/01 22:28:18 | 000,111,513 | ---- | C] () -- C:\WINDOWS\System32\3x4KT-HE.exe
[2010/04/01 01:59:17 | 000,006,742 | ---- | C] () -- D:\My Documents\Iron Man 2 [2010] English DVDRip.XviD-ALLiANCE.nfo
[2010/03/31 20:21:30 | 000,005,033 | ---- | C] () -- C:\WirelessDiagLog.csv
[2010/03/30 15:57:13 | 000,029,194 | ---- | C] () -- D:\My Documents\060327m.pdf
[2010/03/27 23:31:36 | 000,042,671 | ---- | C] () -- D:\My Documents\ref 103 Taking Erythromycin.pdf
[2010/03/27 22:32:06 | 000,665,728 | ---- | C] () -- D:\My Documents\2006.pdf
[2010/03/27 22:30:29 | 000,053,826 | ---- | C] () -- D:\My Documents\treat1.pdf
[2010/01/27 09:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/30 05:45:46 | 000,020,849 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2009/06/30 16:08:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/28 07:21:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/06/08 08:58:17 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/12/07 12:44:54 | 000,025,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2008/11/14 12:45:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\startUp manager.INI
[2008/11/03 12:28:30 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\Bmp2Jpeg.dll
[2008/10/15 18:48:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2008/10/07 14:32:29 | 000,000,099 | ---- | C] () -- C:\WINDOWS\(null)toolkit.ini
[2008/09/29 08:52:51 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/09/29 08:52:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/09/29 08:52:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/09/29 08:52:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/09/12 01:58:50 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\GpsGateComClient.dll
[2008/09/12 01:56:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\GateApiXP.dll
[2008/08/04 03:45:47 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Dreambox Uploader.ini
[2008/07/23 17:33:07 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\socketlock.sys
[2008/06/02 09:27:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/02 09:27:23 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/05/27 08:52:49 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\svconfig.ini
[2008/05/27 07:13:38 | 000,000,873 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2008/05/23 05:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/23 05:19:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/16 14:50:56 | 000,000,160 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2008/05/16 14:47:54 | 000,000,064 | -H-- | C] () -- C:\WINDOWS\system.sys
[2008/03/12 03:47:24 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaConverter.dll
[2008/02/29 05:30:08 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/02/06 02:31:50 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaReveal.dll
[2008/02/05 08:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/29 15:05:48 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/01/13 21:07:09 | 000,000,022 | ---- | C] () -- C:\WINDOWS\ShellIcon32.dll
[2007/10/29 04:24:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\pwlang.dll
[2007/10/10 20:00:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\chckshll.dll
[2007/09/24 15:06:06 | 000,034,128 | ---- | C] () -- C:\WINDOWS\OEM_FLASHDRV.dll
[2007/08/24 04:07:20 | 000,000,239 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007/08/21 05:46:07 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2007/08/20 01:50:48 | 000,000,918 | ---- | C] () -- C:\WINDOWS\BOC425.INI
[2007/07/27 03:24:57 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2007/07/27 03:24:17 | 000,585,791 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2007/07/25 02:10:55 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\OmniEOM.dll
[2007/07/25 02:10:55 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nfsshare.dll
[2007/06/21 17:32:49 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2007/06/18 22:09:25 | 000,000,123 | ---- | C] () -- C:\WINDOWS\rootkitno.ini
[2007/06/18 20:58:41 | 000,000,133 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2007/06/08 20:46:39 | 000,000,077 | ---- | C] () -- C:\WINDOWS\lsoon.ini
[2007/05/22 10:13:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/05/22 10:10:26 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX580.ini
[2007/05/18 19:51:54 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/02 16:39:48 | 001,216,512 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/02 16:39:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/21 03:29:02 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\RTClientSDK70.dll
[2007/03/30 14:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/03/21 17:18:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/03/17 07:45:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/07 08:54:55 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/03/06 09:29:11 | 000,000,459 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/03/06 09:29:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/03/06 09:28:26 | 000,000,887 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/03/06 09:28:26 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/03/06 09:27:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/02/27 02:59:14 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2007/02/26 23:45:39 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2007/02/21 03:53:08 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2007/02/12 00:49:20 | 000,000,201 | ---- | C] () -- C:\WINDOWS\AspellPlugin.INI
[2006/12/29 21:08:34 | 000,000,317 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/12/07 21:59:00 | 000,400,896 | ---- | C] () -- C:\WINDOWS\stb_user.dll
[2006/12/07 21:59:00 | 000,146,432 | ---- | C] () -- C:\WINDOWS\stb_struct.dll
[2006/12/07 21:58:55 | 003,693,568 | ---- | C] () -- C:\WINDOWS\stb_prog.dll
[2006/12/07 21:58:53 | 001,199,616 | ---- | C] () -- C:\WINDOWS\stb_import.dll
[2006/12/07 21:58:53 | 000,279,040 | ---- | C] () -- C:\WINDOWS\stb_dwobj.dll
[2006/12/07 21:58:53 | 000,161,280 | ---- | C] () -- C:\WINDOWS\stb_func.dll
[2006/12/07 21:58:52 | 000,688,640 | ---- | C] () -- C:\WINDOWS\stb_comm.dll
[2006/12/07 21:58:51 | 000,376,832 | ---- | C] () -- C:\WINDOWS\Jpeg2Raw.dll
[2006/12/07 21:58:51 | 000,282,624 | ---- | C] () -- C:\WINDOWS\MPEG_ENC_DLL.dll
[2006/12/07 21:58:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\stb_Serial32.dll
[2006/12/07 21:58:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\stb_EzInternet.dll
[2006/12/07 21:58:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\stb_Compress.dll
[2006/12/07 21:58:39 | 000,392,192 | ---- | C] () -- C:\WINDOWS\Libjcc.dll
[2006/12/07 21:58:39 | 000,035,328 | ---- | C] () -- C:\WINDOWS\libjsybheap.dll
[2006/10/13 06:08:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/12 08:06:08 | 000,005,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2006/10/05 11:01:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/05 10:54:09 | 000,000,612 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/05 10:44:36 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/10/05 10:42:22 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/05 10:07:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/10/05 10:06:42 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/19 05:48:00 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\RTClientSDK55.dll
[2006/08/15 23:43:02 | 000,001,147 | ---- | C] () -- C:\WINDOWS\System32\IPCamera.ini
[2006/03/07 15:22:04 | 004,014,080 | ---- | C] () -- C:\WINDOWS\System32\qt-mt335.dll
[2006/03/07 15:22:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\boost_thread-vc71-mt-1_32.dll
[2006/01/26 19:51:57 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2006/01/26 19:51:56 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nlame.dll
[2005/09/21 14:05:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\GpsToolsXP.dll
[2005/09/21 14:05:30 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\GpsViewXP.dll
[2005/09/21 14:05:30 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\MapLibXP.dll
[2005/09/21 14:05:28 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\GpsShapeXP.dll
[2005/09/01 01:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/08/16 16:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/06 02:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/26 03:06:26 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/08/29 16:23:49 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 18:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/19 11:16:56 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLPORTIO.SYS
[2000/07/28 16:15:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\uuddc32.dll

