1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser redirects and pop-ups

Discussion in 'Virus & Other Malware Removal' started by DaMasterMoose, Dec 20, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    I am getting random redirects and then pop-ups. I ran malware-bytes and it cleaned up 5 objects. The behavior continues. I tried following the steps for HiJackThis and it generates a blank log. I tried to "run it as administrator" but the check box is gray. I tried the dds.scr as well and it came back with an error "The dependency service or group failed to start". Running windows vista home. I have copied all data that I can off to an external hard drive already. I did have symantec endpoint protection and ad-adware running on the machine as well. Any ideas where to start?
     
  2. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
  3. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:


    • Download OTL and save it to your desktop.
    • Double click on the [​IMG] icon to run it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


    NEXT



    [​IMG]
    Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in your reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  4. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    OTL logfile created on: 12/24/2010 11:26:28 AM - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Jenise\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
    6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.44 Gb Total Space | 19.14 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
    Drive D: | 111.44 Gb Total Space | 24.00 Gb Free Space | 21.54% Space Free | Partition Type: NTFS

    Computer Name: GWLT | User Name: Jenise | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/24 11:20:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jenise\Desktop\OTL.exe
    PRC - [2010/03/01 18:53:20 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/03/01 18:53:18 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2009/09/21 17:53:18 | 000,640,760 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/04/04 19:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2008/04/04 18:55:38 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2008/04/04 18:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/24 11:20:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jenise\Desktop\OTL.exe
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/07 13:33:58 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
    SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
    SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2010/09/22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/01 18:53:18 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/01/21 14:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
    SRV - [2009/11/13 15:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008/11/04 03:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
    SRV - [2008/07/20 20:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
    SRV - [2008/04/04 19:01:20 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2008/04/04 18:55:36 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2008/04/04 02:45:18 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2008/01/31 08:37:02 | 000,157,016 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfjqk.sys -- (efeia)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/12/16 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101223.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/16 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101223.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/10/18 07:34:22 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/10/18 07:34:22 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys -- (EraserUtilDrvI10)
    DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
    DRV - [2009/09/30 06:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/09/09 08:58:56 | 004,749,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2009/07/10 06:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2009/04/27 17:54:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/03/28 11:52:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/03/04 10:55:53 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2008/11/04 03:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
    DRV - [2008/10/15 08:32:08 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2008/10/15 08:30:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2008/10/15 08:29:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2008/09/18 03:14:44 | 000,251,392 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2008/06/26 19:23:12 | 000,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2008/06/11 20:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
    DRV - [2008/06/11 14:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/05/12 23:48:04 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
    DRV - [2008/04/27 17:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/03/21 19:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2008/03/21 19:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2008/03/21 19:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2008/02/21 12:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
    DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/17 18:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2007/10/30 20:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2007/10/30 20:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2007/04/26 04:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0109&m=m-7347u
    IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274


    [2009/07/07 07:39:53 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Mozilla\Extensions
    [2009/07/07 07:39:53 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2010/12/18 17:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/12/18 21:46:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll (www.flashget.com)
    O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (TVersitybar Toolbar) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O8 - Extra context menu item: &Download All with FlashGet - C:\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - C:\FlashGet\JC_LINK.HTM ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: webkinz.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Jenise\Pictures\winter_EN-GB3611258492.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Jenise\Pictures\winter_EN-GB3611258492.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/24 11:20:28 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Jenise\Desktop\OTL.exe
    [2010/12/19 21:52:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\_copied files
    [2010/12/18 23:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/12/18 21:57:57 | 000,000,000 | ---D | C] -- C:\Users\Jenise\AppData\Local\temp
    [2010/12/18 21:46:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2010/12/18 21:01:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/18 20:47:27 | 000,330,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
    [2010/12/18 20:47:27 | 000,000,000 | ---D | C] -- C:\DRIVERS
    [2010/12/18 18:31:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/18 18:31:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/18 18:31:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/18 18:31:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/18 18:31:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/18 17:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jenise\AppData\Local\Mozilla
    [2010/12/18 17:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/12/16 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\Jenise\AppData\Roaming\Malwarebytes
    [2010/12/16 12:59:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/16 12:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/12/16 12:59:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/16 12:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/15 14:26:04 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2010/12/15 14:26:02 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
    [2010/12/15 14:26:01 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
    [2010/12/15 14:26:01 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
    [2010/12/15 14:25:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2010/12/15 14:25:58 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2010/12/15 14:25:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
    [2010/12/15 14:25:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2010/12/15 14:25:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/12/15 14:25:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2010/12/15 14:25:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/12/15 14:25:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/12/15 14:25:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2010/12/15 14:25:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/12/15 14:25:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/12/15 14:25:52 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2010/12/15 14:25:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/12/15 14:25:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/12/15 14:25:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2010/12/15 14:25:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2010/12/15 14:25:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2010/12/15 14:25:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2010/12/15 14:25:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/12/15 14:25:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2010/12/15 14:25:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/12/15 14:25:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2010/11/28 08:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2010/11/28 08:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\TVersitybar
    [2010/11/28 08:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
    [2010/11/25 10:33:38 | 000,000,000 | ---D | C] -- C:\Users\Jenise\Documents\WWS Logs
    [2010/07/28 19:20:56 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/12/24 11:23:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/24 11:22:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/24 11:22:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/24 11:20:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jenise\Desktop\OTL.exe
    [2010/12/21 00:00:23 | 000,000,610 | ---- | M] () -- C:\Windows\System32\tversity.cookies
    [2010/12/20 18:31:43 | 000,624,128 | ---- | M] () -- C:\Users\Jenise\Desktop\dds.scr
    [2010/12/20 17:42:16 | 000,002,525 | ---- | M] () -- C:\Users\Jenise\Desktop\HiJackThis.lnk
    [2010/12/20 17:22:28 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{66F1F043-2D37-434F-BE46-4A631A2DD830}.job
    [2010/12/20 17:16:54 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/20 17:16:54 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/20 17:16:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/20 17:08:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2010/12/20 17:08:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/20 17:07:04 | 196,407,191 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/12/20 16:26:34 | 000,001,356 | ---- | M] () -- C:\Users\Jenise\AppData\Local\d3d9caps.dat
    [2010/12/18 21:46:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/18 20:19:39 | 000,553,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/18 18:22:48 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2010/12/18 17:41:24 | 000,001,750 | ---- | M] () -- C:\Users\Jenise\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/18 17:41:24 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/12/17 20:46:25 | 000,096,256 | ---- | M] () -- C:\Users\Jenise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/16 15:46:04 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/12/14 09:56:48 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2010/12/14 09:56:48 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2070N.DAT
    [2010/12/13 18:55:18 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010/12/12 17:46:49 | 000,003,140 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
    [2010/12/04 14:21:58 | 000,006,753 | ---- | M] () -- C:\Users\Jenise\AppData\Roaming\PrimoPDFSet.xml
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2010/12/20 18:31:41 | 000,624,128 | ---- | C] () -- C:\Users\Jenise\Desktop\dds.scr
    [2010/12/18 23:39:36 | 000,002,525 | ---- | C] () -- C:\Users\Jenise\Desktop\HiJackThis.lnk
    [2010/12/18 20:22:04 | 000,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{66F1F043-2D37-434F-BE46-4A631A2DD830}.job
    [2010/12/18 18:31:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/18 18:31:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/18 18:31:34 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/18 18:31:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/18 18:31:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/18 18:22:48 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2010/12/18 17:41:24 | 000,001,750 | ---- | C] () -- C:\Users\Jenise\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/18 17:41:24 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/12/18 15:35:48 | 196,407,191 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/07/28 19:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010/07/28 19:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2009/12/17 13:14:42 | 000,000,056 | ---- | C] () -- C:\Windows\azzCardfile Settings.ini
    [2009/11/20 17:46:08 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009/09/10 13:39:17 | 000,003,526 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/08/31 16:26:45 | 000,000,959 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009/08/07 12:44:38 | 000,003,140 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2009/08/07 12:44:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\E6515269CE.sys
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/06/09 20:58:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/04/19 16:47:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/04/16 19:19:27 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2009/04/01 12:15:53 | 000,001,356 | ---- | C] () -- C:\Users\Jenise\AppData\Local\d3d9caps.dat
    [2009/03/31 11:31:43 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/03/31 11:31:28 | 002,255,360 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
    [2009/03/31 11:31:28 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/03/31 11:31:28 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/03/31 11:31:27 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2009/03/31 11:31:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/03/29 11:24:36 | 000,000,552 | ---- | C] () -- C:\Users\Jenise\AppData\Local\d3d8caps.dat
    [2009/03/28 11:52:24 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2009/03/27 21:26:44 | 000,000,314 | ---- | C] () -- C:\Users\Jenise\AppData\Roaming\wklnhst.dat
    [2009/03/24 02:50:16 | 000,006,753 | ---- | C] () -- C:\Users\Jenise\AppData\Roaming\PrimoPDFSet.xml
    [2009/03/22 23:13:15 | 000,036,571 | ---- | C] () -- C:\Users\Jenise\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2009/03/13 20:08:13 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009/03/07 14:34:54 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2009/03/07 12:34:38 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
    [2009/03/06 03:11:47 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/03/06 00:04:09 | 000,000,377 | ---- | C] () -- C:\Windows\ulead32.ini
    [2009/03/05 10:40:35 | 000,096,256 | ---- | C] () -- C:\Users\Jenise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/22 18:32:17 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2008/08/18 21:28:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/07/30 00:40:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2008/07/30 00:40:42 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
    [2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2004/12/21 10:13:56 | 000,191,136 | ---- | C] () -- C:\Windows\System32\plx_upldr.dll

