Solved I need help with removing malware

Status
Not open for further replies.
I did all that, but it just doesn't want to do anything. I will re-read etc and try again later. I have been working on this for several hours and I need a break. I will re-read etc. I get it, the disc just doesn't want to do anything, no prompts etc.

-j
 
Check, if your BIOS is set to boot from CD (explaining link is located in my instructions).
Try to boot another working computer from the same CD to see, if the CD you made is good.
 
Hello

I am trying to boot from the external CD burner because the internal CD burner is like burned out. I as pretty new at this sort of thing with cleaning my computer. I am just an average computer user. I have never booted anything before and especially from the external burner.

-julie
 
That will only work, if your BIOS supports booting from an external USB CD drive.

Let's try something else....

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 3 for Windows Vista, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then, reboot, run MBRCheck again and post new log.
 
It says that the MBR code is unknown.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 166):
0x81E02000 \SystemRoot\system32\ntkrnlpa.exe
0x821BB000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\PSHED.dll
0x80423000 \SystemRoot\system32\BOOTVID.dll
0x8042B000 \SystemRoot\system32\CLFS.SYS
0x8046C000 \SystemRoot\system32\CI.dll
0x8054C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80605000 \SystemRoot\system32\drivers\acpi.sys
0x8064B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80654000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065C000 \SystemRoot\system32\drivers\pci.sys
0x80683000 \SystemRoot\System32\drivers\partmgr.sys
0x80692000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80695000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069F000 \SystemRoot\system32\drivers\volmgr.sys
0x806AE000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F8000 \SystemRoot\system32\drivers\pciide.sys
0x806FF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071D000 \SystemRoot\system32\drivers\atapi.sys
0x80725000 \SystemRoot\system32\drivers\ataport.SYS
0x80743000 \SystemRoot\system32\drivers\fltmgr.sys
0x80775000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMDS.SYS
0x807CB000 \SystemRoot\system32\drivers\fileinfo.sys
0x87800000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMEFA.SYS
0x8782D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8789E000 \SystemRoot\system32\drivers\ndis.sys
0x879A9000 \SystemRoot\system32\drivers\msrpc.sys
0x87A04000 \SystemRoot\system32\drivers\NETIO.SYS
0x87A3F000 \SystemRoot\System32\drivers\tcpip.sys
0x87B29000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87C08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87D18000 \SystemRoot\system32\drivers\wd.sys
0x87D20000 \SystemRoot\system32\drivers\volsnap.sys
0x87D59000 \SystemRoot\System32\Drivers\spldr.sys
0x87D61000 \SystemRoot\System32\Drivers\mup.sys
0x87D70000 \SystemRoot\System32\drivers\ecache.sys
0x87D97000 \SystemRoot\system32\drivers\disk.sys
0x87DA8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87DC9000 \SystemRoot\system32\drivers\crcdisk.sys
0x87DF2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87B44000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87B4D000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87C00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87C04000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x87B5D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87B6D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87B74000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87DFD000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x87B7D000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87B87000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87BC5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87BD4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87BEC000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8C407000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C494000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C4A4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C4B2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C4CC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8C4DB000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C4EF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C609000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C70A000 \SystemRoot\system32\DRIVERS\athr.sys
0x8C801000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CF43000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CFE4000 \SystemRoot\System32\drivers\watchdog.sys
0x8C7C3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CFF0000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8CFF5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C540000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C7D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C7D8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C56E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C59D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C7E3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C5DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C7EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x879D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807DB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807EA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805D5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x805EA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C7F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D20C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D236000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D240000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D24D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D256000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D28B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D29C000 \SystemRoot\system32\drivers\CHDART.sys
0x8D2CC000 \SystemRoot\system32\drivers\portcls.sys
0x8D2F9000 \SystemRoot\system32\drivers\drmk.sys
0x8D31E000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D80E000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D911000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D9C6000 \SystemRoot\system32\drivers\modem.sys
0x8D9D3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D9E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D35C000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D37D000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
0x8D3D4000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
0x8D800000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
0x8EF4F000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8EF88000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EF91000 \SystemRoot\System32\Drivers\Null.SYS
0x8EF98000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EF9F000 \SystemRoot\System32\drivers\vga.sys
0x8EFAB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EFCC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EFD4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EFDC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EFE7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EFF5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91408000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9141E000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
0x91477000 \SystemRoot\system32\DRIVERS\smb.sys
0x9148B000 \SystemRoot\system32\drivers\afd.sys
0x914D3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91505000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9151B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91529000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9153C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91578000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93007000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x93065000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x93082000 \SystemRoot\System32\Drivers\dfsc.sys
0x93099000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
0x93118000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
0x931C4000 \SystemRoot\System32\Drivers\fastfat.SYS
0x915DD000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x931EC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x915F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91400000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA04C0000 \SystemRoot\System32\win32k.sys
0x8D3F3000 \SystemRoot\System32\drivers\Dxapi.sys
0x87DD2000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA06E0000 \SystemRoot\System32\TSDDD.dll
0xA0700000 \SystemRoot\System32\cdd.dll
0xA480E000 \SystemRoot\system32\drivers\luafv.sys
0xA4831000 \SystemRoot\system32\drivers\spsys.sys
0xA48E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA48F1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA491B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA4925000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA4938000 \SystemRoot\system32\drivers\HTTP.sys
0xA49A5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA49C2000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA49DB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA700B000 \SystemRoot\system32\drivers\mrxdav.sys
0xA702C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA704B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA7084000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA709C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA70C4000 \SystemRoot\System32\DRIVERS\srv.sys
0xA712A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9A07000 \SystemRoot\system32\drivers\peauth.sys
0xA9AE5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA9AEF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA9AFB000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA9B19000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x8EE00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110117.024\NAVEX15.SYS
0xA9B22000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110117.024\NAVENG.SYS
0xA9B36000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110117.001\IDSvix86.sys
0x77030000 \Windows\System32\ntdll.dll