========== LOP Check ==========

[2007/05/20 07:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1.0.0.0
[2008/05/31 14:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/02/16 05:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2007/03/08 07:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/11/24 17:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2006/10/17 06:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Basta Computing
[2007/08/20 01:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOC425
[2010/04/03 11:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2007/08/21 05:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DreamboxManagerSuite
[2010/02/28 18:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2006/10/16 10:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.2 Setup
[2007/03/17 05:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2009/03/31 02:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/09/20 14:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2008/10/28 16:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2008/08/28 16:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/11/10 01:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/03/02 23:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/06/18 04:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/08/23 17:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/02/20 13:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagneticOne Store Manager for osCommerce
[2008/01/01 12:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/01/26 07:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mixesoft
[2007/03/19 18:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/12/08 01:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/11/20 17:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2006/10/13 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2007/12/08 01:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/20 20:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/07/15 00:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/05/27 06:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/03/17 05:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/01/14 16:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperEasy Software
[2008/05/27 08:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\T-Mobile
[2009/03/09 10:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TelTel
[2010/05/27 04:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/07/26 03:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/06/05 01:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/08 15:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VisualZone
[2008/07/03 07:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/12/25 02:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VTSystems
[2007/11/25 06:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zfone
[2008/12/27 09:19:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2009/03/22 19:52:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2009/06/18 11:03:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{299AD074-3B8B-4811-BF5C-E2EDBC6DEB23}
[2009/06/18 11:03:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{907A85CA-E023-4161-8F5C-E72C340031D2}
[2008/02/06 04:38:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2009/03/22 19:40:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D994735B-8DC6-4AEE-B720-704A4EC0402E}
[2006/10/16 11:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\.gaim
[2008/10/30 14:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\.purple
[2007/01/31 18:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ACD Systems
[2009/06/08 08:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\AT&T
[2006/10/17 06:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Basta Computing
[2009/01/01 13:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\BinaryMark
[2010/06/07 17:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\BPFTP
[2009/06/08 15:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Bytemobile
[2010/04/03 11:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Canneverbe Limited
[2009/11/08 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\CheckPoint
[2008/10/22 03:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ChemTable Software
[2008/10/30 15:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\com.albelli.demo.XEditor.9662B72A69EC54AD83412D07E7CBBBB8B024DBAB.1
[2007/05/18 19:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\CVS
[2008/08/18 15:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\d
[2009/06/08 08:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\DBUpdater
[2010/06/19 12:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\DMCache
[2007/02/27 02:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Downloaded Installations
[2009/12/16 08:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\E-centives
[2007/10/30 21:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Ectaco
[2008/06/09 12:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Endicia
[2007/05/22 12:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\EPSON
[2007/06/28 21:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Fanix
[2010/05/20 14:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\FileZilla
[2009/03/29 14:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\GARMIN
[2007/11/18 02:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\GetRightToGo
[2007/05/21 19:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\GlarySoft
[2010/05/12 22:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\GoodSync
[2010/05/15 11:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\gtk-2.0
[2010/05/29 17:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\IDM
[2007/05/13 09:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ieSpell
[2008/09/28 11:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ImgBurn
[2006/10/16 11:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\InternetCalls
[2010/06/18 04:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\iolo
[2009/01/17 14:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\KeePass
[2006/10/16 11:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Kerio
[2007/02/27 02:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Kinko's
[2007/05/22 10:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Leadertech
[2008/07/04 06:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\magicJackOutlookAddIn
[2007/07/14 01:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\mirkes.de
[2010/06/20 17:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\mjusbsp
[2010/04/08 00:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\mkvtoolnix
[2010/04/13 02:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\MxBoost
[2009/06/29 21:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Nokia
[2008/10/15 19:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\OfficeUpdate12
[2009/11/20 18:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\OnlineArmor
[2009/03/19 16:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ooVoo Details
[2006/10/13 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Otto
[2009/06/29 20:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\PC Suite
[2007/03/06 09:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\PC-FAX TX
[2006/10/16 11:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\pe explorer
[2008/01/21 18:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Powermarks
[2010/05/21 19:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ProcessLasso
[2006/10/16 11:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Regrun
[2010/02/03 04:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\RipIt4Me
[2007/03/08 04:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ScanSoft
[2008/09/02 03:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Scooter Software
[2010/05/01 01:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Serif
[2008/08/18 15:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\ShareTV
[2008/12/06 17:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Sharp World Clock
[2009/06/08 08:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Sierra Wireless
[2007/11/12 01:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\SimpLogs
[2007/04/21 06:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\SlySoft
[2007/05/31 04:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Snapfish
[2007/09/19 15:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Sprite Software
[2007/07/23 03:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Spycar
[2007/06/06 11:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Stamps.com Internet Postage
[2009/01/09 15:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\SuperEasy
[2009/01/14 16:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\SuperEasy Software
[2006/10/16 11:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Sync App Settings
[2010/05/14 04:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\SystemRequirementsLab
[2008/11/14 12:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Systweak
[2007/05/26 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\T-Mobile
[2008/07/01 13:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\TelTel
[2008/02/15 21:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\TextPad
[2008/09/28 11:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Thinstall
[2009/12/22 15:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Trillian
[2008/02/06 04:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\TrueCrypt
[2008/10/30 14:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\TuneUp Software
[2008/10/04 16:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Uniblue
[2007/12/14 00:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\URSoft
[2010/05/15 15:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\uTorrent
[2007/06/05 01:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Viewpoint
[2007/12/31 09:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\VisualZone
[2009/03/29 15:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\VoiceEditor
[2009/01/10 14:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Vso
[2009/11/24 16:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\WinPatrol
[2009/08/06 23:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\Wireshark
[2008/01/26 06:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\WNR
[2010/05/23 23:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\X-NetStat
[2008/07/16 14:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jay\Application Data\zweitgeist
[2010/06/20 17:27:07 | 000,032,498 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 07:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2005/08/16 16:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 16:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 16:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\net1.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dllhost.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ati2evxx.exe:SummaryInformation
@Alternate Data Stream - 4752 bytes -> D:\My Documents\home.html:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 370 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F7539FF
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPDE29E40
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP2F2F703
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7177954
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B42C512A
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D5A1C53ACF57}
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F10A4358
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AC4C770
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Jayman007 · 2010/06/20