    ========== LOP Check ==========

    [2010/02/02 00:27:33 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Aisle 5 Games, Inc
    [2010/08/29 14:20:02 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Alawar
    [2009/12/17 13:14:42 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\azzCardfile
    [2010/03/06 10:11:02 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Babylonia
    [2009/03/29 11:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\BSplayer PRO
    [2009/09/01 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\BudgetExpress 3
    [2010/03/01 20:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Camel101
    [2009/04/20 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Canon
    [2010/05/03 23:07:39 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/06/06 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
    [2010/03/24 22:08:56 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\eFax Messenger
    [2010/10/12 13:33:19 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Efficient Diary Pro
    [2010/03/25 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\EleFun Games
    [2010/01/19 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Faerie Solitaire
    [2010/02/24 22:26:03 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Farm Mania
    [2009/08/22 07:19:15 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\FlashGet
    [2009/04/28 12:00:09 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\FOG Downloader
    [2010/04/03 08:03:32 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\FotkiDesktop
    [2010/06/08 23:16:38 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Freezetag
    [2010/07/25 15:17:30 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Friday's games
    [2009/12/31 22:49:26 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\funkitron
    [2010/01/15 23:41:57 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Gamehouse JanesZOO
    [2010/03/16 23:42:03 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\GameInvest
    [2010/03/30 23:12:36 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Gamers Digital
    [2010/07/06 13:27:43 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\GhostFleet
    [2010/06/11 00:48:06 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\HdO Adventure
    [2009/06/07 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Hoyle Casino
    [2009/03/10 23:55:00 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Hoyle FaceCreator
    [2010/10/19 22:20:06 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Hoyle Puzzle and Board Games
    [2010/03/02 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\HSA
    [2009/03/06 02:58:28 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\ICQ
    [2010/03/04 21:37:36 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\IronCode
    [2010/01/04 22:25:33 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\iWin
    [2010/03/24 22:10:56 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\j2 Global
    [2010/03/25 22:23:29 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Meridian93
    [2010/07/16 14:18:10 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Merscom
    [2009/12/19 09:00:06 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\monkey money
    [2009/12/23 20:43:25 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\My Games
    [2010/09/20 23:03:50 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\MysteryStudio
    [2010/01/14 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Pi Eye Games
    [2010/01/03 13:24:49 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Pirateville
    [2010/01/10 12:07:30 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\PlayFirst
    [2010/07/05 19:41:32 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\PoBros
    [2009/07/07 07:39:51 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Postbox
    [2009/12/25 21:52:57 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Purple Patch Games
    [2009/03/05 11:23:39 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Quicken WillMaker
    [2010/08/12 14:40:19 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\RayV
    [2010/08/12 14:19:45 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Research In Motion
    [2009/04/20 02:03:40 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Runes of Avalon
    [2009/08/14 16:08:09 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\SecondLife
    [2010/02/26 11:20:50 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Shape games
    [2010/01/04 18:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Skip-Bo
    [2009/07/17 01:51:33 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Template
    [2010/08/25 07:56:16 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\TitanicMystery
    [2010/07/27 22:31:51 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Twintale Entertainment
    [2010/01/10 11:53:47 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Unity
    [2009/04/15 12:39:55 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\uTorrent
    [2009/05/01 10:13:54 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\WildTangent
    [2009/10/20 12:03:19 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\Windows Live Writer
    [2010/01/13 14:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\YoudaGames
    [2010/03/27 00:20:21 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\ZEMNOTT
    [2009/03/28 22:54:59 | 000,000,000 | ---D | M] -- C:\Users\Jenise\AppData\Roaming\__JensOldFlashGet
    [2010/12/13 18:55:18 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2010/12/20 17:22:48 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/12/20 17:22:28 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{66F1F043-2D37-434F-BE46-4A631A2DD830}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0E0E9645
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:51EFAA18
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FE53E4F7
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:80D975A5
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    < End of report >
     
  5. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    OTL Extras logfile created on: 12/24/2010 11:26:28 AM - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Jenise\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
    6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.44 Gb Total Space | 19.14 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
    Drive D: | 111.44 Gb Total Space | 24.00 Gb Free Space | 21.54% Space Free | Partition Type: NTFS

    Computer Name: GWLT | User Name: Jenise | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .txt [@ = NFOpad] -- C:\Program Files\NFOpad\nfopad.exe (True Human Design (THD))