Processes (total 98):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
588 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
684 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\winlogon.exe
900 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\nvvsvc.exe
972 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\audiodg.exe
1200 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\SLsvc.exe
1264 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\spoolsv.exe
1592 C:\Windows\System32\svchost.exe
1764 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1800 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1812 C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
1828 C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
1880 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2012 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
204 C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
500 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
908 C:\Windows\System32\svchost.exe
1076 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2252 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2292 C:\Windows\System32\svchost.exe
2360 C:\PROGRA~1\Webfetti\bar\1.bin\7dbarsvc.exe
2376 C:\Windows\System32\svchost.exe
2412 C:\Windows\System32\SearchIndexer.exe
2444 C:\Windows\System32\drivers\XAudio.exe
2460 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2736 WmiPrvSE.exe
2820 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2868 C:\Windows\System32\taskeng.exe
3084 C:\Windows\System32\rundll32.exe
3456 C:\Windows\System32\dwm.exe
3512 C:\Windows\explorer.exe
3528 C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
3540 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
3552 C:\Windows\System32\taskeng.exe
3880 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
3896 C:\Program Files\HP\QuickPlay\QPService.exe
3904 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3984 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4044 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4072 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2156 C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
2324 C:\Windows\System32\rundll32.exe
2388 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2484 C:\Program Files\iTunes\iTunesHelper.exe
2408 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
896 WmiPrvSE.exe
3000 C:\Program Files\Windows Sidebar\sidebar.exe
3120 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3172 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
2084 C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe
3328 C:\Windows\ehome\ehtray.exe
3224 C:\Windows\ehome\ehmsas.exe
3144 C:\Program Files\Skype\Phone\Skype.exe
3104 C:\Program Files\Windows Media Player\wmpnscfg.exe
2704 C:\Program Files\USB TV\EM28XX\BDARemote.exe
4004 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
3688 C:\Windows\System32\wbem\unsecapp.exe
3660 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3412 C:\Program Files\OpenOffice.org 3\program\soffice.exe
124 C:\Program Files\OpenOffice.org 3\program\soffice.bin
1620 unsecapp.exe
4136 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
4280 C:\Program Files\Windows Media Player\wmpnetwk.exe
4304 dllhost.exe
4344 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
4784 C:\Program Files\Windows Sidebar\sidebar.exe
5216 C:\Program Files\iPod\bin\iPodService.exe
5292 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5616 C:\Program Files\Skype\Plugin Manager\skypePM.exe
5364 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1900 C:\Windows\System32\svchost.exe
868 C:\Program Files\Windows Media Player\wmplayer.exe
4364 C:\Program Files\Mozilla Firefox\firefox.exe
3384 C:\Program Files\Mozilla Firefox\plugin-container.exe
5176 C:\Program Files\Windows Mail\WinMail.exe
7644 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4732 C:\Windows\System32\mfpmp.exe
6352 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
6296 C:\Windows\System32\SearchProtocolHost.exe
6860 C:\Windows\System32\SearchFilterHost.exe
7376 C:\Program Files\WinRAR\WinRAR.exe
5092 C:\Users\Owner\Music\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`3d335800 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC32P
PhysicalDrive1 Model Number: WD2500JB External, Rev: 0108

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 2109F29445E77C0BCB56987F39830EB288D04575


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Well, that didn't work, so we're back to trying the CD, you created earlier.

See, if your BIOS supports booting from an external USB source.
 
Go back to my reply #16 and read this part:
Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
 
This is way complicated. I don't know what I am doing. I don't know all these terms. I thought this would be an easier process to find out if there is a virus or not?
 
I was going to try to make a new disc with my external drive but I don't see the option to change drives. My internal one on my laptop is burnt out.
 
I suggest, you find a friend, who knows little bit more about computers and will be able to help you out with following my instructions.
I can do only so much over the internet.
 
bootable CD worked

The bootable CD worked. I got it to work after after hitting esc key. I did the steps that you suggested in your previous instructions.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 167):
0x81E3E000 \SystemRoot\system32\ntkrnlpa.exe
0x81E0B000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80415000 \SystemRoot\system32\PSHED.dll
0x80426000 \SystemRoot\system32\BOOTVID.dll
0x8042E000 \SystemRoot\system32\CLFS.SYS
0x8046F000 \SystemRoot\system32\CI.dll
0x8054F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805CB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060B000 \SystemRoot\system32\drivers\acpi.sys
0x80651000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065A000 \SystemRoot\system32\drivers\msisadrv.sys
0x80662000 \SystemRoot\system32\drivers\pci.sys
0x80689000 \SystemRoot\System32\drivers\partmgr.sys
0x80698000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8069B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A5000 \SystemRoot\system32\drivers\volmgr.sys
0x806B4000 \SystemRoot\System32\drivers\volmgrx.sys
0x806FE000 \SystemRoot\system32\drivers\pciide.sys
0x80705000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80713000 \SystemRoot\System32\drivers\mountmgr.sys
0x80723000 \SystemRoot\system32\drivers\atapi.sys
0x8072B000 \SystemRoot\system32\drivers\ataport.SYS
0x80749000 \SystemRoot\system32\drivers\fltmgr.sys
0x8077B000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMDS.SYS
0x807D2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8780A000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
0x878AE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87A0F000 \SystemRoot\system32\drivers\ndis.sys
0x87B1A000 \SystemRoot\system32\drivers\msrpc.sys
0x87B45000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C08000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F12000 \SystemRoot\system32\drivers\wd.sys
0x87F1A000 \SystemRoot\system32\drivers\volsnap.sys
0x87F53000 \SystemRoot\System32\Drivers\spldr.sys
0x87F5B000 \SystemRoot\System32\Drivers\mup.sys
0x87F6A000 \SystemRoot\System32\drivers\ecache.sys
0x87F91000 \SystemRoot\system32\drivers\disk.sys
0x87FA2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FC3000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FEC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87FF7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87D0D000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87D1D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87E00000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x87D21000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87D31000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87D38000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87D41000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x87D44000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87D4E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87D8C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87D9B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87DB3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8791F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x87DB9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x87DC9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x87DD7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x87DF1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x87B80000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x87B94000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8D002000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8D103000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D203000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D945000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D9E6000 \SystemRoot\System32\drivers\watchdog.sys