OTL Extras logfile created on: 6/20/2010 17:47:56 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.75 Gb Total Space | 6.21 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive D: | 136.43 Gb Total Space | 4.13 Gb Free Space | 3.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ME
Current User Name: Jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [CmdShortcut] -- C:\WINDOWS\system32\cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 1
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"12121:TCP" = 12121:TCP:*:Enabled:ElcomSoft Distributed Agents TCP Port
"12122:TCP" = 12122:TCP:*:Enabled:ElcomSoft Distributed Password Recovery Console TCP Port

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"1542:TCP" = 1542:TCP:*:Enabled:WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:AP UDP Prot
"12121:TCP" = 12121:TCP:*:Enabled:ElcomSoft Distributed Agents TCP Port
"12122:TCP" = 12122:TCP:*:Enabled:ElcomSoft Distributed Password Recovery Console TCP Port
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe:*:Enabled:ElcomSoft Distributed Password Recovery Server -- (Elcomsoft Co. Ltd.)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe:*:Enabled:ElcomSoft Distributed Password Recovery Console -- (Elcomsoft Co. Ltd.)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe:*:Enabled:ElcomSoft Distributed Agent -- (Elcomsoft Co. Ltd.)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Gizmo Project\mDNSResponder.exe" = C:\Program Files\Gizmo Project\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Gizmo Project\Gizmo.exe" = C:\Program Files\Gizmo Project\Gizmo.exe:*:Enabled:Gizmo Project -- ()
"C:\Program Files\Joost\xulrunner\tvprunner.exe" = C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner -- (The Venice Project (Baaima N.V.))
"D:\Downloads\utorrent.exe" = D:\Downloads\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe:*:Enabled:ElcomSoft Distributed Password Recovery Server -- (Elcomsoft Co. Ltd.)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe:*:Enabled:ElcomSoft Distributed Password Recovery Console -- (Elcomsoft Co. Ltd.)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe:*:Enabled:ElcomSoft Distributed Agent -- (Elcomsoft Co. Ltd.)
"C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe" = C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe:*:Enabled:WPS UI -- (Realtek Semiconductor Corp.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Documents and Settings\Jay\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Jay\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[FireLion] Anti Keyloggers_is1" = [FireLion] Anti Keyloggers
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{025E94AF-A648-4656-9C14-5B11186F1A43}" = Garmin MapInstall
"{047C76B2-EF0C-057E-C724-4043FDDF4EB7}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0BD37774-08C9-450F-A92F-7077C1EF8311}_is1" = Intrusion Detection System - Sax2 2.0
"{0DB56A81-2505-A68D-170B-EC1DB3216334}" = CCC Help English
"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
"{0F0F506E-58BB-4092-8557-86CB420101BB}" = Sports Connection
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12365698-8042-4774-8CAF-35BE91DC657B}" = Creative Vado HD Codec
"{12A3AF78-CBB5-484B-AE87-927C4DE6B9A8}" = Garmin City Navigator North America NT 2011.10 Update
"{1830F1AF-539D-A6FC-AE09-A84CD91C755F}" = Catalyst Control Center Core Implementation
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}" = Avira RootKit Detection
"{20110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{21B5FB22-DB7D-4929-AA76-CDCEC2E049D8}" = United States-International - Jason
"{221531C5-73D4-680D-13C0-1EA9B8F00A23}" = ccc-core-preinstall
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{27075BF6-4CFB-5224-E97E-0114A17680FF}" = Catalyst Control Center Graphics Full Existing
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Tadawulfx Trader 4.00
"{4855A5DA-B1AB-457F-0001-8901CB48A459}" = Codec Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA8C49E-0C55-4BD8-BBE7-375C6CF19616}" = PC Sync Manager
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57513288-8DC3-E4BE-BC5A-1D15F1328233}" = Catalyst Control Center Graphics Full New
"{5EA8EDD7-A933-4C21-8547-AF33ADD66671}" = Torrent Episode Downloader
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{62192BB6-268A-4AE6-A28B-FAD6EDDEB562}_is1" = G-Tones
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66022DA4-0E8D-45C7-A533-B70A38876854}" = LC5
"{66414458-5CC8-3332-21EA-FCE4DCEFDC36}" = Skins
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.0
"{68C17A81-81E1-458C-8555-3131C4D7A8DF}" = Garmin MapSource
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A09FF5F-C19B-445A-98E5-23AD860493C3}" = NextUp.com-NeoSpeech Paul16 Voice
"{6DA3E438-338A-4568-0001-2F9BDBB695C5}" = Video Converter