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
    Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B8AF962-286D-4085-BA04-F3A80A7CEFC3}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{0C071D1F-6FD1-4A40-B52B-C565950D7E41}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{107860A1-CA9F-4517-B9B0-8700D7CD8681}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{17648BFC-0B1F-400F-B2D6-3AAA5A0D66A1}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{1769A382-ECEE-44F3-A1D0-E0338A790568}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{181D03F6-AFD3-4A98-89B8-D513D29766F0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{1A7E58C3-CF72-459A-A7EC-EEB48ABE37B5}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1E2DE4D9-8646-4BEC-9800-D17C73E07A97}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{1F0BA520-9CF8-4F6A-97AD-99380F9FD94F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{28194F96-54EF-4807-8AC4-7EC187EB6EE1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{29BEA050-962C-4617-AA58-C0B1CC8B83E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2BA443A4-7D8A-4834-88E2-94CDE08B8702}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{32F904CC-8AE3-41DC-85D9-34F3161F73FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{37959492-D6F8-47B2-A484-C66E29039A4B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{3B7A82B0-1D5A-4459-A996-A8D81978460E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
    "{4095B47D-63B4-44AD-A799-F1EFE12BA56A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{44739DC9-CE00-414B-B99F-C6EF49FEC904}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{4A6C49D4-68A4-4EF9-A5BF-BE95874C440A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4BC5835A-6BAF-4F4A-A7AF-4B81744A998A}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{4C7CFBA0-921C-4F64-8B6A-E639BB118C2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4DAF9630-A004-448D-8C16-FF047FC6C4C1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{4EFC4706-C2F7-476B-B444-EE7A4A45D645}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{55F11ADC-642D-4CD1-A4F7-CAFD091843F1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{568D220B-A907-42C5-8A19-BC9C84FD7591}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{56F4F2E2-1D9D-45DE-ACB6-672078B0DF00}" = rport=139 | protocol=6 | dir=out | app=system |
    "{57085205-53BC-4542-84C7-B180B8311575}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{5C93EADC-0AF7-4429-A553-CD5999D296F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5FA75ECB-B660-4278-8C2B-653F92172D2E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{6483E32D-05CB-4FE8-AD50-FC99E6B77069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{679DFBE4-A4A8-458D-B8EA-A3E00EBA5CE7}" = lport=138 | protocol=17 | dir=in | app=system |
    "{68FE8A69-7E01-4BB2-A077-4BA6109AD470}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{69752759-E07B-4E6C-9579-0C5207E46969}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6A091B60-6861-4A8C-8FFD-A055E754E356}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{70941D0D-8167-4A6A-A1C5-D3A11050BA08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{75A20CE6-9740-4BF8-AE93-4756ACEC3E90}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7B26DB31-AD31-47C7-BB67-A0CFCB4817B4}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
    "{7D5C2335-36D9-4403-AF95-E9829751F1D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7FF6A6C2-A161-4AD3-B27B-982A772836BD}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{9312F8A9-C53E-4F05-BBC9-76F9AB7BB9D0}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{96A067C0-27A4-4E3D-BFC1-CAA226D2879D}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9BB95E8A-2483-4DC8-89D6-FA6850F9C041}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{A15E2FB3-176B-4462-9826-27AB28A74F30}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A2236BE5-64D8-4A00-B92D-4F4337678B5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A566872D-DA44-49BF-91C8-081C17A4CADB}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{AED14515-DE61-487F-AC6A-7E96997ECC86}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B4243098-7E35-4658-BD4A-BEF4913E7BD7}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B4FE2CFC-1EFC-4E13-AF07-486CE7AD9EE9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B6B48B2E-072E-4177-AC69-A9AC47BCD981}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{C179C7C3-8CC7-4F3E-AFBE-21377A27D875}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{C273D776-8E75-4A4B-8B52-544C0B404DE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C5B0E24D-78EF-43C0-9F4B-153797C524B7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{C9C09EFD-95F5-40C2-9C21-634C4ED9508F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CCD89272-C308-4845-9373-29C168CA1509}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D1811195-CD1B-4D6E-A0B8-228D612EEDDA}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D229DCE7-D561-4E6E-B094-36B9C72C1916}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D31B733D-C45C-4854-96E8-99923972D6FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D62A78D5-7225-4D67-864F-E4058E1213B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EE7522E7-DFB8-4092-9225-E17156FAE957}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F7D9A02C-26B4-4ADD-A6FF-4655CF6D221B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01138287-0A91-4D5F-9986-327620E87001}" = dir=in | app=c:\program files\pando networks\pando\pando.exe |
    "{011A83DA-E058-499D-8017-BE9285605EC8}" = protocol=17 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
    "{09D01437-3D8F-4418-8536-449B586615CA}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
    "{0ABCDB92-1595-43D0-A4CF-9D9453A73298}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{0B1EDE71-8A27-49A3-AEA4-3E081DEA1865}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{0D8DBC9D-D1A1-4170-B217-81F5A88A4367}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
    "{0EEF3467-3317-4CE9-9D8E-4A4D46EE7F6E}" = protocol=17 | dir=in | app=c:\users\jenise\appdata\local\apps\2.0\m3axw24t.h8t\oo99c5cr.g0t\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\curseclient.exe |
    "{0F40914B-2810-4B39-9042-17698C55940C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "{111BE99D-6D46-4BCA-B810-408615EF8A45}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
    "{1B2F36CD-62AB-4182-BD1F-0F9E6B9BB306}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
    "{1BA69F66-19D6-4722-BCAC-4A4BC7FA3F1C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{20475B2D-7914-4EB9-8D8A-4A2E086DEEDD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{223C540E-A100-4B8F-A3CF-2AEFC9B60EE1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{22455080-555B-4F0D-96F8-A5D4F803E2FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2B3EE0EB-AB42-4290-8F5E-2D33E296A2D1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{2BA81951-6A8B-4BB5-A761-7984B5A612DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2E16B12E-3C65-4A50-B170-BF8E966ED4D7}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{31A3361B-D5E3-4480-88B4-FAF20A4BF7AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{33D1804A-0B70-45F0-AC52-6D71D5F05AEB}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
    "{356064FF-4E77-4ECE-9C0C-9C11132D7761}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "{3701C945-5018-4607-9AD3-E10CD5CFE179}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{3A908366-197E-4314-BA18-3B59D672267F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3B982E83-495F-4A2E-AB9E-FC134BEBE48E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3D506FBF-24F5-4690-AF13-284F209D7691}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{4566EB39-310E-4DD9-A1A5-86A6AC71FB3A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{472D02F0-9CD9-40C1-9530-411288D0E7F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{492548A0-9944-4C96-9634-41BC0F546546}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
    "{4BE25216-D619-419E-AADA-CD89CE4D4B35}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{4DC28FE4-3B6D-48F4-9A24-7A3E6E260D3C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
    "{4E484357-C34A-4658-86F6-9332DA85155B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{4EADCA49-120D-4D26-BE21-5818D58FCF4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{511F4DF7-F105-4759-8FEB-317AEFBDD089}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
    "{51909606-7EBC-44BF-A71B-1101F9146CDF}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
    "{52EF8955-13D1-4296-A6B4-457EF607E993}" = protocol=17 | dir=in | app=c:\users\jenise\appdata\local\apps\2.0\m3axw24t.h8t\oo99c5cr.g0t\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
    "{54EC8207-0081-4035-9B98-2494C08A7ADA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{56353842-E42D-4A7B-99B7-4D28A1A2C7B9}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
    "{5A2F30ED-95AD-49A0-BE47-5AC49565E833}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-enus-downloader.exe |
    "{5D5C5885-CB35-43FC-8CF7-7FC7646291C2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
    "{60C15C3B-930C-4A41-871C-A9F41B3AE532}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{62E42A48-7D32-4601-8DF9-2F48C50BB85E}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{69272DB4-ED0D-43AE-9A79-CB1E048220A9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-enus-downloader.exe |
    "{6B8D53C8-F478-4CC3-9D14-62F0C32CB3A7}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
    "{6BA91837-A33B-4946-B143-5BA366C18AA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{71BBA4E9-4411-48D4-973B-EE5E190CC42D}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
    "{7361E9F9-DE92-46B6-A47A-8B3BFF9CF5DF}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
    "{745A30AB-636F-4EEA-B442-FFC3EE3CC4A8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
    "{79617631-E309-4E78-8A6A-02D32D216332}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{79C69B43-1CAA-47DA-970A-834DF81DF1C5}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
    "{7B73014C-D2EA-4716-8E49-DA9134FFAE74}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
    "{7C57FBFC-540D-47A5-9CD3-2461879421D4}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
    "{8396675E-0B17-4F4C-A001-F2AB4E76D83D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{851FBC9B-5550-47F0-A2FE-779FDE40EFEC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
    "{85D2B9F8-FDF9-4306-9677-0E1EF35AEA14}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{86B5ED70-0033-4324-87D7-8281F011D7C5}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
    "{87372D58-1B92-4A23-9A5E-11EBCAB4DC89}" = dir=in | app=c:\program files\pando networks\pando\pando.exe |
    "{88FEE874-4A17-44CD-A3C2-812E580E3F8E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{8B663FA5-EBF8-413F-B563-30CD5ED5E405}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{8BD1A8BC-CD19-4C5C-9D4C-33DE5F457B75}" = protocol=6 | dir=in | app=c:\program files\tversity\media server\mediaserver.exe |
    "{8D8FEB4A-2A5A-41BE-8C11-F1905B19653E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{8ECCC1C5-107E-42D5-BF20-96A0B47AEEC0}" = protocol=17 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
    "{8F7CA367-5C76-43A6-AA2C-B8F70AD30B05}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "{93581485-211A-49E8-A69A-DAD9175F2069}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{946BF0AF-A668-426C-9689-588E7245C00F}" = protocol=1 | dir=out | [email protected],-28544 |
    "{9D7AFD52-701F-46BF-BBC4-370491913F50}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
    "{A150AD39-0C9C-44E5-A526-021C3AABC500}" = protocol=58 | dir=out | [email protected],-28546 |
    "{A1E11D3C-633A-4F0A-8AEB-34474D3001F4}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
    "{A3864740-0E5B-45A0-9634-72BF88133510}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
    "{A9C990AF-58CC-4D65-A69F-E4E44B6244EF}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
    "{AC2CF7DC-4DD5-4140-B3D4-B140AF8D58B5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AD6CDEE5-10DB-4994-954A-965B105B8A01}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{ADBB62B4-C693-44AF-8140-94E0BD4F48C7}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