0x8D1BC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D9F2000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8D1CF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x879AC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D9F7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D1DA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D9F9000 \SystemRoot\system32\DRIVERS\rcmirror.sys
0x879DA000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x8DE05000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DE34000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DE75000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DE80000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DE97000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8DEA2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DEC5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8DED4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8DEE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DEFD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DF0D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8DF0F000 \SystemRoot\system32\DRIVERS\ks.sys
0x8DF39000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DF43000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8DF50000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8DF59000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8DF8E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DF9F000 \SystemRoot\system32\drivers\CHDART.sys
0x8DFCF000 \SystemRoot\system32\drivers\portcls.sys
0x805D8000 \SystemRoot\system32\drivers\drmk.sys
0x8F604000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F642000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F745000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D1E5000 \SystemRoot\system32\drivers\modem.sys
0x87BE5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x807E2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91A08000 \SystemRoot\System32\Drivers\usbvideo.sys
0x91A29000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91A32000 \SystemRoot\System32\Drivers\Null.SYS
0x91A39000 \SystemRoot\System32\Drivers\Beep.SYS
0x91A40000 \SystemRoot\System32\drivers\vga.sys
0x91A4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91A54000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91A5C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91A67000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91A75000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91A7E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91A94000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS
0x91AEC000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x91B12000 \SystemRoot\system32\DRIVERS\smb.sys
0x91B26000 \SystemRoot\system32\drivers\afd.sys
0x91B6E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91BA0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91BB6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91BC4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91BD7000 \SystemRoot\system32\drivers\NIS\1205000.07D\Ironx86.SYS
0x8D1F2000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
0x92202000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x92224000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9222A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92266000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92270000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110117.001\IDSvix86.sys
0x922CB000 \SystemRoot\System32\Drivers\dfsc.sys
0x922E2000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx86.sys
0x9238E000 \SystemRoot\System32\Drivers\fastfat.SYS
0x923B6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x923CC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x923D9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x923E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9B8C0000 \SystemRoot\System32\win32k.sys
0x923EC000 \SystemRoot\System32\drivers\Dxapi.sys
0x87FCC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9BAE0000 \SystemRoot\System32\TSDDD.dll
0x9BB00000 \SystemRoot\System32\cdd.dll
0x9BB20000 \SystemRoot\System32\rcmirror.dll
0xA0207000 \SystemRoot\system32\drivers\luafv.sys
0xA022A000 \SystemRoot\system32\drivers\spsys.sys
0xA02DA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA02EA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA0314000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA031E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0331000 \SystemRoot\system32\drivers\HTTP.sys
0xA039E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA03BB000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA03D4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1C09000 \SystemRoot\system32\drivers\mrxdav.sys
0xA1C2A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1C49000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA1C82000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA1C9A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1CC2000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1D28000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA3A00000 \SystemRoot\system32\drivers\peauth.sys
0xA3ADE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3AE8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3AF4000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA3AFE000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSP.SYS
0xAD20B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110119.003\NAVEX15.SYS
0xAD356000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110119.003\NAVENG.SYS
0xAD36A000 \??\C:\Users\Owner\AppData\Local\Temp\mbr.sys
0x77910000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
528 csrss.exe
580 C:\Windows\System32\wininit.exe
588 csrss.exe
624 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\winlogon.exe
836 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\nvvsvc.exe
912 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\audiodg.exe
1144 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\SLsvc.exe
1212 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\spoolsv.exe
1544 C:\Windows\System32\svchost.exe
1704 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1728 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1756 C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
1780 C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
1824 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
1876 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1956 C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2012 C:\Windows\System32\svchost.exe
320 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
452 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\svchost.exe
508 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
200 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1976 C:\Windows\System32\svchost.exe
2076 C:\Windows\System32\svchost.exe
2108 C:\Windows\System32\SearchIndexer.exe
2172 C:\Windows\System32\drivers\XAudio.exe
2204 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2272 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2548 WmiPrvSE.exe
2620 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2696 C:\Windows\System32\taskeng.exe
2980 C:\Windows\System32\rundll32.exe
3364 C:\Windows\System32\dwm.exe
3388 C:\Windows\explorer.exe
3428 C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
3440 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
3488 C:\Windows\System32\taskeng.exe
3520 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
3452 unsecapp.exe
3776 dllhost.exe
2640 C:\Windows\System32\msiexec.exe
908 C:\Program Files\Windows Media Player\wmpnscfg.exe
2388 C:\Program Files\Windows Media Player\wmpnetwk.exe
2128 C:\Windows\System32\wbem\unsecapp.exe
3572 WmiPrvSE.exe
280 C:\Windows\System32\notepad.exe
3396 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2416 C:\Windows\System32\svchost.exe
3352 C:\Program Files\Windows Mail\WinMail.exe
2340 C:\Windows\servicing\TrustedInstaller.exe
4716 C:\Users\Owner\Music\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`3d335800 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC32P
PhysicalDrive1 Model Number: WD2500JB External, Rev: 0108