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{73916F31-D567-4854-BCDB-D31029EBD3A9}" = CORE IMPACT
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.107
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{78C81A26-3A45-4490-800D-E1B4ABFC3908}" = GlobeTrotter Connect
"{799EFFD9-5A62-49D1-A6EA-AF058C5209EB}" = NextUp-ScanSoft Jennifer US English Voice
"{79F11E6C-C940-40C1-9694-E6FCD434D46B}" = SIMCardReaderPro
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{800D6604-D767-434D-8931-852BA4D88A8D}" = Franson GpsGate 2.6
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel(R) PROSet/Wireless WiFi Software
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86844E31-42CC-49C8-B647-7213009F4719}" = Diagnostic Tool for the Microsoft VM
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = GlobeTrotter Connect
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9360267B-E51A-4E75-BFA5-CE1AE23CD945}" = AT&T Communication Manager
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ADD37144-B5FF-419B-A49B-E5C2D325DA3B}" = QuickSpell
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AFDCEA25-41C3-452B-BCB4-2EB157D6B4B0}" = United States- Jason
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}" = Nokia Connectivity Cable Driver
"{B5CE842F-FE8A-A5BE-C0C7-FBABFC2E55B3}" = ccc-utility
"{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}" = Inpaint
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{BF95339B-AB72-4C85-A6E1-C008CD2CC733}" = Xirrus Wi-Fi Inspector
"{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE19707-CF6D-4819-9574-3DFD568960FA}" = GFI LANguard 9.0
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5577624-0626-4C4B-87AA-D966DA1739D6}" = Nokia PC Suite
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D79C480E-64B9-2CE6-C1FD-D5C55C1F3E88}" = ccc-core-static
"{D79CC1A4-A6DC-460D-9F98-F9D423339B7C}" = Nessus
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}" = Garmin POI Loader
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E608CD04-254C-4587-B186-4DDE8780C35E}" = United States-International - Custom
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6E8CFD3-1A0C-4957-95AF-32E7F31A736A}" = CAS Interface Studio 8.3a
"{E8BACE08-39AB-48BB-9BD4-576E61007EAE}" = CCcamCC
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F85902DB-38E0-4360-A5A2-9CD66EDDECBA}_is1" = WebCopier Pro 5.0
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FE5D756F-71E1-47C4-972A-D6775344B40B}" = Nokia Software Updater
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"{MagicRingForever-54F9C78F-EA53-45CA-B980-F3CBB199A2D9}_is1" = MagicRingForever Release 1.04
"{MagicsilencePlugin-54F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1" = MagicsilencePlugin Release 1.05
"129617da0e3de285bb13c634b8409fb6" = NeXpose
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Advanced JPEG Compressor_is1" = Advanced JPEG Compressor 2010
"AI RoboForm" = AI RoboForm (All Users)
"AI RoboForm for Pocket PC" = RoboForm for Pocket PC
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AviSynth" = AviSynth 2.5
"Batch Image Watermarker" = Batch Image Watermarker 3.5
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.4.0
"BeyondCompare3_is1" = Beyond Compare version 3.0.7
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"CCleaner" = CCleaner
"Channel Master" = Channel Master
"Clipomatic" = Clipomatic
"CloneDVD2" = CloneDVD2
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Vado HD Codec" = Creative Vado HD Codec
"Daniusoft Media Converter_is1" = Daniusoft Media Converter(Build 2.3.1.34)
"DiamondCS ProcessGuard_is1" = DiamondCS ProcessGuard v3.500
"Distributed Password Recovery" = Distributed Password Recovery
"DivX Setup.divx.com" = DivX Setup
"DMX4_is1" = DriverMax 4
"DMX5_is1" = DriverMax 5
"DreamStreamer" = DreamStreamer
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Identifier_is1" = DVD Identifier
"DVDInfoPro" = DVDInfoPro
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"Dziobas Rar Player_is1" = Dziobas Rar Player 0.008.9
"Ekahau HeatMapper" = Ekahau HeatMapper
"Elecard MPEG Player 5.2.80515" = Elecard MPEG Player
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Eraser" = Eraser
"Ext2Fsd_is1" = Ext2Fsd 0.48
"FastSatfinder 2.7.0" = FastSatfinder 2.7.0
"FastStone Capture" = FastStone Capture 6.2
"FastStone Image Viewer" = FastStone Image Viewer 3.5
"ffdshow" = ffdshow (remove only)
"ffdshow_is1" = ffdshow [rev 1975] [2008-05-26]
"FileZilla Client" = FileZilla Client 3.3.2.1
"FineRecovery" = FineRecovery 1.2.19
"FLV Player" = FLV Player 2.0 (build 25)
"FreshDevices - FreshUI_is1" = FreshUI
"FXCM Trading Station" = FXCM Trading Station
"gBurner" = gBurner
"GOGInstaller" = GOGInstaller
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"ie8" = Windows Internet Explorer 8