    "{AFCA15E7-206F-4332-9084-D7366EAD1AC7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{B00DA834-7668-43A9-AFD3-4DF9ECEC0661}" = protocol=6 | dir=in | app=c:\users\jenise\appdata\local\apps\2.0\m3axw24t.h8t\oo99c5cr.g0t\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
    "{B34177AF-A8BA-458E-9406-014A93C7DA6B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B53A8D7F-E72F-48A1-BD94-245596A57C9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{BAC505F8-BDC4-472D-9C69-A2CCE2B34DB0}" = protocol=6 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
    "{BCEB982D-6132-4790-A459-DB7CC6D37D31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BD6AA54A-8D46-42CD-977B-008465EA31B7}" = protocol=1 | dir=in | [email protected],-28543 |
    "{C0F3B998-D19E-4D03-B1F3-153232A71B17}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{C1B0BA9C-BD7A-4D67-8F62-8596169685C3}" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
    "{C2822CFF-EDB6-4338-BD56-0733E5071D6B}" = dir=in | app=c:\program files\pando networks\pando\pando.exe |
    "{C663C177-1AB4-4A34-8D96-F2422D4CF7AC}" = protocol=6 | dir=in | app=c:\users\jenise\appdata\local\apps\2.0\m3axw24t.h8t\oo99c5cr.g0t\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\curseclient.exe |
    "{C7CE2639-AA8D-450A-948C-B6B75FBC5DA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CEEC56C7-0604-4F9D-A3AC-3CEB98B8DCF2}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "{D29119B2-59BB-42A8-AD48-A69EF26FA340}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{D5F017D0-EDB0-464C-9530-D3BE2ED8FBA4}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
    "{D90A3B3F-A32A-4ECD-BCE5-45CBABAC5483}" = protocol=6 | dir=out | app=system |
    "{E02EB3E0-950E-491B-AD2B-EBA1FF38B98C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{E07F9164-A2E9-4423-A25C-D57690A4B231}" = dir=in | app=e:\setup\hpznui01.exe |
    "{E154BBA9-567F-414D-8F5E-C73FED13E98F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{E49C77F2-8589-4709-BDE7-A50117E240D0}" = protocol=58 | dir=in | [email protected],-28545 |
    "{EA1A49E9-D65D-4A05-87BC-F197469803F2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
    "{F3FFE923-52EC-47FF-8019-00AD85843D74}" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.dll |
    "{F7A2D723-57BF-4FDE-B4E5-A52E9085F1E6}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
    "{FB412609-B011-4F65-BB67-6FDDB79BE005}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "TCP Query User{04583A68-FB4E-442D-A83E-06249678D1EE}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
    "TCP Query User{0AEECDC0-F10B-4485-9FCE-5EB9C6474ED6}C:\users\jenise\desktop\yuleech-runesofmagic2_0_1_1821-en.exe" = protocol=6 | dir=in | app=c:\users\jenise\desktop\yuleech-runesofmagic2_0_1_1821-en.exe |
    "TCP Query User{189EC05E-7E1F-4868-AED9-8710428CCD6B}C:\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\flashget\flashget.exe |
    "TCP Query User{2A200CD4-3733-461F-82CE-21614F061EBA}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "TCP Query User{2DDD48EA-EDDB-45C9-81BA-4FEF08200231}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{38290DD0-D9EB-4081-B44F-7CE5D38D2B05}C:\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\flashget\flashget.exe |
    "TCP Query User{3E7A8181-AEEE-4013-A1E5-09043BDF07B2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
    "TCP Query User{449F4ED0-3522-4F34-86EB-DB20DF4C4EEE}C:\program files\pando networks\pando\pando.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
    "TCP Query User{926942E6-B417-4B32-A51D-1C5F261F7F94}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
    "TCP Query User{97118352-D035-4DB5-8004-AA44F52A6F28}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{990B0445-C1E9-47CF-9AE2-27DCD3427E1E}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
    "TCP Query User{DAFCB372-ED99-4CB3-A3CE-A0468052DC2F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{1EDC2A6F-8588-45FF-B05E-F71E05C1C3F7}C:\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\flashget\flashget.exe |
    "UDP Query User{20BFE209-BABD-443C-9D69-0276E94375BC}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
    "UDP Query User{2E68A0D9-E20C-4EFB-A5CE-9865D3AEAB7E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
    "UDP Query User{70AFB612-6AA9-4DEF-9413-E410D8BB99D0}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{747A0BF5-DD18-45F7-836F-74BEC0C635BB}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
    "UDP Query User{8D62F7C4-7586-467F-A8CA-FCF47F5B9E2D}C:\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\flashget\flashget.exe |
    "UDP Query User{9EA90CA3-9918-4589-80D9-A653FAF12867}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "UDP Query User{D6911658-0007-44D8-A923-7EE859CDB91D}C:\program files\pando networks\pando\pando.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
    "UDP Query User{ED16951F-ABBA-40CB-8713-4F9FCA2CD20D}C:\users\jenise\desktop\yuleech-runesofmagic2_0_1_1821-en.exe" = protocol=17 | dir=in | app=c:\users\jenise\desktop\yuleech-runesofmagic2_0_1_1821-en.exe |
    "UDP Query User{EFCEBBAF-1971-4A92-8972-12CCA325AF84}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{F8008564-1516-4993-8D4F-CD664967F2DF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{FBD166BB-72E1-4B60-B4AC-02B71692F34E}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{010F7E2B-9ACA-4D31-B87C-09EC5CC8D3F1}" = TurboTax 2008 winiper
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
    "{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
    "{194D0B58-ED34-444F-A1D1-C1CACFC3B7EE}" = Cozi Outlook Toolbar
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2086A549-ED96-4dc9-BBE3-0538AB29ABEC}" = PSP Thumbnail Handler
    "{22443966-38F8-8A4D-AA16-0FBFA246881F}" = Acrobat.com
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
    "{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{30E3DC12-65D7-4DFA-8F19-BA885B773A05}" = hp_pbk_fnt_romance_scrapbook01
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{334A33C2-B9A5-4322-AB83-EBF42BFCC470}" = Fresh RAM
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{385E26E0-EAA2-012B-ADA5-000000000000}" = TurboTax 2009 winiper
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{39003340-EAA2-012B-ADCD-000000000000}" = TurboTax 2009 wkyiper
    "{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}" = Hoyle Casino
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77E912CE-6396-45B8-90C0-DF402B3D7566}" = BudgetExpress 3
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{812FF41B-6870-2964-2572-379477CEDA97}" = easy gadget
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
    "{87C79BE7-06DD-AA67-209C-1824B84C3A4F}" = Picaboo X
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DC15870-CB9B-471A-AE23-367C5C3B4702}" = hp_pbk_everyday_dogs_scrapbook01
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{98881DD9-D574-42A6-B15D-1E553E1976EA}" = hp_pbk_soah_christmas_modern01
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
    "{9ED3C484-D002-4D4D-9BF3-C3DF9048EE7D}" = StuffIt 12
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
    "{C200A620-DD82-42A9-9A32-2CDA92914DCB}" = O2Micro Flash Memory Card Reader Driver (x86)
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF404C21-47EB-4FA5-B920-91746874ED43}" = Ulead Photo Express My Scrapbook 2.0
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
    "{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{E9F3E83A-09AF-42BF-837E-7F749F1AABE3}" = Bookworm Adventures Vol. 2
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}" = Hoyle Puzzle and Board Games
    "{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}" = Serif PhotoPlus X2
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AI RoboForm" = AI RoboForm (All Users)
    "Alarm Clock_is1" = Alarm Clock v1.0
    "amg-bigkahunareef2chainreaction" = Big Kahuna Reef 2 - Chain Reaction
    "amg-bricksofcamelot" = Bricks of Camelot
    "amg-bricksofegypt" = Bricks of Egypt
    "amg-ecomatch" = Eco Match
    "amg-elfbowlinghawaiianvacation" = Elf Bowling - Hawaiian Vacation
    "amg-faeriesolitairetm" = Faerie Solitaire(TM)
    "amg-farmfrenzy" = Farm Frenzy
    "amg-gamehousesolitairechallenge" = GameHouse Solitaire Challenge
    "amg-goldrushtreasurehunt" = Gold Rush - Treasure Hunt
    "amg-legendsofthewildwestgoldenhill" = Legends of the Wild West - Golden Hill
    "amg-lostcityofaquatica" = Lost City of Aquatica
    "amg-lostinreefs" = Lost in Reefs
    "amg-mahjongginvestigationsundersuspicion" = Mahjongg Investigations - Under Suspicion
    "amg-monkeymoney" = Monkey Money
    "amg-mysterylegendstmsleepyhollow" = Mystery Legends(TM) - Sleepy Hollow
    "amg-picketfences" = Picket Fences
    "amg-pokersuperstars2" = Poker Superstars 2
    "amg-poshshop" = Posh Shop
    "amg-qbeez2" = QBeez 2
    "amg-rainbowweb2" = Rainbow Web 2
    "amg-rainforestadventure" = Rainforest Adventure
    "amg-relichunt" = Relic Hunt
    "amg-scarabsofpharaoh" = Scarabs of Pharaoh
    "amg-skipbocastawaycapertm" = SKIP-BO Castaway Caper(TM)
    "amg-spongebobsquarepantscollapse" = SpongeBob SquarePants Collapse!
    "amg-strikeball2" = Strike Ball 2
    "amg-strikeball3" = Strike Ball 3
    "amg-textexpress2deluxe" = Text Express 2 Deluxe
    "amg-turtleodyssey" = Turtle Odyssey
    "amg-wobblybobbly" = Wobbly Bobbly
    "amg-wordtravels" = Word Travels
    "amg-worldmosaics2" = World Mosaics 2
    "AudibleManager" = AudibleManager
    "azzCardfile_is1" = azzCardfile 4.0c
    "Bejeweled Twist 1.0" = Bejeweled Twist 1.0
    "BookWorm Deluxe 1.02" = BookWorm Deluxe 1.02
    "CCleaner" = CCleaner (remove only)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.brighthouse.air.gadget.D76A18CCA16817C56F836CA64BA57EFAC2361D0A.1" = easy gadget
    "com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Family Tree Heritage" = Family Tree Heritage
    "Family Tree Maker 2009" = Family Tree Maker 2009
    "Feeding Frenzy 2 1.0" = Feeding Frenzy 2 1.0
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "FlashGet" = FlashGet 1.9.6.1073
    "Flower Paradise" = Flower Paradise (remove only)
    "Fotki Desktop_is1" = Fotki Desktop
    "Google Calendar Sync" = Google Calendar Sync
    "Google Desktop" = Google Desktop
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HPExtendedCapabilities" = HP Customer Participation Program 12.0
    "Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
    "iWinArcade" = iWin Games (remove only)
    "Jewel Quest" = Jewel Quest (remove only)
    "Jewel Quest II" = Jewel Quest II (remove only)
    "Jewel Quest Solitaire" = Jewel Quest Solitaire (remove only)
    "Jewel Quest Solitaire II" = Jewel Quest Solitaire II (remove only)
    "Kidzui" = Kidzui
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Mah Jong Quest" = Mah Jong Quest (remove only)
    "Mah Jong Quest III" = Mah Jong Quest III (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Money2007b" = Microsoft Money Essentials
    "Monopoly Here & Now Edition" = Monopoly Here & Now Edition
    "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.1
    "Musicnotes Player" = Musicnotes Player
    "NFOpad" = NFOpad 1.52
    "PDFZilla_is1" = PDFZilla V1.2
    "Peggle Nights Deluxe 1.0" = Peggle Nights Deluxe 1.0
    "Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
    "Picasa 3" = Picasa 3
    "PrimoPDF4.1.0.9" = PrimoPDF
    "Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
    "Slingo Supreme" = Slingo Supreme (remove only)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Tag&Rename_is1" = Tag&Rename 3.5.1
    "TurboTax 2008" = TurboTax 2008
    "TurboTax 2009" = TurboTax 2009
    "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
    "TVersity Codec Pack" = TVersity Codec Pack 1.4
    "TVersity Media Server" = TVersity Media Server 1.9.3
    "TVersity Media Server " = TVersity Media Server 1.6 Beta
    "TVersitybar Toolbar" = TVersitybar Toolbar
    "TVWiz" = Intel(R) TV Wizard
    "UnityWebPlayer" = Unity Web Player
    "Warcraft II BNE" = Warcraft II BNE
    "Warcraft III" = Warcraft III
    "Web Games Player Plugin" = Web Games Player Plugin
    "WildTangent gateway Master Uninstall" = Gateway Games
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "Winmail Reader_is1" = Winmail Reader 1.1.11
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "Wow Web Stats Client v3.0" = Wow Web Stats Client v3.0