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 2109F29445E77C0BCB56987F39830EB288D04575


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 
It didn't work.
You sure, you followed all instructions from my post #16?
Try redoing it.
 
I will try it again and I used these directions.

* Place a blank CD in your CD drive.
* Double click on NTBR_CD.exe file and a folder of the same name will appear.
* Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
* Follow the prompts to burn the CD.

* Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
* If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

* Insert the newly created CD into your infected PC and reboot your computer.
* Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
* Read the warning and then continue as prompted.
* You first need to select your keyboard layout - press Enter for English.
* Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
* On the following screen enter 5 to select Install Standard MBR code.
* Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
* When asked to confirm please do so.
* Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
* Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 164):
0x81E16000 \SystemRoot\system32\ntkrnlpa.exe
0x821CF000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80407000 \SystemRoot\system32\PSHED.dll
0x80418000 \SystemRoot\system32\BOOTVID.dll
0x80420000 \SystemRoot\system32\CLFS.SYS
0x80461000 \SystemRoot\system32\CI.dll
0x80541000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060A000 \SystemRoot\system32\drivers\acpi.sys
0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80659000 \SystemRoot\system32\drivers\msisadrv.sys
0x80661000 \SystemRoot\system32\drivers\pci.sys
0x80688000 \SystemRoot\System32\drivers\partmgr.sys
0x80697000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8069A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A4000 \SystemRoot\system32\drivers\volmgr.sys
0x806B3000 \SystemRoot\System32\drivers\volmgrx.sys
0x806FD000 \SystemRoot\system32\drivers\pciide.sys
0x80704000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80712000 \SystemRoot\System32\drivers\mountmgr.sys
0x80722000 \SystemRoot\system32\drivers\atapi.sys
0x8072A000 \SystemRoot\system32\drivers\ataport.SYS
0x80748000 \SystemRoot\system32\drivers\fltmgr.sys
0x8077A000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMDS.SYS
0x807D1000 \SystemRoot\system32\drivers\fileinfo.sys
0x8780B000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
0x878AF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87A03000 \SystemRoot\system32\drivers\ndis.sys
0x87B0E000 \SystemRoot\system32\drivers\msrpc.sys
0x87B39000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C0A000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F1B000 \SystemRoot\system32\drivers\wd.sys
0x87F23000 \SystemRoot\system32\drivers\volsnap.sys
0x87F5C000 \SystemRoot\System32\Drivers\spldr.sys
0x87F64000 \SystemRoot\System32\Drivers\mup.sys
0x87F73000 \SystemRoot\System32\drivers\ecache.sys
0x87F9A000 \SystemRoot\system32\drivers\disk.sys
0x87FAB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FCC000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FF5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87D0F000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87D1F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87E09000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x87D23000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87D33000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87D3A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87D43000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x87D46000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87D50000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87D8E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87D9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87DB5000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x87920000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x87DBB000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x87DCB000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x87DD9000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x87B74000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x87B83000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x87B97000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8D001000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8D102000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D202000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D944000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D9E5000 \SystemRoot\System32\drivers\watchdog.sys
0x8D1BB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D9F1000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8D1CE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x879AD000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D9F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D1D9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D9F8000 \SystemRoot\system32\DRIVERS\rcmirror.sys
0x879DB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x805CA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EA0F000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EA50000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EA5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EA72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EA7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EAA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EAAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EAC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EAD8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EAE8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EAEA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EB14000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EB1E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EB2B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EB34000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EB69000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EB7A000 \SystemRoot\system32\drivers\CHDART.sys
0x8EBAA000 \SystemRoot\system32\drivers\portcls.sys
0x8EBD7000 \SystemRoot\system32\drivers\drmk.sys
0x8EA00000 \SystemRoot\system32\drivers\modem.sys
0x8D1E4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91E00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x91E21000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91E2A000 \SystemRoot\System32\Drivers\Null.SYS
0x91E31000 \SystemRoot\System32\Drivers\Beep.SYS
0x91E38000 \SystemRoot\System32\drivers\vga.sys
0x91E44000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91E4C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91E54000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91E5F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91E6D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91E76000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91E8C000 \SystemRoot\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS
0x91EE4000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x91F0A000 \SystemRoot\system32\DRIVERS\smb.sys
0x91F1E000 \SystemRoot\system32\drivers\afd.sys
0x91F66000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91F98000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91FAE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91FBC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91FCF000 \SystemRoot\system32\drivers\NIS\1205000.07D\Ironx86.SYS
0x91FF3000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
0x92609000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x9262B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x92631000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9266D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92677000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110118.001\IDSvix86.sys
0x926D2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x92730000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9274D000 \SystemRoot\System32\Drivers\dfsc.sys
0x92C0B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx86.sys
0x92CB7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92CC4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x92CCF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9BC10000 \SystemRoot\System32\win32k.sys
0x92CD7000 \SystemRoot\System32\drivers\Dxapi.sys
0x92CE1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9BE30000 \SystemRoot\System32\TSDDD.dll
0x9BE50000 \SystemRoot\System32\cdd.dll
0x9BE70000 \SystemRoot\System32\rcmirror.dll
0x92CF0000 \SystemRoot\system32\drivers\luafv.sys
0x92D13000 \SystemRoot\system32\drivers\spsys.sys
0x92DC3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x92DD3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x92C00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x92764000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x92777000 \SystemRoot\system32\drivers\HTTP.sys
0x87FD5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x927E4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x87BE8000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1609000 \SystemRoot\system32\drivers\mrxdav.sys
0xA162A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1649000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA1682000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA169A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA16C2000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1728000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA3005000 \SystemRoot\system32\drivers\peauth.sys
0xA30E3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA30ED000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA30F9000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA3103000 \SystemRoot\system32\drivers\NIS\1205000.07D\SRTSP.SYS
0xAF008000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110120.002\NAVEX15.SYS
0xAF153000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110120.002\NAVENG.SYS
0xAF169000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAF17F000 \??\C:\Users\Owner\AppData\Local\Temp\mbr.sys
0x76F50000 \Windows\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
568 csrss.exe
620 C:\Windows\System32\wininit.exe
632 csrss.exe
664 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\winlogon.exe
884 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\nvvsvc.exe
960 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\SLsvc.exe
1268 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\spoolsv.exe
1604 C:\Windows\System32\svchost.exe
1780 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1836 C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
1860 C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
1912 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
1936 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1964 C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
328 C:\Windows\System32\svchost.exe
380 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
892 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1328 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2244 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2280 C:\Windows\System32\svchost.exe
2332 C:\Windows\System32\svchost.exe
2364 C:\Windows\System32\SearchIndexer.exe
2536 WmiPrvSE.exe
2660 C:\Windows\System32\rundll32.exe
2988 C:\Windows\System32\dwm.exe
3012 C:\Windows\explorer.exe
3024 C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
3036 C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
3044 C:\Windows\System32\taskeng.exe
3240 C:\Windows\System32\taskeng.exe
3320 C:\Program Files\Windows Media Player\wmpnscfg.exe
3388 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
3912 C:\Windows\System32\drivers\XAudio.exe
3928 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3964 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
4052 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
1308 unsecapp.exe
828 C:\Program Files\Windows Media Player\wmpnetwk.exe
2632 dllhost.exe
1280 <unknown>
3580 <unknown>
2940 C:\Windows\System32\wbem\unsecapp.exe
3908 WmiPrvSE.exe
1440 C:\Windows\System32\wbem\WMIADAP.exe
484 C:\Users\Owner\Music\Downloads\MBRCheck.exe
3616 C:\Program Files\Google\Update\GoogleUpdate.exe
2920 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
1876 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1508 C:\Windows\System32\svchost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`3d335800 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC32P

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
 
Good job :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 1/21/2011 9:33:06 AM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Owner\Music\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.96 Gb Total Space | 38.85 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.85 Gb Free Space | 15.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/21 09:29:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Music\Downloads\OTL.exe
PRC - [2010/12/12 12:43:36 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/12 12:43:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/02 14:45:18 | 000,218,432 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/12/02 14:45:06 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe
PRC - [2010/10/15 21:11:35 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/06/04 16:41:22 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/08/02 18:45:58 | 000,262,239 | ---- | M] () -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2007/08/02 18:45:24 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/21 09:29:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Music\Downloads\OTL.exe
MOD - [2010/12/04 01:58:45 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/12/20 20:30:19 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2009/12/20 20:30:18 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/12/02 14:45:18 | 000,218,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/11/23 21:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 06:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/06/04 16:41:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/02 18:46:02 | 000,110,685 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/08/02 18:45:58 | 000,262,239 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/08/02 18:45:24 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/01/19 19:20:03 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110120.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/19 19:20:02 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/19 19:20:02 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/19 19:20:02 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110120.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/01/19 18:27:04 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/01 00:23:59 | 000,330,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/22 23:21:16 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110114.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/22 23:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 23:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 21:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 20:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/10 20:46:29 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110118.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/20 21:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010/09/29 18:12:46 | 000,020,224 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/18 16:39:06 | 000,003,200 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/11/01 08:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 08:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/15 03:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/05/16 13:24:14 | 000,039,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/05/16 13:24:12 | 000,459,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/18 21:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/04/10 00:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt25usbap.sys -- (RT25USBAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.5\MeepBar.dll ()
IE - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/juliejohnson76"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.9
FF - prefs.js..extensions.enabledItems: VideoBar@meep.com:2.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={7E2CCDE7-C6BB-B459-817C-B36E16C3928D}&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/21 17:10:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/19 18:27:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/19 18:25:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 12:43:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 21:01:04 | 000,000,000 | ---D | M]