"IETester" = IETester v0.3.5 (remove only)
"ImgBurn" = ImgBurn
"Infinity SIMEditor_is1" = Infinity SIMEditor 1.35
"Infinity USB Unlimited_is1" = Infinity USB Unlimited 2.71
"InstallShield_{73916F31-D567-4854-BCDB-D31029EBD3A9}" = CORE IMPACT 4.0
"InstallShield_{CBE19707-CF6D-4819-9574-3DFD568960FA}" = GFI LANguard 9.0
"InstallWatch Pro 2.5" = InstallWatch Pro 2.5
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"Internet Download Manager" = Internet Download Manager
"Invision 2.0 Build 3515 Update" = Invision 2.0 Build 3515 Update
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.06 Beta
"KeyScrambler" = KeyScrambler
"kismetinst" = Kismet 2008-05-R1 for Windows
"LameACM" = Lame ACM MP3 Codec
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.3 build 7
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxthon2" = Maxthon2
"Metasploit Express 3.4.0" = Metasploit Express
"Metasploit Framework" = Metasploit Framework 3.3.3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 0.9.9
"MKVtoolnix" = MKVtoolnix 3.3.0
"Mobile Secret CodeX v1.35" = Mobile Secret CodeX v1.35
"MOBILedit!" = MOBILedit! 3.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Musatcha.com Advanced WiFi Mapping Engine" = Musatcha.com Advanced WiFi Mapping Engine 0.3.184
"My Drivers_is1" = My Drivers 3.31
"MyConnection PC Lite Edition" = MyConnection PC Lite Edition
"myiHome_is1" = myiHome v5.1.3
"NetTools_is1" = NetTools 5.0
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NewCsTool_is1" = 0.3
"Nmap" = Nmap 5.10BETA1
"Nokia PC Suite" = Nokia PC Suite
"OnlineArmor_is1" = Online Armor 4.0
"OpenVPN" = OpenVPN 2.1_rc9
"PaperlessPrinter_is1" = PaperlessPrinter version 3.0
"PDF Password Remover 3.1" = PDF Password Remover 3.1
"PDF Password Remover v3.0_is1" = PDF Password Remover v3.0
"Power Favorites_is1" = Power Favorites 1.7.1
"PowerISO" = PowerISO
"Powermarks 3.5" = Powermarks 3.5
"ProcessLasso" = Process Lasso
"ProInst" = Intel PROSet Wireless
"PuTTY_is1" = PuTTY version 0.60
"R-Drive Image 4.6NSIS" = R-Drive Image 4.6
"RealAlt_is1" = Real Alternative 1.7.5
"Resco Sudoku" = Resco Sudoku
"Rotweiler's Combined Thailand-IndoChina Version 1.10_is1" = THAILAND-INDOCHINA
"Sandboxie" = Sandboxie 3.442
"Security Task Manager" = Security Task Manager 1.7h
"Sharp World Clock_is1" = Sharp World Clock 4.1
"SMAC 2.0" = SMAC 2.0
"SmartMovie Converter (for Symbian phones)" = SmartMovie Converter (for Symbian phones)
"SNMPcfg Admin" = SNMPcfg Admin 1.4
"SoodSood TelTel" = SoodSood TelTel
"SopCast" = SopCast 3.2.9
"Spb Backup" = Spb Backup
"Spb Backup_is1" = Spb Backup 2.0.2
"Spb Keyboard" = Spb Keyboard
"Spb Mobile Shell" = Spb Mobile Shell
"Spb Online" = Spb Online
"Spb Phone Suite" = Spb Phone Suite
"Spb Pocket Plus" = Spb Pocket Plus
"Spb Traveler" = Spb Traveler
"Spb Wallet" = Spb Wallet
"Spb Wallet_is1" = Spb Wallet 2.0.0
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Startup Faster!_is1" = Startup Faster!
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TextAloud MP3_is1" = TextAloud
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"TMACv5.0" = Technitium MAC Address Changer v5.0
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"Torrent Episode Downloader 0.971" = Torrent Episode Downloader
"Torrent Episode Downloader 0.9715" = Torrent Episode Downloader
"Transmission Remote" = Transmission Remote
"TrendFX Markets 4 Mobile" = TrendFX Markets 4 Mobile
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"TurboTax 2009" = TurboTax 2009
"Typograf" = Typograf4.8f
"UltimateDefrag 2008" = UltimateDefrag 2008
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Unscrambler 0.4 Right Clic_is1" = Unscrambler 0.4 Right Clic 0.1
"uTorrent" = µTorrent
"VirusTotalUploader" = VirusTotal Uploader
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.0.3
"VMware_Workstation" = VMware Workstation
"VT Trader" = VT Trader
"VTTrader" = VT Trader
"VTTrader 2" = VTTrader 2
"VTTrader2" = VT Trader 2
"VultureWare DOCSIS Config Editor" = VultureWare DOCSIS Config Editor 0.1
"WBFS Manager 3.0" = WBFS Manager 3.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Forum Reader_is1" = Web Forum Reader 2.0
"WiFi Hopper" = WiFi Hopper
"WildPackets NetDoppler 1.1.1" = WildPackets NetDoppler 1.1.1
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"World of Satellites II" = World of Satellites II
"X-NetStat Pro" = X-NetStat Pro 5.56
"XP_Key_Changer_is1" = XP_Key_Changer 2.0.0
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"magicJack Outlook Add-In" = magicJack Outlook Add-In 1.0.3.521
"Move Media Player" = Move Media Player
"OEM Password Recovery" = OEM Password Recovery
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2010 16:35:50 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 10.0.1.44, faulting module
avbb.dll, version 10.0.10.2, fault address 0x0001b814.