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  6. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-24 12:09:55
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.FBEO
    Running: gmer.exe; Driver: C:\Users\Jenise\AppData\Local\Temp\fxldqpow.sys

    ---- System - GMER 1.0.15 ----
    INT 0x62 ? 86609BF8
    INT 0x82 ? 86609BF8
    INT 0x92 ? 858ABBF8
    INT 0x92 ? 86609BF8
    INT 0x92 ? 86609BF8
    INT 0x92 ? 86609BF8
    INT 0x92 ? 858ABBF8
    INT 0xA2 ? 86609BF8
    INT 0xA2 ? 86609BF8
    INT 0xB2 ? 86609BF8
    ---- Kernel code sections - GMER 1.0.15 ----
    ? System32\Drivers\spui.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 8E23441B 5 Bytes JMP 866091D8
    .text aq8z2sz5.SYS 8E2DF000 22 Bytes [82, 33, 01, 82, 6C, 32, 01, ...]
    .text aq8z2sz5.SYS 8E2DF017 167 Bytes [00, 32, 97, 79, 82, 3D, 95, ...]
    .text aq8z2sz5.SYS 8E2DF0BF 13 Bytes [82, 00, 00, 00, 00, 00, 00, ...] {ADD BYTE [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    .text aq8z2sz5.SYS 8E2DF0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX}
    .text aq8z2sz5.SYS 8E2DF0DA 12 Bytes [00, 00, 02, 00, 00, 00, 26, ...]
    .text ...
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Windows\Explorer.EXE[120] ntdll.dll!NtProtectVirtualMemory 77494D34 5 Bytes JMP 02BB000A
    .text C:\Windows\Explorer.EXE[120] ntdll.dll!NtWriteVirtualMemory 77495674 5 Bytes JMP 02EE000A
    .text C:\Windows\Explorer.EXE[120] ntdll.dll!KiUserExceptionDispatcher 77495DC8 5 Bytes JMP 028D000A
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 77494D34 5 Bytes JMP 004B000A
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory 77495674 5 Bytes JMP 004C000A
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!KiUserExceptionDispatcher 77495DC8 5 Bytes JMP 004A000A
    .text C:\Windows\system32\svchost.exe[1024] ole32.dll!CoCreateInstance 770B9F3E 5 Bytes JMP 0059000A
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!GetCursorPos 77290B88 5 Bytes JMP 0103000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] ntdll.dll!NtProtectVirtualMemory 77494D34 5 Bytes JMP 009A000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] ntdll.dll!NtWriteVirtualMemory 77495674 5 Bytes JMP 009F000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] ntdll.dll!KiUserExceptionDispatcher 77495DC8 5 Bytes JMP 0099000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!SetWindowsHookExW 772787AD 5 Bytes JMP 6F9C9AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!CallNextHookEx 77278E3B 5 Bytes JMP 6F9BD145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!UnhookWindowsHookEx 772798DB 5 Bytes JMP 6F934696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!CreateWindowExW 77281305 5 Bytes JMP 6F9CDB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!DialogBoxParamW 772A10B0 5 Bytes JMP 6F8F5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!DialogBoxIndirectParamW 772A2EF5 5 Bytes JMP 6FAC4FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!DialogBoxParamA 772B8152 5 Bytes JMP 6FAC4F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!DialogBoxIndirectParamA 772B847D 5 Bytes JMP 6FAC5052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!MessageBoxIndirectA 772CD4D9 5 Bytes JMP 6FAC4F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!MessageBoxIndirectW 772CD5D3 5 Bytes JMP 6FAC4EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!MessageBoxExA 772CD639 5 Bytes JMP 6FAC4E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] USER32.dll!MessageBoxExW 772CD65D 5 Bytes JMP 6FAC4DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] ole32.dll!OleLoadFromStream 77081E80 5 Bytes JMP 6FAC5370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1708] ole32.dll!CoCreateInstance 770B9F3E 5 Bytes JMP 6F9CDBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] ntdll.dll!NtProtectVirtualMemory 77494D34 5 Bytes JMP 0021000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] ntdll.dll!NtWriteVirtualMemory 77495674 5 Bytes JMP 0088000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] ntdll.dll!KiUserExceptionDispatcher 77495DC8 5 Bytes JMP 0020000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!CreateDialogParamW 772772A2 5 Bytes JMP 10134BA0 C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!CreateWindowExW 77281305 5 Bytes JMP 6F9CDB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxParamW 772A10B0 5 Bytes JMP 10134D20 C:\Program Files\TVersitybar\tbTVe0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxIndirectParamW 772A2EF5 5 Bytes JMP 6FAC4FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxParamA 772B8152 5 Bytes JMP 6FAC4F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!DialogBoxIndirectParamA 772B847D 5 Bytes JMP 6FAC5052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxIndirectA 772CD4D9 5 Bytes JMP 6FAC4F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxIndirectW 772CD5D3 5 Bytes JMP 6FAC4EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxExA 772CD639 5 Bytes JMP 6FAC4E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2112] USER32.dll!MessageBoxExW 772CD65D 5 Bytes JMP 6FAC4DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs 858AD1F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{E0AFCA9B-9DD3-49DA-8E88-4432F05CE7D4} 86D67500
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    Device \Driver\volmgr \Device\VolMgrControl 858A91F8
    Device \Driver\usbuhci \Device\USBPDO-0 8665F1F8
    Device \Driver\usbuhci \Device\USBPDO-1 8665F1F8
    Device \Driver\usbuhci \Device\USBPDO-2 8665F1F8
    Device \Driver\usbehci \Device\USBPDO-3 866601F8
    Device \Driver\usbuhci \Device\USBPDO-4 8665F1F8
    Device \Driver\usbuhci \Device\USBPDO-5 8665F1F8
    Device \Driver\sptd \Device\3686372337 spui.sys
    Device \Driver\usbuhci \Device\USBPDO-6 8665F1F8
    Device \Driver\volmgr \Device\HarddiskVolume1 858A91F8
    Device \Driver\usbehci \Device\USBPDO-7 866601F8
    Device \Driver\volmgr \Device\HarddiskVolume2 858A91F8
    Device \Driver\cdrom \Device\CdRom0 866EE1F8
    Device \Driver\iaStor \Device\Ide\iaStor0 [828C7390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [828C7390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\volmgr \Device\HarddiskVolume3 858A91F8
    Device \Driver\cdrom \Device\CdRom1 866EE1F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 86D67500
    Device \Driver\Smb \Device\NetbiosSmb 86D421F8
    Device \Driver\iScsiPrt \Device\RaidPort0 866F83F0
    Device \Driver\netbt \Device\NetBT_Tcpip_{303BC344-9B58-4EB4-97AD-724DA608135B} 86D67500
    Device \Driver\PCI_PNP6326 \Device\0000005f spui.sys
    Device \Driver\usbuhci \Device\USBFDO-0 8665F1F8
    Device \Driver\usbuhci \Device\USBFDO-1 8665F1F8
    Device \Driver\usbuhci \Device\USBFDO-2 8665F1F8
    Device \Driver\usbehci \Device\USBFDO-3 866601F8
    Device \Driver\usbuhci \Device\USBFDO-4 8665F1F8
    Device \Driver\usbuhci \Device\USBFDO-5 8665F1F8
    Device \Driver\usbuhci \Device\USBFDO-6 8665F1F8
    Device \Driver\usbehci \Device\USBFDO-7 866601F8
    Device \Driver\aq8z2sz5 \Device\Scsi\aq8z2sz51Port4Path0Target0Lun0 866F4500
    Device \Driver\aq8z2sz5 \Device\Scsi\aq8z2sz51 866F4500
    Device \FileSystem\cdfs \Cdfs 871821F8
    Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS543225L9A300_________________FBEOC40C#4&286e8e68&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 45262
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x77 0x85 0x5E 0x6B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x39 0xDD 0x89 0xE1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xE1 0x75 0x9C 0x4F ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x77 0x85 0x5E 0x6B ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x39 0xDD 0x89 0xE1 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xE1 0x75 0x9C 0x4F ...
    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;
    ---- Files - GMER 1.0.15 ----
    File C:\Users\Jenise\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 680 bytes
    File C:\Users\Jenise\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt 111 bytes
    ---- EOF - GMER 1.0.15 ----
     
  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following

    Refer to the ComboFix User's Guide

    1. Download ComboFix from one of these locations:

      Link 1
      Link 2

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------
     
  8. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    The box for combfix comes up and then disappears after a few moments. I then get a BSOD all I can see of it is that is iastor.sys.
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please delete the copy of ComboFix that you have on your desktop

    download a fresh copy but rename it to iexplore before saving it to your desktop

    make certain when you run it that all your security systems are disabled or they will interfere


    Now download and run TDSSKiller before re-running ComboFix, once TDSSKiller completes, retry ComboFix, post both logs