[2008/08/28 09:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/01/20 16:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\obmnv1l1.default\extensions
[2010/07/30 18:20:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\obmnv1l1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/12 12:43:22 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\obmnv1l1.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/03/22 18:59:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\obmnv1l1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/10 12:21:12 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\obmnv1l1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/06/14 19:18:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\obmnv1l1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/08/12 08:57:05 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\obmnv1l1.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2008/04/22 14:07:36 | 000,001,901 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\obmnv1l1.default\searchplugins\aimsearch.xml
[2010/08/10 23:56:41 | 000,000,873 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\obmnv1l1.default\searchplugins\conduit.xml
[2009/12/05 12:52:43 | 000,005,413 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\obmnv1l1.default\searchplugins\fast-browser-search.xml
[2010/06/14 19:09:52 | 000,007,694 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\obmnv1l1.default\searchplugins\jixey.xml
[2009/12/01 13:50:20 | 000,002,160 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\obmnv1l1.default\searchplugins\MySpace.xml
[2011/01/19 19:48:41 | 000,002,470 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\obmnv1l1.default\searchplugins\safesearch.xml
[2011/01/19 19:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/30 18:18:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/13 22:13:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/19 12:03:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2008/08/28 09:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2010/06/14 19:06:37 | 000,000,000 | ---D | M] (Meep Media Downloader) -- C:\PROGRAM FILES\MEEP\FF
[2011/01/19 18:25:08 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/19 18:27:39 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/09/28 03:45:46 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13128.dll
[2008/04/22 14:03:49 | 000,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2010/09/27 19:11:05 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2010/09/27 19:11:05 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/01/15 17:03:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Meep Media Downloader) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - C:\Program Files\Meep\2.2.5\MeepBar.dll ()
O3 - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3874304796-3247481335-781613817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 216.227.58.10 137.118.1.32
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/05 23:36:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ATI\CATALY~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - 3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/20 18:26:27 | 000,000,000 | ---D | C] -- C:\Windows\LastGood.Tmp
[2011/01/19 18:54:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Simply Super Software
[2011/01/19 18:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011/01/19 18:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011/01/19 18:53:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Simply Super Software
[2011/01/19 18:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/01/19 18:51:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/19 18:48:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/01/19 18:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/01/19 18:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/01/19 18:27:04 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/01/19 18:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/01/19 18:24:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/01/19 18:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/01/19 18:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/01/19 14:44:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/19 14:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/19 14:33:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/19 14:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/19 14:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/19 14:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/16 10:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/16 10:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/16 10:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/15 18:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011/01/15 18:05:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\NTBR_CD
[2011/01/15 18:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/15 18:00:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/15 17:03:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/01/15 16:18:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/15 16:18:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/15 16:18:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/15 16:17:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/15 16:17:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/01/15 16:17:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/15 16:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/28 11:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2010/12/28 11:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/12/28 11:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/12/27 13:41:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Depeche Mode Live 1
[2010/12/27 13:36:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\skypePM
[2010/12/27 13:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010/12/27 13:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/27 13:32:43 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/12/27 13:32:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Skype
[2010/12/27 13:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/21 09:17:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 09:17:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 09:17:08 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/01/21 09:17:08 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/01/21 09:17:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/21 09:16:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/20 22:29:18 | 000,025,600 | ---- | M] () -- C:\Users\Owner\Documents\Heimataerde review.doc
[2011/01/20 22:16:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/20 18:44:23 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/20 18:44:23 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/20 18:42:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/01/20 18:36:43 | 2079,158,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/20 18:26:28 | 002,266,518 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/01/20 18:23:07 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/01/20 18:16:44 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2011/01/20 16:39:03 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8DF000D1-4FBC-4E14-B90C-10E0A8AF5788}.job
[2011/01/20 07:03:36 | 000,020,256 | ---- | M] () -- C:\Users\Owner\Desktop\thegrave.jpg
[2011/01/19 18:54:06 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/01/19 18:48:47 | 000,339,257 | ---- | M] () -- C:\Users\Owner\Desktop\CleanUp452.exe
[2011/01/19 18:27:04 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/01/19 18:27:04 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/01/19 18:27:04 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/01/19 18:26:53 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/01/19 18:16:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\file.ext
[2011/01/19 18:13:58 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/01/19 14:44:53 | 000,001,630 | ---- | M] () -- C:\Users\Owner\Desktop\CCleaner.lnk