[ System Events ]
Error - 6/19/2010 16:36:51 | Computer Name = ME | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%1053

Error - 6/20/2010 00:14:09 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 00:14:09 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 00:14:09 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 00:15:21 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:36:35 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:36:41 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:36:41 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:37:08 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:48:32 | Computer Name = ME | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

< End of report >

Jayman007 · 2010/06/20

Extras.txt

OTL Extras logfile created on: 6/20/2010 17:47:56 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.75 Gb Total Space | 6.21 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive D: | 136.43 Gb Total Space | 4.13 Gb Free Space | 3.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ME
Current User Name: Jay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [CmdShortcut] -- C:\WINDOWS\system32\cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 1
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"12121:TCP" = 12121:TCP:*:Enabled:ElcomSoft Distributed Agents TCP Port
"12122:TCP" = 12122:TCP:*:Enabled:ElcomSoft Distributed Password Recovery Console TCP Port

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"1542:TCP" = 1542:TCP:*:Enabled:WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:AP UDP Prot
"12121:TCP" = 12121:TCP:*:Enabled:ElcomSoft Distributed Agents TCP Port
"12122:TCP" = 12122:TCP:*:Enabled:ElcomSoft Distributed Password Recovery Console TCP Port
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe:*:Enabled:ElcomSoft Distributed Password Recovery Server -- (Elcomsoft Co. Ltd.)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe:*:Enabled:ElcomSoft Distributed Password Recovery Console -- (Elcomsoft Co. Ltd.)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe:*:Enabled:ElcomSoft Distributed Agent -- (Elcomsoft Co. Ltd.)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Gizmo Project\mDNSResponder.exe" = C:\Program Files\Gizmo Project\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Gizmo Project\Gizmo.exe" = C:\Program Files\Gizmo Project\Gizmo.exe:*:Enabled:Gizmo Project -- ()
"C:\Program Files\Joost\xulrunner\tvprunner.exe" = C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner -- (The Venice Project (Baaima N.V.))
"D:\Downloads\utorrent.exe" = D:\Downloads\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esdprs.exe:*:Enabled:ElcomSoft Distributed Password Recovery Server -- (Elcomsoft Co. Ltd.)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esdpr.exe:*:Enabled:ElcomSoft Distributed Password Recovery Console -- (Elcomsoft Co. Ltd.)
"C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe" = C:\Program Files\ElcomSoft\Distributed Password Recovery\esda.exe:*:Enabled:ElcomSoft Distributed Agent -- (Elcomsoft Co. Ltd.)
"C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe" = C:\Program Files\AWUS036H Wireless LAN Utility\RtWLan.exe:*:Enabled:WPS UI -- (Realtek Semiconductor Corp.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Documents and Settings\Jay\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Jay\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[FireLion] Anti Keyloggers_is1" = [FireLion] Anti Keyloggers
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{025E94AF-A648-4656-9C14-5B11186F1A43}" = Garmin MapInstall
"{047C76B2-EF0C-057E-C724-4043FDDF4EB7}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0BD37774-08C9-450F-A92F-7077C1EF8311}_is1" = Intrusion Detection System - Sax2 2.0
"{0DB56A81-2505-A68D-170B-EC1DB3216334}" = CCC Help English
"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
"{0F0F506E-58BB-4092-8557-86CB420101BB}" = Sports Connection
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12365698-8042-4774-8CAF-35BE91DC657B}" = Creative Vado HD Codec
"{12A3AF78-CBB5-484B-AE87-927C4DE6B9A8}" = Garmin City Navigator North America NT 2011.10 Update
"{1830F1AF-539D-A6FC-AE09-A84CD91C755F}" = Catalyst Control Center Core Implementation
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}" = Avira RootKit Detection
"{20110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{21B5FB22-DB7D-4929-AA76-CDCEC2E049D8}" = United States-International - Jason
"{221531C5-73D4-680D-13C0-1EA9B8F00A23}" = ccc-core-preinstall
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{27075BF6-4CFB-5224-E97E-0114A17680FF}" = Catalyst Control Center Graphics Full Existing
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Tadawulfx Trader 4.00
"{4855A5DA-B1AB-457F-0001-8901CB48A459}" = Codec Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA8C49E-0C55-4BD8-BBE7-375C6CF19616}" = PC Sync Manager
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57513288-8DC3-E4BE-BC5A-1D15F1328233}" = Catalyst Control Center Graphics Full New
"{5EA8EDD7-A933-4C21-8547-AF33ADD66671}" = Torrent Episode Downloader
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{62192BB6-268A-4AE6-A28B-FAD6EDDEB562}_is1" = G-Tones
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66022DA4-0E8D-45C7-A533-B70A38876854}" = LC5
"{66414458-5CC8-3332-21EA-FCE4DCEFDC36}" = Skins
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.0
"{68C17A81-81E1-458C-8555-3131C4D7A8DF}" = Garmin MapSource
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A09FF5F-C19B-445A-98E5-23AD860493C3}" = NextUp.com-NeoSpeech Paul16 Voice
"{6DA3E438-338A-4568-0001-2F9BDBB695C5}" = Video Converter