    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
     
  10. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    2010/12/27 09:34:29.0323 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2010/12/27 09:34:29.0323 ================================================================================
    2010/12/27 09:34:29.0323 SystemInfo:
    2010/12/27 09:34:29.0323
    2010/12/27 09:34:29.0323 OS Version: 6.0.6002 ServicePack: 2.0
    2010/12/27 09:34:29.0323 Product type: Workstation
    2010/12/27 09:34:29.0323 ComputerName: GWLT
    2010/12/27 09:34:29.0323 UserName: Jenise
    2010/12/27 09:34:29.0323 Windows directory: C:\Windows
    2010/12/27 09:34:29.0323 System windows directory: C:\Windows
    2010/12/27 09:34:29.0323 Processor architecture: Intel x86
    2010/12/27 09:34:29.0323 Number of processors: 2
    2010/12/27 09:34:29.0323 Page size: 0x1000
    2010/12/27 09:34:29.0323 Boot type: Safe boot
    2010/12/27 09:34:29.0323 ================================================================================
    2010/12/27 09:34:40.0493 Initialize success
    2010/12/27 09:34:45.0329 ================================================================================
    2010/12/27 09:34:45.0329 Scan started
    2010/12/27 09:34:45.0329 Mode: Manual;
    2010/12/27 09:34:45.0329 ================================================================================
    2010/12/27 09:34:46.0218 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/12/27 09:34:46.0311 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2010/12/27 09:34:46.0405 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2010/12/27 09:34:46.0436 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2010/12/27 09:34:46.0467 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2010/12/27 09:34:46.0623 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/12/27 09:34:46.0717 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2010/12/27 09:34:46.0842 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/12/27 09:34:46.0904 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2010/12/27 09:34:46.0967 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2010/12/27 09:34:47.0045 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2010/12/27 09:34:47.0123 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2010/12/27 09:34:47.0169 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2010/12/27 09:34:47.0294 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2010/12/27 09:34:47.0372 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2010/12/27 09:34:47.0435 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/12/27 09:34:47.0497 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    2010/12/27 09:34:47.0606 athr (8b412ddc62a0510767c5d48192ee1324) C:\Windows\system32\DRIVERS\athr.sys
    2010/12/27 09:34:47.0778 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/12/27 09:34:47.0840 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2010/12/27 09:34:47.0965 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/12/27 09:34:48.0043 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/12/27 09:34:48.0074 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2010/12/27 09:34:48.0199 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/12/27 09:34:48.0230 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/12/27 09:34:48.0308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/12/27 09:34:48.0339 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/12/27 09:34:48.0464 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2010/12/27 09:34:48.0636 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/12/27 09:34:48.0698 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/12/27 09:34:48.0745 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2010/12/27 09:34:48.0854 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/12/27 09:34:48.0979 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/12/27 09:34:49.0010 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2010/12/27 09:34:49.0073 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
    2010/12/27 09:34:49.0197 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys
    2010/12/27 09:34:49.0244 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/12/27 09:34:49.0260 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2010/12/27 09:34:49.0291 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2010/12/27 09:34:49.0431 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/12/27 09:34:49.0509 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/12/27 09:34:49.0634 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/12/27 09:34:49.0697 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/12/27 09:34:49.0806 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/12/27 09:34:49.0884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/12/27 09:34:49.0977 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/12/27 09:34:50.0165 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2010/12/27 09:34:50.0274 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/12/27 09:34:50.0367 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2010/12/27 09:34:50.0477 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/12/27 09:34:50.0555 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/12/27 09:34:50.0617 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/12/27 09:34:50.0757 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/12/27 09:34:50.0789 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/12/27 09:34:50.0835 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/12/27 09:34:50.0882 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/12/27 09:34:51.0038 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    2010/12/27 09:34:51.0101 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/12/27 09:34:51.0132 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/12/27 09:34:51.0241 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/27 09:34:51.0397 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2010/12/27 09:34:51.0475 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/12/27 09:34:51.0553 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/12/27 09:34:51.0584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/12/27 09:34:51.0662 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/12/27 09:34:51.0787 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2010/12/27 09:34:51.0927 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2010/12/27 09:34:52.0021 HSF_DPV (efed6bd9b9d5f407adca918bbe2d410d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2010/12/27 09:34:52.0130 HSXHWAZL (c2eb8396c46e13f76037d70eae8820a9) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2010/12/27 09:34:52.0177 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/12/27 09:34:52.0224 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2010/12/27 09:34:52.0317 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/12/27 09:34:52.0411 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
    2010/12/27 09:34:52.0505 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2010/12/27 09:34:52.0676 igfx (9b1c286404283f71d14dd681408b9750) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/12/27 09:34:52.0817 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/12/27 09:34:52.0879 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
    2010/12/27 09:34:52.0941 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\Windows\system32\drivers\IntcHdmi.sys
    2010/12/27 09:34:53.0035 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2010/12/27 09:34:53.0082 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/12/27 09:34:53.0144 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/27 09:34:53.0300 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2010/12/27 09:34:53.0316 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/12/27 09:34:53.0441 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/12/27 09:34:53.0487 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2010/12/27 09:34:53.0534 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/12/27 09:34:53.0612 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/12/27 09:34:53.0690 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/12/27 09:34:53.0877 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/12/27 09:34:53.0971 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    2010/12/27 09:34:54.0033 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/12/27 09:34:54.0127 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
    2010/12/27 09:34:54.0205 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/12/27 09:34:54.0252 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2010/12/27 09:34:54.0283 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2010/12/27 09:34:54.0330 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/12/27 09:34:54.0408 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/12/27 09:34:54.0501 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2010/12/27 09:34:54.0595 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2010/12/27 09:34:54.0657 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2010/12/27 09:34:54.0689 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/12/27 09:34:54.0720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/12/27 09:34:54.0829 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/12/27 09:34:54.0876 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/12/27 09:34:54.0891 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/12/27 09:34:55.0001 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2010/12/27 09:34:55.0032 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/12/27 09:34:55.0063 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/12/27 09:34:55.0110 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/12/27 09:34:55.0188 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/12/27 09:34:55.0219 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/27 09:34:55.0250 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/27 09:34:55.0344 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2010/12/27 09:34:55.0391 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2010/12/27 09:34:55.0437 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/12/27 09:34:55.0531 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/12/27 09:34:55.0609 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/12/27 09:34:55.0640 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/12/27 09:34:55.0671 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/12/27 09:34:55.0765 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/12/27 09:34:55.0952 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/12/27 09:34:56.0015 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/12/27 09:34:56.0093 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/12/27 09:34:56.0171 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/12/27 09:34:56.0327 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101223.002\NAVENG.SYS
    2010/12/27 09:34:56.0405 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101223.002\NAVEX15.SYS
    2010/12/27 09:34:56.0529 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/12/27 09:34:56.0576 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/12/27 09:34:56.0607 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/12/27 09:34:56.0717 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/12/27 09:34:56.0748 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/12/27 09:34:56.0873 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/12/27 09:34:56.0935 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2010/12/27 09:34:57.0153 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
    2010/12/27 09:34:57.0247 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/12/27 09:34:57.0294 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/12/27 09:34:57.0325 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/12/27 09:34:57.0403 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/12/27 09:34:57.0512 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/12/27 09:34:57.0543 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/12/27 09:34:57.0575 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2010/12/27 09:34:57.0606 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2010/12/27 09:34:57.0637 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2010/12/27 09:34:57.0809 O2MDRDR (16dfa5eff3f104c1d66bcb60c06a101f) C:\Windows\system32\DRIVERS\o2media.sys
    2010/12/27 09:34:57.0824 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys
    2010/12/27 09:34:57.0965 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/12/27 09:34:58.0027 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2010/12/27 09:34:58.0074 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/12/27 09:34:58.0167 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2010/12/27 09:34:58.0214 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/12/27 09:34:58.0245 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    2010/12/27 09:34:58.0261 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2010/12/27 09:34:58.0401 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/12/27 09:34:58.0573 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/12/27 09:34:58.0604 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2010/12/27 09:34:58.0698 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/12/27 09:34:58.0838 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2010/12/27 09:34:58.0932 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/12/27 09:34:58.0979 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/12/27 09:34:58.0994 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/12/27 09:34:59.0025 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/12/27 09:34:59.0119 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/12/27 09:34:59.0166 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/12/27 09:34:59.0213 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/12/27 09:34:59.0291 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/12/27 09:34:59.0337 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2010/12/27 09:34:59.0353 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/12/27 09:34:59.0415 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/12/27 09:34:59.0587 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    2010/12/27 09:34:59.0634 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    2010/12/27 09:34:59.0759 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/12/27 09:34:59.0805 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/12/27 09:34:59.0946 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    2010/12/27 09:35:00.0008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/12/27 09:35:00.0039 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2010/12/27 09:35:00.0133 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2010/12/27 09:35:00.0164 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/12/27 09:35:00.0211 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2010/12/27 09:35:00.0227 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/12/27 09:35:00.0320 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2010/12/27 09:35:00.0351 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/12/27 09:35:00.0383 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2010/12/27 09:35:00.0414 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2010/12/27 09:35:00.0445 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2010/12/27 09:35:00.0539 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/12/27 09:35:00.0663 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2010/12/27 09:35:00.0757 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/12/27 09:35:00.0804 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
    2010/12/27 09:35:00.0804 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    2010/12/27 09:35:00.0819 sptd - detected Locked file (1)
    2010/12/27 09:35:00.0897 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\Windows\system32\Drivers\SRTSP.SYS
    2010/12/27 09:35:00.0944 SRTSPL (c668edee729925635c254b04e70f9493) C:\Windows\system32\Drivers\SRTSPL.SYS
    2010/12/27 09:35:00.0975 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\Windows\system32\Drivers\SRTSPX.SYS
    2010/12/27 09:35:01.0085 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2010/12/27 09:35:01.0116 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2010/12/27 09:35:01.0131 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/12/27 09:35:01.0272 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    2010/12/27 09:35:01.0334 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/12/27 09:35:01.0381 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/12/27 09:35:01.0475 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2010/12/27 09:35:01.0521 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\Windows\System32\Drivers\SYMREDRV.SYS
    2010/12/27 09:35:01.0553 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\Windows\System32\Drivers\SYMTDI.SYS
    2010/12/27 09:35:01.0599 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/12/27 09:35:01.0693 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/12/27 09:35:01.0755 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/12/27 09:35:01.0849 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/12/27 09:35:01.0958 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/12/27 09:35:02.0083 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/12/27 09:35:02.0145 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/12/27 09:35:02.0177 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/12/27 09:35:02.0255 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/12/27 09:35:02.0317 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/12/27 09:35:02.0395 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/12/27 09:35:02.0442 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/12/27 09:35:02.0504 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/12/27 09:35:02.0551 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2010/12/27 09:35:02.0598 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/12/27 09:35:02.0676 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2010/12/27 09:35:02.0738 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2010/12/27 09:35:02.0785 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/12/27 09:35:02.0801 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/12/27 09:35:02.0879 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/12/27 09:35:02.0988 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
    2010/12/27 09:35:03.0113 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2010/12/27 09:35:03.0191 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/12/27 09:35:03.0269 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/12/27 09:35:03.0331 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/12/27 09:35:03.0378 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/12/27 09:35:03.0456 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/12/27 09:35:03.0518 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2010/12/27 09:35:03.0581 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2010/12/27 09:35:03.0659 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/27 09:35:03.0705 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/12/27 09:35:03.0737 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2010/12/27 09:35:03.0815 UVCFTR (c9e1ea0b39b1177f58326230f3ff065e) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    2010/12/27 09:35:03.0893 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/12/27 09:35:03.0924 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/12/27 09:35:04.0002 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2010/12/27 09:35:04.0064 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2010/12/27 09:35:04.0095 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2010/12/27 09:35:04.0127 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/12/27 09:35:04.0205 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/12/27 09:35:04.0283 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/12/27 09:35:04.0314 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2010/12/27 09:35:04.0439 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/12/27 09:35:04.0485 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/27 09:35:04.0501 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/12/27 09:35:04.0563 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2010/12/27 09:35:04.0641 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2010/12/27 09:35:04.0751 winachsf (d0116c473ef3c381a42bb55036a1adb1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2010/12/27 09:35:04.0938 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/12/27 09:35:05.0016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/12/27 09:35:05.0156 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
    2010/12/27 09:35:05.0219 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/12/27 09:35:05.0312 XAudio (22a08b9faecd6a306868f59b7f03f188) C:\Windows\system32\DRIVERS\XAudio32.sys
    2010/12/27 09:35:05.0375 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
    2010/12/27 09:35:05.0406 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/27 09:35:05.0437 ================================================================================
    2010/12/27 09:35:05.0437 Scan finished
    2010/12/27 09:35:05.0437 ================================================================================
    2010/12/27 09:35:05.0453 Detected object count: 2
    2010/12/27 09:35:34.0734 Locked file(sptd) - User select action: Skip
    2010/12/27 09:35:34.0781 \HardDisk0 - will be cured after reboot
    2010/12/27 09:35:34.0781 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/12/27 09:35:39.0679 Deinitialize success
     