[2011/01/19 14:33:08 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/18 20:46:01 | 000,028,160 | ---- | M] () -- C:\Users\Owner\Desktop\Long version covenant for grave concerns e zine.doc
[2011/01/18 19:55:23 | 000,027,648 | ---- | M] () -- C:\Users\Owner\Documents\Long version covenant for grave concerns e zine.doc
[2011/01/18 13:15:11 | 000,022,623 | ---- | M] () -- C:\Users\Owner\Documents\Stephen fearon's reviews.docx
[2011/01/18 12:57:02 | 000,011,794 | ---- | M] () -- C:\Users\Owner\Documents\Pretentious Moi.docx
[2011/01/17 09:36:06 | 000,001,940 | ---- | M] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/16 20:18:14 | 000,016,655 | ---- | M] () -- C:\Users\Owner\Documents\2011 Staff reminder.docx
[2011/01/16 18:56:02 | 000,011,842 | ---- | M] () -- C:\Users\Owner\Documents\CD List 2010.docx
[2011/01/16 10:27:41 | 000,001,039 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/16 10:27:41 | 000,001,015 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/01/15 17:03:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/12 20:56:40 | 000,011,992 | ---- | M] () -- C:\Users\Owner\Documents\Vertical Section.docx
[2011/01/10 18:49:35 | 000,091,462 | ---- | M] () -- C:\Users\Owner\lukeperry.jpg
[2011/01/03 17:58:52 | 000,000,593 | ---- | M] () -- C:\Users\Owner\Desktop\Chris' Notes - Shortcut.lnk
[2011/01/02 18:58:20 | 000,043,485 | ---- | M] () -- C:\Users\Owner\julieburn.jpg
[2011/01/02 18:56:08 | 000,148,224 | ---- | M] () -- C:\Users\Owner\juliegasmask.jpg
[2011/01/02 13:36:11 | 000,000,932 | ---- | M] () -- C:\Users\Owner\Desktop\CD Review instructions - Shortcut (2).lnk
[2010/12/31 13:28:33 | 000,045,478 | ---- | M] () -- C:\Users\Owner\julienightbillboard.jpg
[2010/12/30 20:43:12 | 000,136,514 | ---- | M] () -- C:\Users\Owner\jimmywanted2.jpg
[2010/12/30 20:42:26 | 000,138,046 | ---- | M] () -- C:\Users\Owner\juliewanted.jpg
[2010/12/30 20:38:48 | 000,095,813 | ---- | M] () -- C:\Users\Owner\juliefence.jpg
[2010/12/30 20:38:13 | 000,097,721 | ---- | M] () -- C:\Users\Owner\jimmyfence.jpg
[2010/12/30 20:37:12 | 000,044,162 | ---- | M] () -- C:\Users\Owner\jimmybillboard.jpg
[2010/12/30 20:35:21 | 000,086,316 | ---- | M] () -- C:\Users\Owner\jimmyandjulie.jpg
[2010/12/30 20:34:26 | 000,041,791 | ---- | M] () -- C:\Users\Owner\jimmyscetch.jpg
[2010/12/30 20:32:45 | 000,134,542 | ---- | M] () -- C:\Users\Owner\jimmyiswanted.jpg
[2010/12/30 20:30:51 | 000,044,282 | ---- | M] () -- C:\Users\Owner\julieontv.jpg
[2010/12/30 20:30:05 | 000,045,784 | ---- | M] () -- C:\Users\Owner\jimmyontv.jpg
[2010/12/30 20:16:49 | 000,746,799 | ---- | M] () -- C:\Users\Owner\julierain.gif
[2010/12/30 20:13:10 | 000,072,458 | ---- | M] () -- C:\Users\Owner\julietwilight.jpg
[2010/12/30 20:12:16 | 000,078,321 | ---- | M] () -- C:\Users\Owner\julie2cats.jpg
[2010/12/30 20:07:01 | 000,103,388 | ---- | M] () -- C:\Users\Owner\julieproof.jpg
[2010/12/30 20:05:04 | 000,114,046 | ---- | M] () -- C:\Users\Owner\juliebuilding.jpg
[2010/12/30 20:03:45 | 000,108,192 | ---- | M] () -- C:\Users\Owner\julietat.jpg
[2010/12/30 20:02:14 | 000,260,326 | ---- | M] () -- C:\Users\Owner\julietv1.gif
[2010/12/30 20:01:33 | 000,113,024 | ---- | M] () -- C:\Users\Owner\julietv.jpg
[2010/12/30 20:00:38 | 000,063,376 | ---- | M] () -- C:\Users\Owner\juliegun.jpg
[2010/12/30 19:58:04 | 000,154,850 | ---- | M] () -- C:\Users\Owner\juliesand.jpg
[2010/12/30 19:56:59 | 000,062,732 | ---- | M] () -- C:\Users\Owner\juliemall.jpg
[2010/12/30 19:56:00 | 000,096,305 | ---- | M] () -- C:\Users\Owner\julietrain.jpg
[2010/12/30 19:54:15 | 000,069,729 | ---- | M] () -- C:\Users\Owner\juliesolider.jpg
[2010/12/28 19:15:38 | 000,088,450 | ---- | M] () -- C:\Users\Owner\debbieandherdad.jpg
[2010/12/28 19:15:08 | 000,094,448 | ---- | M] () -- C:\Users\Owner\tony.jpg
[2010/12/28 12:09:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2010/12/28 12:09:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2010/12/27 17:49:53 | 000,156,160 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 13:37:49 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/12/27 13:32:49 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/26 14:35:00 | 000,062,958 | ---- | M] () -- C:\Users\Owner\dm_xmas_2010_sd.jpg
[2010/12/26 14:34:53 | 000,015,209 | ---- | M] () -- C:\Users\Owner\depechemodegreetings.jpg
[2010/12/24 15:52:46 | 000,092,471 | ---- | M] () -- C:\Users\Owner\jimmyxmas3.jpg
[2010/12/24 15:52:22 | 000,146,140 | ---- | M] () -- C:\Users\Owner\jimmyfirstxmas2.jpg
[2010/12/24 15:51:42 | 000,104,026 | ---- | M] () -- C:\Users\Owner\jimmyfirstxmas.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 19:30:44 | 000,025,600 | ---- | C] () -- C:\Users\Owner\Documents\Heimataerde review.doc
[2011/01/20 18:20:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/20 17:34:24 | 2079,158,272 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/20 07:03:35 | 000,020,256 | ---- | C] () -- C:\Users\Owner\Desktop\thegrave.jpg
[2011/01/19 18:54:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/01/19 18:54:00 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011/01/19 18:54:00 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011/01/19 18:54:00 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011/01/19 18:54:00 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011/01/19 18:48:37 | 000,339,257 | ---- | C] () -- C:\Users\Owner\Desktop\CleanUp452.exe
[2011/01/19 18:27:04 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/01/19 18:27:04 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/01/19 18:26:53 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/01/19 14:44:53 | 000,001,630 | ---- | C] () -- C:\Users\Owner\Desktop\CCleaner.lnk
[2011/01/19 14:33:08 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/19 14:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\file.ext
[2011/01/18 19:55:38 | 000,028,160 | ---- | C] () -- C:\Users\Owner\Desktop\Long version covenant for grave concerns e zine.doc
[2011/01/18 19:55:21 | 000,027,648 | ---- | C] () -- C:\Users\Owner\Documents\Long version covenant for grave concerns e zine.doc
[2011/01/18 13:15:09 | 000,022,623 | ---- | C] () -- C:\Users\Owner\Documents\Stephen fearon's reviews.docx
[2011/01/18 12:57:00 | 000,011,794 | ---- | C] () -- C:\Users\Owner\Documents\Pretentious Moi.docx
[2011/01/16 18:37:55 | 000,016,655 | ---- | C] () -- C:\Users\Owner\Documents\2011 Staff reminder.docx
[2011/01/16 10:27:41 | 000,001,039 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/16 10:27:41 | 000,001,015 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/01/15 16:18:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/15 16:18:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/15 16:18:55 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/15 16:18:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/15 16:18:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/12 18:50:00 | 000,011,992 | ---- | C] () -- C:\Users\Owner\Documents\Vertical Section.docx
[2011/01/10 18:49:25 | 000,091,462 | ---- | C] () -- C:\Users\Owner\lukeperry.jpg
[2011/01/04 17:59:26 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/03 17:58:51 | 000,000,593 | ---- | C] () -- C:\Users\Owner\Desktop\Chris' Notes - Shortcut.lnk
[2011/01/02 18:58:19 | 000,043,485 | ---- | C] () -- C:\Users\Owner\julieburn.jpg
[2011/01/02 18:55:59 | 000,148,224 | ---- | C] () -- C:\Users\Owner\juliegasmask.jpg
[2011/01/02 13:36:11 | 000,000,932 | ---- | C] () -- C:\Users\Owner\Desktop\CD Review instructions - Shortcut (2).lnk
[2010/12/31 13:28:25 | 000,045,478 | ---- | C] () -- C:\Users\Owner\julienightbillboard.jpg
[2010/12/30 20:43:12 | 000,136,514 | ---- | C] () -- C:\Users\Owner\jimmywanted2.jpg
[2010/12/30 20:42:25 | 000,138,046 | ---- | C] () -- C:\Users\Owner\juliewanted.jpg
[2010/12/30 20:38:47 | 000,095,813 | ---- | C] () -- C:\Users\Owner\juliefence.jpg
[2010/12/30 20:38:13 | 000,097,721 | ---- | C] () -- C:\Users\Owner\jimmyfence.jpg
[2010/12/30 20:37:12 | 000,044,162 | ---- | C] () -- C:\Users\Owner\jimmybillboard.jpg
[2010/12/30 20:35:21 | 000,086,316 | ---- | C] () -- C:\Users\Owner\jimmyandjulie.jpg