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{73916F31-D567-4854-BCDB-D31029EBD3A9}" = CORE IMPACT
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.107
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{78C81A26-3A45-4490-800D-E1B4ABFC3908}" = GlobeTrotter Connect
"{799EFFD9-5A62-49D1-A6EA-AF058C5209EB}" = NextUp-ScanSoft Jennifer US English Voice
"{79F11E6C-C940-40C1-9694-E6FCD434D46B}" = SIMCardReaderPro
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{800D6604-D767-434D-8931-852BA4D88A8D}" = Franson GpsGate 2.6
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel(R) PROSet/Wireless WiFi Software
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86844E31-42CC-49C8-B647-7213009F4719}" = Diagnostic Tool for the Microsoft VM
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = GlobeTrotter Connect
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{9360267B-E51A-4E75-BFA5-CE1AE23CD945}" = AT&T Communication Manager
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ADD37144-B5FF-419B-A49B-E5C2D325DA3B}" = QuickSpell
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AFDCEA25-41C3-452B-BCB4-2EB157D6B4B0}" = United States- Jason
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}" = Nokia Connectivity Cable Driver
"{B5CE842F-FE8A-A5BE-C0C7-FBABFC2E55B3}" = ccc-utility
"{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}" = Inpaint
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{BF95339B-AB72-4C85-A6E1-C008CD2CC733}" = Xirrus Wi-Fi Inspector
"{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE19707-CF6D-4819-9574-3DFD568960FA}" = GFI LANguard 9.0
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D5577624-0626-4C4B-87AA-D966DA1739D6}" = Nokia PC Suite
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D79C480E-64B9-2CE6-C1FD-D5C55C1F3E88}" = ccc-core-static
"{D79CC1A4-A6DC-460D-9F98-F9D423339B7C}" = Nessus
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}" = Garmin POI Loader
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E608CD04-254C-4587-B186-4DDE8780C35E}" = United States-International - Custom
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6E8CFD3-1A0C-4957-95AF-32E7F31A736A}" = CAS Interface Studio 8.3a
"{E8BACE08-39AB-48BB-9BD4-576E61007EAE}" = CCcamCC
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{F85902DB-38E0-4360-A5A2-9CD66EDDECBA}_is1" = WebCopier Pro 5.0
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FE5D756F-71E1-47C4-972A-D6775344B40B}" = Nokia Software Updater
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"{MagicRingForever-54F9C78F-EA53-45CA-B980-F3CBB199A2D9}_is1" = MagicRingForever Release 1.04
"{MagicsilencePlugin-54F9C78F-EA53-45CA-B980-F3CBB199A2D5}_is1" = MagicsilencePlugin Release 1.05
"129617da0e3de285bb13c634b8409fb6" = NeXpose
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Advanced JPEG Compressor_is1" = Advanced JPEG Compressor 2010
"AI RoboForm" = AI RoboForm (All Users)
"AI RoboForm for Pocket PC" = RoboForm for Pocket PC
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AviSynth" = AviSynth 2.5
"Batch Image Watermarker" = Batch Image Watermarker 3.5
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.4.0
"BeyondCompare3_is1" = Beyond Compare version 3.0.7
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"CCleaner" = CCleaner
"Channel Master" = Channel Master
"Clipomatic" = Clipomatic
"CloneDVD2" = CloneDVD2
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Creative Vado HD Codec" = Creative Vado HD Codec
"Daniusoft Media Converter_is1" = Daniusoft Media Converter(Build 2.3.1.34)
"DiamondCS ProcessGuard_is1" = DiamondCS ProcessGuard v3.500
"Distributed Password Recovery" = Distributed Password Recovery
"DivX Setup.divx.com" = DivX Setup
"DMX4_is1" = DriverMax 4
"DMX5_is1" = DriverMax 5
"DreamStreamer" = DreamStreamer
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Identifier_is1" = DVD Identifier
"DVDInfoPro" = DVDInfoPro
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"Dziobas Rar Player_is1" = Dziobas Rar Player 0.008.9
"Ekahau HeatMapper" = Ekahau HeatMapper
"Elecard MPEG Player 5.2.80515" = Elecard MPEG Player
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Eraser" = Eraser
"Ext2Fsd_is1" = Ext2Fsd 0.48
"FastSatfinder 2.7.0" = FastSatfinder 2.7.0
"FastStone Capture" = FastStone Capture 6.2
"FastStone Image Viewer" = FastStone Image Viewer 3.5
"ffdshow" = ffdshow (remove only)
"ffdshow_is1" = ffdshow [rev 1975] [2008-05-26]
"FileZilla Client" = FileZilla Client 3.3.2.1
"FineRecovery" = FineRecovery 1.2.19
"FLV Player" = FLV Player 2.0 (build 25)
"FreshDevices - FreshUI_is1" = FreshUI
"FXCM Trading Station" = FXCM Trading Station
"gBurner" = gBurner
"GOGInstaller" = GOGInstaller
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"ie8" = Windows Internet Explorer 8
"IETester" = IETester v0.3.5 (remove only)
"ImgBurn" = ImgBurn
"Infinity SIMEditor_is1" = Infinity SIMEditor 1.35
"Infinity USB Unlimited_is1" = Infinity USB Unlimited 2.71
"InstallShield_{73916F31-D567-4854-BCDB-D31029EBD3A9}" = CORE IMPACT 4.0
"InstallShield_{CBE19707-CF6D-4819-9574-3DFD568960FA}" = GFI LANguard 9.0
"InstallWatch Pro 2.5" = InstallWatch Pro 2.5
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"Internet Download Manager" = Internet Download Manager
"Invision 2.0 Build 3515 Update" = Invision 2.0 Build 3515 Update
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.06 Beta
"KeyScrambler" = KeyScrambler
"kismetinst" = Kismet 2008-05-R1 for Windows
"LameACM" = Lame ACM MP3 Codec
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.3 build 7
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxthon2" = Maxthon2
"Metasploit Express 3.4.0" = Metasploit Express