  11. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    ComboFix 10-12-24.01 - Jenise 12/27/2010 9:44.2.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.2043 [GMT -5:00]
    Running from: c:\users\Jenise\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
    .

    2010-12-27 14:54 . 2010-12-27 15:04 -------- d-----w- c:\users\Jenise\AppData\Local\temp
    2010-12-27 14:54 . 2010-12-27 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-20 02:50 . 2010-12-20 19:41 -------- d-----w- c:\users\Public\_copied files
    2010-12-19 04:39 . 2010-12-19 04:39 388096 ----a-r- c:\users\Jenise\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-19 04:39 . 2010-12-19 04:39 -------- d-----w- c:\program files\Trend Micro
    2010-12-19 01:47 . 2010-12-19 01:47 -------- d-----w- C:\DRIVERS
    2010-12-19 01:47 . 2009-08-07 10:17 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2010-12-18 22:41 . 2010-12-18 22:41 -------- d-----w- c:\users\Jenise\AppData\Local\Mozilla
    2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\users\Jenise\AppData\Roaming\Malwarebytes
    2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-16 17:59 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-16 17:59 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-15 19:26 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2010-12-15 19:26 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
    2010-12-15 19:26 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-15 19:26 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-12-15 19:26 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-15 19:26 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-15 19:26 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-15 19:26 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-15 19:26 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-14 06:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2528291C-C288-41DC-BFFC-8A6265B970FF}\mpengine.dll
    2010-11-28 13:35 . 2010-11-28 13:35 -------- d-----w- c:\program files\Conduit
    2010-11-28 13:35 . 2010-11-28 13:36 -------- d-----w- c:\program files\TVersitybar
    2010-11-28 13:31 . 2010-11-28 13:31 -------- d-----w- c:\programdata\TVersity

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 15:41 . 2009-10-03 05:33 222080 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\TVersitybar\tbTVe0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]

    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-09 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 175128]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-09 153624]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
    backup=c:\windows\pss\BigFix.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    backup=c:\windows\pss\Desktop Manager.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^easy gadget.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\easy gadget.lnk
    backup=c:\windows\pss\easy gadget.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
    backup=c:\windows\pss\eFax 4.4.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fotki Desktop.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fotki Desktop.lnk
    backup=c:\windows\pss\Fotki Desktop.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-03-01 23:53 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    2009-03-17 07:17 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2008-09-10 02:58 638976 ----a-w- c:\program files\Camera Assistant Software for Gateway\traybar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
    2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
    2007-09-25 09:29 2007088 ----a-w- c:\flashget\flashget.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-12-07 18:33 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
    2009-03-01 10:59 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-29 00:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    2010-04-14 22:55 4922552 ----a-w- c:\program files\Pando Networks\Pando\pando.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
    2010-09-04 00:04 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2009-07-08 17:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmAudio]
    2008-08-05 03:22 2701880 ------w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-05 04:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    R0 efeia;efeia;c:\windows\System32\drivers\sfjqk.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
    R2 gupdate1ca8a2e9ce572e0;Google Update Service (gupdate1ca8a2e9ce572e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 133104]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
    R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2010-01-21 78104]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-18 102448]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-07 30192]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-27 64160]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-28 717296]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ECACHE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    rsmsvcs REG_MULTI_SZ ntmssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:53]

    2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:33]

    2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:33]

    2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{66F1F043-2D37-434F-BE46-4A631A2DD830}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0109&m=m-7347u
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:59274
    IE: &Download All with FlashGet - c:\flashget\jc_all.htm
    IE: &Download with FlashGet - c:\flashget\jc_link.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: webkinz.com\www
    .
    .
    ------- File Associations -------
    .
    .txt=NFOpad
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-RunOnce-<NO NAME> - (no file)



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-27 10:11:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-27 15:11
    ComboFix2.txt 2010-12-19 02:57

    Pre-Run: 20,295,999,488 bytes free
    Post-Run: 20,275,716,096 bytes free

    - - End Of File - - CB58408E11F6609475B5F258F84BDA72
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/7740894-post11.html
    
    Collect::
    c:\windows\System32\drivers\sfjqk.sys
    
    Folder::
    c:\program files\iWin Games
    
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:59274
    
    Driver::
    efeia
    iWinTrusted
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    NEXT