[2010/12/30 20:34:25 | 000,041,791 | ---- | C] () -- C:\Users\Owner\jimmyscetch.jpg
[2010/12/30 20:32:45 | 000,134,542 | ---- | C] () -- C:\Users\Owner\jimmyiswanted.jpg
[2010/12/30 20:30:50 | 000,044,282 | ---- | C] () -- C:\Users\Owner\julieontv.jpg
[2010/12/30 20:30:04 | 000,045,784 | ---- | C] () -- C:\Users\Owner\jimmyontv.jpg
[2010/12/30 20:16:48 | 000,746,799 | ---- | C] () -- C:\Users\Owner\julierain.gif
[2010/12/30 20:13:09 | 000,072,458 | ---- | C] () -- C:\Users\Owner\julietwilight.jpg
[2010/12/30 20:12:15 | 000,078,321 | ---- | C] () -- C:\Users\Owner\julie2cats.jpg
[2010/12/30 20:07:01 | 000,103,388 | ---- | C] () -- C:\Users\Owner\julieproof.jpg
[2010/12/30 20:05:03 | 000,114,046 | ---- | C] () -- C:\Users\Owner\juliebuilding.jpg
[2010/12/30 20:03:43 | 000,108,192 | ---- | C] () -- C:\Users\Owner\julietat.jpg
[2010/12/30 20:02:13 | 000,260,326 | ---- | C] () -- C:\Users\Owner\julietv1.gif
[2010/12/30 20:01:27 | 000,113,024 | ---- | C] () -- C:\Users\Owner\julietv.jpg
[2010/12/30 20:00:38 | 000,063,376 | ---- | C] () -- C:\Users\Owner\juliegun.jpg
[2010/12/30 19:58:04 | 000,154,850 | ---- | C] () -- C:\Users\Owner\juliesand.jpg
[2010/12/30 19:56:58 | 000,062,732 | ---- | C] () -- C:\Users\Owner\juliemall.jpg
[2010/12/30 19:55:59 | 000,096,305 | ---- | C] () -- C:\Users\Owner\julietrain.jpg
[2010/12/30 19:54:07 | 000,069,729 | ---- | C] () -- C:\Users\Owner\juliesolider.jpg
[2010/12/28 19:15:37 | 000,088,450 | ---- | C] () -- C:\Users\Owner\debbieandherdad.jpg
[2010/12/28 19:15:03 | 000,094,448 | ---- | C] () -- C:\Users\Owner\tony.jpg
[2010/12/28 12:09:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2010/12/28 12:09:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2010/12/27 13:37:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/27 13:32:49 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/12/26 14:34:59 | 000,062,958 | ---- | C] () -- C:\Users\Owner\dm_xmas_2010_sd.jpg
[2010/12/26 14:34:46 | 000,015,209 | ---- | C] () -- C:\Users\Owner\depechemodegreetings.jpg
[2010/12/24 15:52:46 | 000,092,471 | ---- | C] () -- C:\Users\Owner\jimmyxmas3.jpg
[2010/12/24 15:52:16 | 000,146,140 | ---- | C] () -- C:\Users\Owner\jimmyfirstxmas2.jpg
[2010/12/24 15:51:35 | 000,104,026 | ---- | C] () -- C:\Users\Owner\jimmyfirstxmas.jpg
[2010/08/12 14:37:16 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/01/18 16:38:46 | 000,010,496 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2009/08/18 18:54:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/01 16:50:49 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/02/22 11:18:56 | 000,000,512 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/02/15 11:47:06 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/15 11:47:06 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/09/08 19:27:35 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2008/04/22 14:04:15 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/01/30 18:53:21 | 000,156,160 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/29 00:32:50 | 000,027,335 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2008/01/28 20:33:11 | 000,027,335 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
[2008/01/27 09:49:15 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
[2008/01/27 09:49:15 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
[2008/01/27 09:49:15 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/12/27 11:59:30 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/05 23:51:03 | 000,005,748 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/02/17 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2010/06/14 19:18:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/03/06 13:59:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2009/01/11 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GARMIN
[2008/11/16 15:26:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iLike
[2008/01/31 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies
[2010/02/09 18:18:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2008/04/22 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QQ Games Plugin
[2011/01/19 18:53:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Simply Super Software
[2010/10/31 17:40:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skinux
[2009/02/22 11:18:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2011/01/20 18:30:09 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/20 16:39:03 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8DF000D1-4FBC-4E14-B90C-10E0A8AF5788}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/12/05 23:36:21 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/01/15 17:18:25 | 000,019,558 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/20 18:36:43 | 2079,158,272 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/28 08:23:31 | 000,001,950 | -H-- | M] () -- C:\IPH.PH
[2011/01/20 18:36:41 | 2393,034,752 | -HS- | M] () -- C:\pagefile.sys
[2011/01/15 17:45:53 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2008/04/22 13:56:15 | 000,000,152 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/12 11:26:28 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\1_HPZPPLHN.DLL
[2008/06/06 19:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp692.dll
[2008/10/28 11:49:30 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp696.dll
[2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/30 13:32:37 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/12 10:46:32 | 000,000,574 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/19 18:48:47 | 000,339,257 | ---- | M] () -- C:\Users\Owner\Desktop\CleanUp452.exe
[2008/02/01 17:03:06 | 001,206,366 | ---- | M] () -- C:\Users\Owner\Desktop\wrar371.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/12/12 11:55:17 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/12/12 11:54:47 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/12/12 11:54:46 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/12/12 11:54:47 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/12/12 11:54:46 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2009/12/12 11:54:47 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/01 17:34:51 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/07/26 19:23:06 | 000,005,748 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/01/20 18:23:07 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/01/21 09:17:08 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\universal poplab - seeds.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\Obszon Geschopf - Erection Body Mutilated.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\newlogosample2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\newlogosample.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\movement_banner_smaller.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\massiv in mensch.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\juliehalloweenmask3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\juliehalloweenmask2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\interview OG.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\gravebanner084.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\gravebanner083.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\gravebanner082.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\gravebanner08.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\grave concerns end the dj interview.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\GCEwhite2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\GCElg2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\ftsdhgfmsopz3.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\fallendesigns.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\darknationreklama2tm7.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\Alice in videoland - Shes a machine.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\8page_booklet_pages_8_1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Owner\Documents\01 _I Wanna Be Your Dog (Iggy and the Stooges Cover).mp3:Roxio EMC Stream

< End of report >
 
OTL Extras logfile created on: 1/21/2011 9:33:06 AM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Owner\Music\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.96 Gb Total Space | 38.85 Gb Free Space | 17.58% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.85 Gb Free Space | 15.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3874304796-3247481335-781613817-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13E1DECB-B9B5-4A40-AE4F-ECC430F64041}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3F6CF97D-3856-4ACE-BD03-DD804E1D417A}" = lport=139 | protocol=6 | dir=in | app=system |
"{6D4B186D-084B-462E-BE67-7781CAF0BC55}" = rport=137 | protocol=17 | dir=out | app=system |
"{794E6E3C-50D2-4A3D-9834-69D99B2C1B63}" = rport=138 | protocol=17 | dir=out | app=system |
"{847A4C28-A106-4EF4-88F5-5BECEBAB047C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8690AA7B-1B58-47D2-AFC1-9B3AD829BC73}" = lport=137 | protocol=17 | dir=in | app=system |
"{97FE7682-32C4-454E-9D98-7E97CC6ED81F}" = rport=445 | protocol=6 | dir=out | app=system |
"{B1395E43-2A32-483B-B7A4-4C162D6DEFD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA86F8D4-FA40-4A46-883B-E3CE9F887847}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BC482EF5-D060-4916-80EC-196EC1407851}" = lport=138 | protocol=17 | dir=in | app=system |
"{BCC77CA9-4C95-4BBE-8935-B1982FD64C3E}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C3D5D4-BDA1-416E-BF6D-4C00429FE8DD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15F9A471-8027-46D7-B87D-3B00E00613F1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{16B852F0-EEA5-4D70-85ED-CB4F957817DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{283D7589-6274-48B4-B61A-231DC5BD9488}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2ACCCC19-07C9-42C3-B3C2-6E70EC24C62A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{30D20C29-DD1A-4C64-8807-4BE4BABCAF7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{32182713-BA8C-4E76-899E-D2DCD20732AF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{363A88E7-0146-4C7E-AD29-9D38082308FE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3C015F45-1B9D-41FE-AF9B-23B26D8EFF71}" = dir=in | app=e:\setup\hpznui01.exe |
"{3DCBF8FD-6BBF-45BC-8B69-9F172160C81E}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3EFB2612-BEB1-4647-9DC3-9ED1B6D0D9BB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4203D776-BD8F-4AAE-B97C-1565AAFFA130}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5454A9C6-C56E-4514-86FE-3F610D56D779}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{58370F61-733F-4CB2-86AE-88A3CB51377B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5AEBA350-D4F7-4791-9AFD-5CBC6B6BDDD1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5B0257C3-072A-4A2D-AD32-9F548D0E2F89}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6951BC6A-C990-4D60-AE95-0CB9E4DB46AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6FB32505-7F0B-44E7-8703-EB9A59BB25A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{736AE150-5F55-4C5F-A60C-3DBDC25FF0D6}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{7417CDF6-A361-4708-9C87-A536A393FFF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{76284521-5832-42C2-B6EE-EB18C3261B29}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{789CFF5F-CE44-4970-9E31-8F2FFF56FE8E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{8B70BAD1-A056-4680-8ACD-6FA3B8A4C8B2}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8E4C6527-F3FA-4ED2-B1B6-7A262C609766}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{95C1C79F-7201-4122-9F8B-6A508340B431}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{993DE077-AFE0-43A4-B6D5-A58677BA4BD7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A50FB52D-5543-459B-B96B-664DFC85599A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A7E68A2C-141C-41F9-BF3D-165FCDE4734A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{AAF3FC96-4955-43A4-B2D0-F0A50179DA9F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{AEB0D164-A4E6-4987-B24A-B6F5017F1D06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B53655B4-6403-4A16-BB77-041FD462C49C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BE5DACD8-2B60-4251-BA17-C87AA284B953}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C49E454E-8FA0-4078-A70D-CDDC18FDA47D}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{C607DB15-A2E0-4891-9D13-EBA1B9F5271E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C995E5AF-E566-4512-B221-30E62F780592}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{C9F203AC-AD10-4E36-A483-7691D542D8C2}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{CA095D6D-3682-456C-BDEF-7D07FCD4352B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CD649714-95CE-48B3-835C-AF951B53BDCA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D459098B-F32E-4531-B3A1-5F39F9EBB6B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{EA518D60-5C47-4CFF-9AF0-A0D81545420A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{F6B51C40-836E-42C3-A83E-B7980EC1EF20}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FEF4B3B0-68FF-4006-B2DC-132CF7CC17FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"TCP Query User{122EA1C8-E689-497F-BD0B-2E203344FD3A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{69607381-E5BE-488D-88E0-ABA3B043FEA9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02807340-8FA2-44B6-ABA1-E443E4FF0A20}" = VZAccess Manager for RIM
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Catalyst Media Center
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37FCE36B-D082-41BE-847E-B63707251033}" = Nero 7 Ultra Edition
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{74D2638F-E20C-4EC0-97AA-6B6ECACA5D5C}" = Motorola Mobile Drivers Installation 4.8.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{88D18C5E-5113-4A1E-8EC9-2B7E24688A14}" = PS_AIO_04_C6300_Software_Min
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}" = HP Photosmart C6300 All-In-One Driver 12.0 Rel .4
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.28
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D330B524-FC79-40CC-9886-23738AFBB40B}" = HP RC Mirror Driver
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC4F90EC-B1DA-11D9-9D77-000129760D75}" = Catalyst Media Center DVD Authoring Module
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"4DFDCEFC24545A9DE98551DA0E63416199352710" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (04/27/2007 5.7.0427.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"ExtractNow_is1" = ExtractNow
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.0.40 Driver 4.8.0
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.8.2
"VLC media player" = VLC media player 1.1.1
"WinRAR archiver" = WinRAR archiver
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3874304796-3247481335-781613817-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/25/2010 9:15:49 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x01c74b40, process id 0x1990, application start time 0x01cae4ddb6990f30.

Error - 4/29/2010 12:30:31 AM | Computer Name = Owner-PC | Source = Desktop | ID = 268379920
Description =

Error - 4/29/2010 12:30:50 AM | Computer Name = Owner-PC | Source = Desktop | ID = 268379920
Description =

Error - 4/29/2010 6:33:55 AM | Computer Name = Owner-PC | Source = Desktop | ID = 268379920
Description =

Error - 5/1/2010 11:59:51 AM | Computer Name = Owner-PC | Source = Desktop | ID = 268379920
Description =

Error - 5/1/2010 11:59:59 AM | Computer Name = Owner-PC | Source = Desktop | ID = 268379920
Description =

Error - 5/1/2010 2:28:19 PM | Computer Name = Owner-PC | Source = Desktop | ID = 268379920
Description =

Error - 5/2/2010 10:08:52 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application HPWUCli.exe, version 5.0.8.1, time stamp 0x4abd3c99,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x01a54b73, process id 0x1a68, application start time 0x01caea65462fba90.

Error - 5/4/2010 3:42:55 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 11.0.6002.18111 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: a3c Start Time: 01caeb77a4aac110 Termination Time: 93

Error - 5/9/2010 10:32:59 AM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3743 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1038 Start Time: 01cae95c61e34ce3 Termination Time: 2727

[ Media Center Events ]
Error - 6/8/2008 12:26:47 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 10/23/2008 1:36:16 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/24/2009 7:39:30 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/11/2009 10:35:21 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/5/2010 6:36:31 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 3/29/2009 7:32:41 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 577
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/19/2011 10:54:31 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/20/2011 7:16:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/20/2011 7:18:01 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =

Error - 1/20/2011 7:18:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/20/2011 7:18:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/20/2011 7:30:04 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 1/20/2011 7:38:22 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/20/2011 7:38:36 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description =

Error - 1/20/2011 7:39:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/20/2011 7:39:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >
 
Status
Not open for further replies.
Back