"Metasploit Framework" = Metasploit Framework 3.3.3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MKV Minimum Set (LD-Anime) - MatroskaSplitter & VSFilter_is1" = Matroska Pack - Lazy Man's MKV 0.9.9
"MKVtoolnix" = MKVtoolnix 3.3.0
"Mobile Secret CodeX v1.35" = Mobile Secret CodeX v1.35
"MOBILedit!" = MOBILedit! 3.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Musatcha.com Advanced WiFi Mapping Engine" = Musatcha.com Advanced WiFi Mapping Engine 0.3.184
"My Drivers_is1" = My Drivers 3.31
"MyConnection PC Lite Edition" = MyConnection PC Lite Edition
"myiHome_is1" = myiHome v5.1.3
"NetTools_is1" = NetTools 5.0
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NewCsTool_is1" = 0.3
"Nmap" = Nmap 5.10BETA1
"Nokia PC Suite" = Nokia PC Suite
"OnlineArmor_is1" = Online Armor 4.0
"OpenVPN" = OpenVPN 2.1_rc9
"PaperlessPrinter_is1" = PaperlessPrinter version 3.0
"PDF Password Remover 3.1" = PDF Password Remover 3.1
"PDF Password Remover v3.0_is1" = PDF Password Remover v3.0
"Power Favorites_is1" = Power Favorites 1.7.1
"PowerISO" = PowerISO
"Powermarks 3.5" = Powermarks 3.5
"ProcessLasso" = Process Lasso
"ProInst" = Intel PROSet Wireless
"PuTTY_is1" = PuTTY version 0.60
"R-Drive Image 4.6NSIS" = R-Drive Image 4.6
"RealAlt_is1" = Real Alternative 1.7.5
"Resco Sudoku" = Resco Sudoku
"Rotweiler's Combined Thailand-IndoChina Version 1.10_is1" = THAILAND-INDOCHINA
"Sandboxie" = Sandboxie 3.442
"Security Task Manager" = Security Task Manager 1.7h
"Sharp World Clock_is1" = Sharp World Clock 4.1
"SMAC 2.0" = SMAC 2.0
"SmartMovie Converter (for Symbian phones)" = SmartMovie Converter (for Symbian phones)
"SNMPcfg Admin" = SNMPcfg Admin 1.4
"SoodSood TelTel" = SoodSood TelTel
"SopCast" = SopCast 3.2.9
"Spb Backup" = Spb Backup
"Spb Backup_is1" = Spb Backup 2.0.2
"Spb Keyboard" = Spb Keyboard
"Spb Mobile Shell" = Spb Mobile Shell
"Spb Online" = Spb Online
"Spb Phone Suite" = Spb Phone Suite
"Spb Pocket Plus" = Spb Pocket Plus
"Spb Traveler" = Spb Traveler
"Spb Wallet" = Spb Wallet
"Spb Wallet_is1" = Spb Wallet 2.0.0
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Startup Faster!_is1" = Startup Faster!
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TextAloud MP3_is1" = TextAloud
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"TMACv5.0" = Technitium MAC Address Changer v5.0
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"Torrent Episode Downloader 0.971" = Torrent Episode Downloader
"Torrent Episode Downloader 0.9715" = Torrent Episode Downloader
"Transmission Remote" = Transmission Remote
"TrendFX Markets 4 Mobile" = TrendFX Markets 4 Mobile
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"TurboTax 2009" = TurboTax 2009
"Typograf" = Typograf4.8f
"UltimateDefrag 2008" = UltimateDefrag 2008
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Unscrambler 0.4 Right Clic_is1" = Unscrambler 0.4 Right Clic 0.1
"uTorrent" = µTorrent
"VirusTotalUploader" = VirusTotal Uploader
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.0.3
"VMware_Workstation" = VMware Workstation
"VT Trader" = VT Trader
"VTTrader" = VT Trader
"VTTrader 2" = VTTrader 2
"VTTrader2" = VT Trader 2
"VultureWare DOCSIS Config Editor" = VultureWare DOCSIS Config Editor 0.1
"WBFS Manager 3.0" = WBFS Manager 3.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Forum Reader_is1" = Web Forum Reader 2.0
"WiFi Hopper" = WiFi Hopper
"WildPackets NetDoppler 1.1.1" = WildPackets NetDoppler 1.1.1
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.1.8
"World of Satellites II" = World of Satellites II
"X-NetStat Pro" = X-NetStat Pro 5.56
"XP_Key_Changer_is1" = XP_Key_Changer 2.0.0
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"magicJack Outlook Add-In" = magicJack Outlook Add-In 1.0.3.521
"Move Media Player" = Move Media Player
"OEM Password Recovery" = OEM Password Recovery
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2010 16:35:50 | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application avguard.exe, version 10.0.1.44, faulting module
avbb.dll, version 10.0.10.2, fault address 0x0001b814.

[ System Events ]
Error - 6/19/2010 16:36:51 | Computer Name = ME | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%1053

Error - 6/20/2010 00:14:09 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 00:14:09 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 00:14:09 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 00:15:21 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:36:35 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:36:41 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:36:41 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:37:08 | Computer Name = ME | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 6/20/2010 06:48:32 | Computer Name = ME | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

< End of report >

Log in or Sign up

Solved svchost.exe error 0x7c91b21a

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

Jayman007 Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

broni Moderator Malware Analyst

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

broni Moderator Malware Analyst

Jayman007 Inactive Thread Starter

broni Moderator Malware Analyst

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved svchost.exe error 0x7c91b21a

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

PeteC SuperGeek Staff

PeteC SuperGeek Staff

Jayman007 Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

broni Moderator Malware Analyst

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

broni Moderator Malware Analyst

Jayman007 Inactive Thread Starter

broni Moderator Malware Analyst

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

Jayman007 Inactive Thread Starter

Share This Page

Useful Searches