    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  13. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    ComboFix 10-12-22.01 - Jenise 12/27/2010 10:46:03.2.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.2266 [GMT -5:00]
    Running from: c:\users\Jenise\Desktop\ComboFix.exe
    Command switches used :: c:\users\Jenise\Desktop\CFSCript.txt
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\iWin Games
    c:\program files\iWin Games\AdminWorker.exe
    c:\program files\iWin Games\firefox\chrome.manifest
    c:\program files\iWin Games\firefox\chrome\iwinarcade.jar
    c:\program files\iWin Games\firefox\install.rdf
    c:\program files\iWin Games\firefox\iWinArcadeLauncher.exe
    c:\program files\iWin Games\firefox\version
    c:\program files\iWin Games\ftdownload.dat
    c:\program files\iWin Games\gamepage\buynow.html
    c:\program files\iWin Games\gamepage\common.js
    c:\program files\iWin Games\gamepage\css\offline.css
    c:\program files\iWin Games\gamepage\disconnected-upsell.html
    c:\program files\iWin Games\gamepage\end.html
    c:\program files\iWin Games\gamepage\expired.html
    c:\program files\iWin Games\gamepage\images\alert32x32.gif
    c:\program files\iWin Games\gamepage\images\bg_header.gif
    c:\program files\iWin Games\gamepage\images\buttons\close-blue-28.gif
    c:\program files\iWin Games\gamepage\images\buttons\continue-orange-132.gif
    c:\program files\iWin Games\gamepage\images\buttons\yesiwantabackupcd-orange-197.gif
    c:\program files\iWin Games\gamepage\images\common\header-bg.gif
    c:\program files\iWin Games\gamepage\images\common\header-small-bg.gif
    c:\program files\iWin Games\gamepage\images\common\loading.gif
    c:\program files\iWin Games\gamepage\images\continuefreetrial-32.gif
    c:\program files\iWin Games\gamepage\images\global\logo-invis.gif
    c:\program files\iWin Games\gamepage\images\global\logo.gif
    c:\program files\iWin Games\gamepage\images\global\page-bg-swirly.gif
    c:\program files\iWin Games\gamepage\images\global\page-bg.gif
    c:\program files\iWin Games\gamepage\images\global\page-header-small-bg.jpg
    c:\program files\iWin Games\gamepage\images\logo.jpg
    c:\program files\iWin Games\gamepage\images\misc\blue-bottom-triangle.gif
    c:\program files\iWin Games\gamepage\images\misc\information.gif
    c:\program files\iWin Games\gamepage\images\ous\divider.gif
    c:\program files\iWin Games\gamepage\images\ous\eus.jpg
    c:\program files\iWin Games\gamepage\images\ous\hotel-bg.gif
    c:\program files\iWin Games\gamepage\images\ous\hotel-iwin.gif
    c:\program files\iWin Games\gamepage\images\ous\opal.gif
    c:\program files\iWin Games\gamepage\images\ous\opalbox.jpg
    c:\program files\iWin Games\gamepage\images\ous\ous-promo-banner.jpg
    c:\program files\iWin Games\gamepage\images\plans\plan1.gif
    c:\program files\iWin Games\gamepage\images\plans\plan2.gif
    c:\program files\iWin Games\gamepage\images\plans\plan3.gif
    c:\program files\iWin Games\gamepage\images\product\feature.jpg
    c:\program files\iWin Games\gamepage\open.html
    c:\program files\iWin Games\gamepage\operationfailed.html
    c:\program files\iWin Games\gamepage\scripts\disconnected-upsell.js
    c:\program files\iWin Games\gamepage\scripts\popups.js
    c:\program files\iWin Games\gamepage\scripts\prototype-1.6.js
    c:\program files\iWin Games\gamepage\styles\base.css
    c:\program files\iWin Games\gamepage\styles\disconnected-upsell.css
    c:\program files\iWin Games\gamepage\styles\shoppingcart.css
    c:\program files\iWin Games\gamepage\success.html
    c:\program files\iWin Games\host.cfg
    c:\program files\iWin Games\iWinGames.exe
    c:\program files\iWin Games\iWinInfo.dll
    c:\program files\iWin Games\iWinTrusted.exe
    c:\program files\iWin Games\pages\alert32x32.gif
    c:\program files\iWin Games\pages\arcadeCheck.js
    c:\program files\iWin Games\pages\blank.html
    c:\program files\iWin Games\pages\blank2.html
    c:\program files\iWin Games\pages\error.html
    c:\program files\iWin Games\pages\error404.css
    c:\program files\iWin Games\pages\iwin_logo.gif
    c:\program files\iWin Games\pages\login.html
    c:\program files\iWin Games\pages\maintenance.html
    c:\program files\iWin Games\pages\offline.css
    c:\program files\iWin Games\pages\offline.html
    c:\program files\iWin Games\pages\offline.jpg
    c:\program files\iWin Games\pages\offline_tag.gif
    c:\program files\iWin Games\pages\offlineBg.gif
    c:\program files\iWin Games\pages\orange-im-connected-60.gif
    c:\program files\iWin Games\pages\terrie404.gif
    c:\program files\iWin Games\pages\test.html
    c:\program files\iWin Games\sounds\animation.wav
    c:\program files\iWin Games\sounds\animationBack.wav
    c:\program files\iWin Games\sounds\button_click.wav
    c:\program files\iWin Games\sounds\coins.wav
    c:\program files\iWin Games\sounds\download_completed.wav
    c:\program files\iWin Games\sounds\slidebackin.wav
    c:\program files\iWin Games\sounds\slideout.wav
    c:\program files\iWin Games\sounds\start.wav
    c:\program files\iWin Games\Uninstall.exe
    c:\program files\iWin Games\WebInstaller.exe
    c:\program files\iWin Games\WebUpdater.bmp
    c:\program files\iWin Games\WebUpdater.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Service_efeia
    -------\Service_iWinTrusted

    ((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
    .
    2010-12-27 15:54 . 2010-12-27 16:03 -------- d-----w- c:\users\Jenise\AppData\Local\temp
    2010-12-27 15:54 . 2010-12-27 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-20 02:50 . 2010-12-20 19:41 -------- d-----w- c:\users\Public\_copied files
    2010-12-19 04:39 . 2010-12-19 04:39 388096 ----a-r- c:\users\Jenise\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-19 04:39 . 2010-12-19 04:39 -------- d-----w- c:\program files\Trend Micro
    2010-12-19 01:47 . 2010-12-19 01:47 -------- d-----w- C:\DRIVERS
    2010-12-19 01:47 . 2009-08-07 10:17 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
    2010-12-18 22:41 . 2010-12-18 22:41 -------- d-----w- c:\users\Jenise\AppData\Local\Mozilla
    2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\users\Jenise\AppData\Roaming\Malwarebytes
    2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-16 17:59 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-16 17:59 . 2010-12-16 17:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-16 17:59 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-15 19:26 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2010-12-15 19:26 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
    2010-12-15 19:26 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-15 19:26 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-12-15 19:26 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-15 19:26 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-15 19:26 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-15 19:26 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-15 19:26 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-14 06:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2528291C-C288-41DC-BFFC-8A6265B970FF}\mpengine.dll
    2010-11-28 13:35 . 2010-11-28 13:35 -------- d-----w- c:\program files\Conduit
    2010-11-28 13:35 . 2010-11-28 13:36 -------- d-----w- c:\program files\TVersitybar
    2010-11-28 13:31 . 2010-11-28 13:31 -------- d-----w- c:\programdata\TVersity
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 15:41 . 2009-10-03 05:33 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]
    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\TVersitybar\tbTVe0.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]
    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\tbTVe0.dll" [2010-10-18 3908192]
    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 68856]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-09 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 175128]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-09 153624]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
    backup=c:\windows\pss\BigFix.lnk.CommonStartup
    backupExtension=.CommonStartup
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup
    backupExtension=.CommonStartup
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    backup=c:\windows\pss\Desktop Manager.lnk.Startup
    backupExtension=.Startup
    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^easy gadget.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\easy gadget.lnk
    backup=c:\windows\pss\easy gadget.lnk.Startup
    backupExtension=.Startup
    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.4.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
    backup=c:\windows\pss\eFax 4.4.lnk.Startup
    backupExtension=.Startup
    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fotki Desktop.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fotki Desktop.lnk
    backup=c:\windows\pss\Fotki Desktop.lnk.Startup
    backupExtension=.Startup
    [HKLM\~\startupfolder\C:^Users^Jenise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Jenise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-03-01 23:53 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    2009-03-17 07:17 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2008-09-10 02:58 638976 ----a-w- c:\program files\Camera Assistant Software for Gateway\traybar.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
    2008-10-07 20:25 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
    2007-09-25 09:29 2007088 ----a-w- c:\flashget\flashget.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-12-07 18:33 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
    2009-03-01 10:59 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-10-29 00:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    2010-04-14 22:55 4922552 ----a-w- c:\program files\Pando Networks\Pando\pando.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
    2010-09-04 00:04 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2009-07-08 17:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmAudio]
    2008-08-05 03:22 2701880 ------w- c:\program files\CONEXANT\SmartAudio\SmAudio.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-05 04:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1ca8a2e9ce572e0;Google Update Service (gupdate1ca8a2e9ce572e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 133104]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-07 30192]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-27 64160]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-28 717296]
    S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-18 102448]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-05-13 51288]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    rsmsvcs REG_MULTI_SZ ntmssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    2010-12-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:53]
    2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:33]
    2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 15:33]
    2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{2BDACF90-D9BF-4D36-A6A6-559313B732D3}.job
    - c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0109&m=m-7347u
    uInternet Settings,ProxyOverride = <local>
    IE: &Download All with FlashGet - c:\flashget\jc_all.htm
    IE: &Download with FlashGet - c:\flashget\jc_link.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: webkinz.com\www
    .
    - - - - ORPHANS REMOVED - - - -
    AddRemove-iWinArcade - c:\program files\iWin Games\Uninstall.exe

    **************************************************************************
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files:
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\Smith Micro\StuffIt\ArcNameService.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\programdata\TVersity\Media Server\MediaServer.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\windows\ehome\mcupdate.EXE
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-27 11:10:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-27 16:10
    ComboFix2.txt 2010-12-27 15:11
    ComboFix3.txt 2010-12-19 02:57
    Pre-Run: 20,246,794,240 bytes free
    Post-Run: 20,085,329,920 bytes free
    - - End Of File - - E767AA782F189CC0480114632F731BDE
     
  14. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 5403
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999
    12/27/2010 4:22:51 PM
    mbam-log-2010-12-27 (16-22-51).txt
    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 401796
    Time elapsed: 2 hour(s), 25 minute(s), 23 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
     
  15. DaMasterMoose

    DaMasterMoose Thread Starter

    Joined:
    Dec 18, 2010
    Messages:
    15
    I ran the eset and it found nothing and there was no threats found to click on. I did not see anything to generate a log to submit.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Browser redirects
  1. bj nick
    Replies:
    0
    Views:
    669
  2. Brigham
    Replies:
    1
    Views:
    587
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969726

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice