TechSpot

Infected with Guard Online and Google Redirect

Solved
By dshoff115
Oct 11, 2011
  1. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Give it some time.
     
  2. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    For some reason Combofix does not like my computer.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    This is not about Combofix.
    Your computer is infected pretty badly.

    Re-run TDSSKiller one more time.
     
  4. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    It found zero threats.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    I need to see the log.
     
  6. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    00:17:37.0871 5376 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
    00:17:37.0894 5376 ============================================================
    00:17:37.0895 5376 Current date / time: 2011/10/14 00:17:37.0894
    00:17:37.0895 5376 SystemInfo:
    00:17:37.0895 5376
    00:17:37.0895 5376 OS Version: 6.0.6002 ServicePack: 2.0
    00:17:37.0895 5376 Product type: Workstation
    00:17:37.0895 5376 ComputerName: HOME-PC
    00:17:37.0895 5376 UserName: Home
    00:17:37.0895 5376 Windows directory: C:\Windows
    00:17:37.0895 5376 System windows directory: C:\Windows
    00:17:37.0895 5376 Processor architecture: Intel x86
    00:17:37.0895 5376 Number of processors: 2
    00:17:37.0895 5376 Page size: 0x1000
    00:17:37.0895 5376 Boot type: Normal boot
    00:17:37.0895 5376 ============================================================
    00:17:39.0289 5376 Initialize success
    00:17:51.0371 3364 ============================================================
    00:17:51.0371 3364 Scan started
    00:17:51.0371 3364 Mode: Manual;
    00:17:51.0371 3364 ============================================================
    00:17:52.0112 3364 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    00:17:52.0119 3364 ACPI - ok
    00:17:52.0266 3364 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    00:17:52.0274 3364 adp94xx - ok
    00:17:52.0418 3364 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    00:17:52.0425 3364 adpahci - ok
    00:17:52.0542 3364 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    00:17:52.0545 3364 adpu160m - ok
    00:17:52.0582 3364 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    00:17:52.0586 3364 adpu320 - ok
    00:17:52.0785 3364 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    00:17:52.0791 3364 AFD - ok
    00:17:52.0889 3364 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    00:17:52.0892 3364 agp440 - ok
    00:17:53.0000 3364 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    00:17:53.0003 3364 aic78xx - ok
    00:17:53.0080 3364 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    00:17:53.0082 3364 aliide - ok
    00:17:53.0130 3364 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    00:17:53.0132 3364 amdagp - ok
    00:17:53.0184 3364 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    00:17:53.0186 3364 amdide - ok
    00:17:53.0273 3364 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    00:17:53.0277 3364 AmdK7 - ok
    00:17:53.0328 3364 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    00:17:53.0332 3364 AmdK8 - ok
    00:17:53.0423 3364 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
    00:17:53.0427 3364 ApfiltrService - ok
    00:17:53.0605 3364 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    00:17:53.0608 3364 arc - ok
    00:17:53.0669 3364 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    00:17:53.0672 3364 arcsas - ok
    00:17:53.0723 3364 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    00:17:53.0725 3364 AsyncMac - ok
    00:17:53.0849 3364 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    00:17:53.0849 3364 atapi - ok
    00:17:54.0025 3364 atikmdag (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
    00:17:54.0086 3364 atikmdag - ok
    00:17:54.0244 3364 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    00:17:54.0245 3364 Beep - ok
    00:17:54.0319 3364 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    00:17:54.0321 3364 blbdrive - ok
    00:17:54.0473 3364 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    00:17:54.0476 3364 bowser - ok
    00:17:54.0566 3364 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    00:17:54.0567 3364 BrFiltLo - ok
    00:17:54.0597 3364 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    00:17:54.0599 3364 BrFiltUp - ok
    00:17:54.0708 3364 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    00:17:54.0711 3364 Brserid - ok
    00:17:54.0743 3364 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    00:17:54.0746 3364 BrSerWdm - ok
    00:17:54.0770 3364 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    00:17:54.0771 3364 BrUsbMdm - ok
    00:17:54.0787 3364 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    00:17:54.0789 3364 BrUsbSer - ok
    00:17:54.0918 3364 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    00:17:54.0920 3364 BTHMODEM - ok
    00:17:55.0070 3364 catchme - ok
    00:17:55.0190 3364 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    00:17:55.0192 3364 cdfs - ok
    00:17:55.0262 3364 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    00:17:55.0264 3364 cdrom - ok
    00:17:55.0350 3364 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\Windows\system32\drivers\cfwids.sys
    00:17:55.0352 3364 cfwids - ok
    00:17:55.0456 3364 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
    00:17:55.0457 3364 circlass - ok
    00:17:55.0521 3364 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    00:17:55.0527 3364 CLFS - ok
    00:17:55.0812 3364 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    00:17:55.0814 3364 CmBatt - ok
    00:17:55.0860 3364 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    00:17:55.0861 3364 cmdide - ok
    00:17:56.0024 3364 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    00:17:56.0025 3364 Compbatt - ok
    00:17:56.0058 3364 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    00:17:56.0059 3364 crcdisk - ok
    00:17:56.0076 3364 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    00:17:56.0078 3364 Crusoe - ok
    00:17:56.0244 3364 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
    00:17:56.0247 3364 ctxusbm - ok
    00:17:56.0299 3364 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    00:17:56.0303 3364 DfsC - ok
    00:17:56.0470 3364 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    00:17:56.0472 3364 disk - ok
    00:17:56.0566 3364 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    00:17:56.0568 3364 drmkaud - ok
    00:17:56.0681 3364 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    00:17:56.0693 3364 DXGKrnl - ok
    00:17:56.0845 3364 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    00:17:56.0850 3364 e1express - ok
    00:17:56.0905 3364 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    00:17:56.0908 3364 E1G60 - ok
    00:17:57.0090 3364 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    00:17:57.0095 3364 Ecache - ok
    00:17:57.0180 3364 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    00:17:57.0190 3364 elxstor - ok
    00:17:57.0307 3364 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    00:17:57.0309 3364 ErrDev - ok
    00:17:57.0402 3364 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    00:17:57.0407 3364 exfat - ok
    00:17:57.0542 3364 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    00:17:57.0547 3364 fastfat - ok
    00:17:57.0633 3364 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    00:17:57.0635 3364 fdc - ok
    00:17:57.0747 3364 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    00:17:57.0750 3364 FileInfo - ok
    00:17:57.0784 3364 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    00:17:57.0786 3364 Filetrace - ok
    00:17:57.0809 3364 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    00:17:57.0811 3364 flpydisk - ok
    00:17:57.0878 3364 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    00:17:57.0883 3364 FltMgr - ok
    00:17:58.0027 3364 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    00:17:58.0029 3364 Fs_Rec - ok
    00:17:58.0049 3364 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    00:17:58.0051 3364 gagp30kx - ok
    00:17:58.0114 3364 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    00:17:58.0115 3364 GEARAspiWDM - ok
    00:17:58.0336 3364 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    00:17:58.0341 3364 HdAudAddService - ok
    00:17:58.0410 3364 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    00:17:58.0421 3364 HDAudBus - ok
    00:17:58.0532 3364 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    00:17:58.0534 3364 HidBth - ok
    00:17:58.0579 3364 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
    00:17:58.0581 3364 HidIr - ok
    00:17:58.0742 3364 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    00:17:58.0744 3364 HidUsb - ok
    00:17:58.0788 3364 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    00:17:58.0790 3364 HpCISSs - ok
    00:17:58.0853 3364 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    00:17:58.0862 3364 HTTP - ok
    00:17:58.0972 3364 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    00:17:58.0974 3364 i2omp - ok
    00:17:59.0060 3364 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    00:17:59.0062 3364 i8042prt - ok
    00:17:59.0171 3364 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    00:17:59.0176 3364 iaStorV - ok
    00:17:59.0205 3364 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    00:17:59.0207 3364 iirsp - ok
    00:17:59.0355 3364 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    00:17:59.0356 3364 intelide - ok
    00:17:59.0385 3364 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    00:17:59.0387 3364 intelppm - ok
    00:17:59.0451 3364 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:17:59.0453 3364 IpFilterDriver - ok
    00:17:59.0542 3364 IpInIp - ok
    00:17:59.0581 3364 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    00:17:59.0583 3364 IPMIDRV - ok
    00:17:59.0612 3364 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    00:17:59.0616 3364 IPNAT - ok
    00:17:59.0649 3364 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    00:17:59.0651 3364 IRENUM - ok
    00:17:59.0759 3364 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    00:17:59.0761 3364 isapnp - ok
    00:17:59.0838 3364 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    00:17:59.0842 3364 iScsiPrt - ok
    00:17:59.0870 3364 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    00:17:59.0872 3364 iteatapi - ok
    00:17:59.0984 3364 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
    00:17:59.0986 3364 itecir - ok
    00:18:00.0029 3364 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    00:18:00.0030 3364 iteraid - ok
    00:18:00.0126 3364 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys
    00:18:00.0131 3364 k57nd60x - ok
    00:18:00.0213 3364 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    00:18:00.0215 3364 kbdclass - ok
    00:18:00.0292 3364 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    00:18:00.0293 3364 kbdhid - ok
    00:18:00.0365 3364 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    00:18:00.0373 3364 KSecDD - ok
    00:18:00.0548 3364 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
    00:18:00.0550 3364 Lbd - ok
    00:18:00.0630 3364 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    00:18:00.0632 3364 lltdio - ok
    00:18:00.0666 3364 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    00:18:00.0670 3364 LSI_FC - ok
    00:18:00.0786 3364 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    00:18:00.0790 3364 LSI_SAS - ok
    00:18:00.0819 3364 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    00:18:00.0823 3364 LSI_SCSI - ok
    00:18:00.0851 3364 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    00:18:00.0854 3364 luafv - ok
    00:18:01.0087 3364 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    00:18:01.0110 3364 megasas - ok
    00:18:01.0178 3364 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    00:18:01.0186 3364 MegaSR - ok
    00:18:01.0342 3364 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\Windows\system32\drivers\mfeapfk.sys
    00:18:01.0343 3364 mfeapfk - ok
    00:18:01.0393 3364 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\Windows\system32\drivers\mfeavfk.sys
    00:18:01.0397 3364 mfeavfk - ok
    00:18:01.0463 3364 mfeavfk01 - ok
    00:18:01.0577 3364 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\Windows\system32\drivers\mfebopk.sys
    00:18:01.0578 3364 mfebopk - ok
    00:18:01.0670 3364 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\Windows\system32\drivers\mfefirek.sys
    00:18:01.0677 3364 mfefirek - ok
    00:18:01.0779 3364 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\Windows\system32\drivers\mfehidk.sys
    00:18:01.0791 3364 mfehidk - ok
    00:18:01.0926 3364 mfenlfk (3f9c3147c904fb4377ede0d9df06c789) C:\Windows\system32\DRIVERS\mfenlfk.sys
    00:18:01.0928 3364 mfenlfk - ok
    00:18:01.0980 3364 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\Windows\system32\drivers\mferkdet.sys
    00:18:01.0984 3364 mferkdet - ok
    00:18:02.0019 3364 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
    00:18:02.0022 3364 mferkdk - ok
    00:18:02.0180 3364 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
    00:18:02.0181 3364 mfesmfk - ok
    00:18:02.0252 3364 mfewfpk (991069f1e220842c5f9742f6ec4b40a8) C:\Windows\system32\drivers\mfewfpk.sys
    00:18:02.0256 3364 mfewfpk - ok
    00:18:02.0371 3364 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    00:18:02.0373 3364 Modem - ok
    00:18:02.0409 3364 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    00:18:02.0411 3364 monitor - ok
    00:18:02.0436 3364 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    00:18:02.0437 3364 mouclass - ok
    00:18:02.0460 3364 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    00:18:02.0462 3364 mouhid - ok
    00:18:02.0576 3364 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    00:18:02.0578 3364 MountMgr - ok
    00:18:02.0640 3364 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    00:18:02.0643 3364 mpio - ok
    00:18:02.0688 3364 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    00:18:02.0690 3364 mpsdrv - ok
    00:18:02.0787 3364 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    00:18:02.0788 3364 Mraid35x - ok
    00:18:02.0877 3364 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    00:18:02.0880 3364 MRxDAV - ok
    00:18:02.0926 3364 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:18:02.0930 3364 mrxsmb - ok
    00:18:03.0032 3364 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:18:03.0037 3364 mrxsmb10 - ok
    00:18:03.0100 3364 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:18:03.0103 3364 mrxsmb20 - ok
    00:18:03.0244 3364 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    00:18:03.0245 3364 msahci - ok
    00:18:03.0289 3364 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    00:18:03.0292 3364 msdsm - ok
    00:18:03.0310 3364 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    00:18:03.0311 3364 Msfs - ok
    00:18:03.0360 3364 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    00:18:03.0362 3364 msisadrv - ok
    00:18:03.0467 3364 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    00:18:03.0468 3364 MSKSSRV - ok
    00:18:03.0517 3364 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    00:18:03.0519 3364 MSPCLOCK - ok
    00:18:03.0558 3364 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    00:18:03.0560 3364 MSPQM - ok
    00:18:03.0615 3364 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    00:18:03.0619 3364 MsRPC - ok
    00:18:03.0711 3364 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    00:18:03.0713 3364 mssmbios - ok
    00:18:03.0758 3364 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    00:18:03.0760 3364 MSTEE - ok
    00:18:03.0826 3364 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    00:18:03.0828 3364 Mup - ok
    00:18:03.0975 3364 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    00:18:03.0979 3364 NativeWifiP - ok
    00:18:04.0093 3364 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    00:18:04.0103 3364 NDIS - ok
    00:18:04.0201 3364 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    00:18:04.0202 3364 NdisTapi - ok
    00:18:04.0246 3364 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    00:18:04.0248 3364 Ndisuio - ok
    00:18:04.0318 3364 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    00:18:04.0321 3364 NdisWan - ok
    00:18:04.0410 3364 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    00:18:04.0412 3364 NDProxy - ok
    00:18:04.0483 3364 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    00:18:04.0485 3364 NetBIOS - ok
    00:18:04.0536 3364 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    00:18:04.0540 3364 netbt - ok
    00:18:04.0763 3364 NETw5v32 (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
    00:18:04.0852 3364 NETw5v32 - ok
    00:18:04.0967 3364 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    00:18:04.0969 3364 nfrd960 - ok
    00:18:05.0034 3364 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    00:18:05.0036 3364 Npfs - ok
    00:18:05.0068 3364 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    00:18:05.0070 3364 nsiproxy - ok
    00:18:05.0247 3364 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    00:18:05.0270 3364 Ntfs - ok
    00:18:05.0380 3364 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    00:18:05.0382 3364 ntrigdigi - ok
    00:18:05.0450 3364 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
    00:18:05.0451 3364 NuidFltr - ok
    00:18:05.0477 3364 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    00:18:05.0478 3364 Null - ok
    00:18:05.0593 3364 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    00:18:05.0596 3364 nvraid - ok
    00:18:05.0621 3364 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    00:18:05.0623 3364 nvstor - ok
    00:18:05.0652 3364 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    00:18:05.0655 3364 nv_agp - ok
    00:18:05.0737 3364 NwlnkFlt - ok
    00:18:05.0750 3364 NwlnkFwd - ok
    00:18:05.0822 3364 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA001Ufd.sys
    00:18:05.0825 3364 OA001Ufd - ok
    00:18:05.0854 3364 OA001Vid (438ffcb55b8ce39b0bc71afc0a059835) C:\Windows\system32\DRIVERS\OA001Vid.sys
    00:18:05.0860 3364 OA001Vid - ok
    00:18:05.0997 3364 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    00:18:05.0999 3364 ohci1394 - ok
    00:18:06.0078 3364 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    00:18:06.0081 3364 Parport - ok
    00:18:06.0144 3364 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    00:18:06.0146 3364 partmgr - ok
    00:18:06.0248 3364 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    00:18:06.0250 3364 Parvdm - ok
    00:18:06.0306 3364 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    00:18:06.0309 3364 pci - ok
    00:18:06.0336 3364 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    00:18:06.0338 3364 pciide - ok
    00:18:06.0372 3364 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    00:18:06.0376 3364 pcmcia - ok
    00:18:06.0536 3364 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    00:18:06.0553 3364 PEAUTH - ok
    00:18:06.0697 3364 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    00:18:06.0699 3364 PptpMiniport - ok
    00:18:06.0729 3364 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    00:18:06.0731 3364 Processor - ok
    00:18:06.0787 3364 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    00:18:06.0790 3364 PSched - ok
    00:18:06.0933 3364 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    00:18:06.0936 3364 PxHelp20 - ok
    00:18:07.0039 3364 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    00:18:07.0064 3364 ql2300 - ok
    00:18:07.0181 3364 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    00:18:07.0184 3364 ql40xx - ok
    00:18:07.0204 3364 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    00:18:07.0206 3364 QWAVEdrv - ok
    00:18:07.0359 3364 R300 (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys
    00:18:07.0381 3364 R300 - ok
    00:18:07.0500 3364 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    00:18:07.0500 3364 RasAcd - ok
    00:18:07.0536 3364 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:18:07.0538 3364 Rasl2tp - ok
    00:18:07.0600 3364 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    00:18:07.0602 3364 RasPppoe - ok
    00:18:07.0727 3364 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    00:18:07.0729 3364 RasSstp - ok
    00:18:07.0786 3364 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    00:18:07.0793 3364 rdbss - ok
    00:18:07.0829 3364 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:18:07.0830 3364 RDPCDD - ok
    00:18:07.0865 3364 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    00:18:07.0873 3364 rdpdr - ok
    00:18:07.0985 3364 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    00:18:07.0986 3364 RDPENCDD - ok
    00:18:08.0051 3364 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    00:18:08.0056 3364 RDPWD - ok
    00:18:08.0107 3364 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
    00:18:08.0109 3364 rimmptsk - ok
    00:18:08.0262 3364 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
    00:18:08.0264 3364 rimsptsk - ok
    00:18:08.0314 3364 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
    00:18:08.0315 3364 rismxdp - ok
    00:18:08.0368 3364 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    00:18:08.0370 3364 rspndr - ok
    00:18:08.0491 3364 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    00:18:08.0494 3364 sbp2port - ok
    00:18:08.0570 3364 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    00:18:08.0573 3364 sdbus - ok
    00:18:08.0682 3364 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    00:18:08.0683 3364 secdrv - ok
    00:18:08.0710 3364 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    00:18:08.0711 3364 Serenum - ok
    00:18:08.0733 3364 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    00:18:08.0736 3364 Serial - ok
    00:18:08.0759 3364 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    00:18:08.0760 3364 sermouse - ok
    00:18:08.0892 3364 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    00:18:08.0893 3364 sffdisk - ok
    00:18:08.0920 3364 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    00:18:08.0921 3364 sffp_mmc - ok
    00:18:08.0945 3364 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    00:18:08.0946 3364 sffp_sd - ok
    00:18:09.0053 3364 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    00:18:09.0054 3364 sfloppy - ok
    00:18:09.0086 3364 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    00:18:09.0088 3364 sisagp - ok
    00:18:09.0116 3364 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    00:18:09.0118 3364 SiSRaid2 - ok
    00:18:09.0234 3364 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    00:18:09.0236 3364 SiSRaid4 - ok
    00:18:09.0286 3364 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    00:18:09.0288 3364 Smb - ok
    00:18:09.0330 3364 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    00:18:09.0331 3364 spldr - ok
    00:18:09.0435 3364 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    00:18:09.0437 3364 srv - ok
    00:18:09.0470 3364 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    00:18:09.0472 3364 srv2 - ok
    00:18:09.0493 3364 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    00:18:09.0494 3364 srvnet - ok
    00:18:09.0626 3364 STHDA (5af1feec6945f4fa5efd00e0c6d8f9b9) C:\Windows\system32\DRIVERS\stwrt.sys
    00:18:09.0630 3364 STHDA - ok
    00:18:09.0711 3364 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    00:18:09.0712 3364 swenum - ok
    00:18:09.0825 3364 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    00:18:09.0826 3364 Symc8xx - ok
    00:18:09.0856 3364 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    00:18:09.0858 3364 Sym_hi - ok
    00:18:09.0880 3364 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    00:18:09.0881 3364 Sym_u3 - ok
    00:18:09.0971 3364 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
    00:18:09.0977 3364 Tcpip - ok
    00:18:10.0127 3364 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
    00:18:10.0133 3364 Tcpip6 - ok
    00:18:10.0265 3364 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    00:18:10.0267 3364 tcpipreg - ok
    00:18:10.0306 3364 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    00:18:10.0307 3364 TDPIPE - ok
    00:18:10.0347 3364 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    00:18:10.0349 3364 TDTCP - ok
    00:18:10.0396 3364 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    00:18:10.0398 3364 tdx - ok
    00:18:10.0539 3364 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    00:18:10.0540 3364 TermDD - ok
    00:18:10.0604 3364 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:18:10.0606 3364 tssecsrv - ok
    00:18:10.0639 3364 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    00:18:10.0640 3364 tunmp - ok
    00:18:10.0771 3364 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    00:18:10.0772 3364 tunnel - ok
    00:18:10.0808 3364 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    00:18:10.0809 3364 uagp35 - ok
    00:18:10.0872 3364 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    00:18:10.0874 3364 udfs - ok
    00:18:10.0994 3364 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    00:18:10.0995 3364 uliagpkx - ok
    00:18:11.0018 3364 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    00:18:11.0020 3364 uliahci - ok
    00:18:11.0054 3364 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    00:18:11.0055 3364 UlSata - ok
    00:18:11.0083 3364 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    00:18:11.0084 3364 ulsata2 - ok
    00:18:11.0201 3364 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    00:18:11.0202 3364 umbus - ok
    00:18:11.0251 3364 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    00:18:11.0252 3364 USBAAPL - ok
    00:18:11.0379 3364 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    00:18:11.0381 3364 usbccgp - ok
    00:18:11.0432 3364 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    00:18:11.0433 3364 usbcir - ok
    00:18:11.0506 3364 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    00:18:11.0508 3364 usbehci - ok
    00:18:11.0642 3364 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    00:18:11.0643 3364 usbhub - ok
    00:18:11.0680 3364 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    00:18:11.0681 3364 usbohci - ok
    00:18:11.0713 3364 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    00:18:11.0714 3364 usbprint - ok
    00:18:11.0858 3364 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    00:18:11.0859 3364 usbscan - ok
    00:18:11.0906 3364 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    00:18:11.0907 3364 USBSTOR - ok
    00:18:11.0958 3364 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    00:18:11.0958 3364 usbuhci - ok
    00:18:12.0075 3364 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    00:18:12.0076 3364 vga - ok
    00:18:12.0097 3364 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    00:18:12.0098 3364 VgaSave - ok
    00:18:12.0118 3364 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    00:18:12.0119 3364 viaagp - ok
    00:18:12.0244 3364 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    00:18:12.0245 3364 ViaC7 - ok
    00:18:12.0278 3364 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    00:18:12.0279 3364 viaide - ok
    00:18:12.0314 3364 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    00:18:12.0316 3364 volmgr - ok
    00:18:12.0454 3364 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    00:18:12.0456 3364 volmgrx - ok
    00:18:12.0522 3364 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    00:18:12.0526 3364 volsnap - ok
    00:18:12.0576 3364 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    00:18:12.0577 3364 vsmraid - ok
    00:18:12.0697 3364 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    00:18:12.0698 3364 WacomPen - ok
    00:18:12.0720 3364 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    00:18:12.0721 3364 Wanarp - ok
    00:18:12.0753 3364 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    00:18:12.0754 3364 Wanarpv6 - ok
    00:18:12.0790 3364 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    00:18:12.0791 3364 Wd - ok
    00:18:12.0928 3364 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    00:18:12.0931 3364 Wdf01000 - ok
    00:18:13.0023 3364 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    00:18:13.0024 3364 WmiAcpi - ok
    00:18:13.0085 3364 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    00:18:13.0086 3364 WpdUsb - ok
    00:18:13.0193 3364 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    00:18:13.0193 3364 ws2ifsl - ok
    00:18:13.0257 3364 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    00:18:13.0258 3364 WUDFRd - ok
    00:18:13.0314 3364 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    00:18:13.0335 3364 \Device\Harddisk0\DR0 - ok
    00:18:13.0343 3364 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    00:18:13.0350 3364 \Device\Harddisk1\DR1 - ok
    00:18:13.0369 3364 Boot (0x1200) (2916a7f978645cb49e545a582f0f5cf7) \Device\Harddisk0\DR0\Partition0
    00:18:13.0370 3364 \Device\Harddisk0\DR0\Partition0 - ok
    00:18:13.0374 3364 Boot (0x1200) (0ebddef2f9bb39e8bda2fb7f4a0be38f) \Device\Harddisk0\DR0\Partition1
    00:18:13.0375 3364 \Device\Harddisk0\DR0\Partition1 - ok
    00:18:13.0380 3364 Boot (0x1200) (36fdfd7a4d1d98a38620e2d14e498db2) \Device\Harddisk1\DR1\Partition0
    00:18:13.0381 3364 \Device\Harddisk1\DR1\Partition0 - ok
    00:18:13.0382 3364 ============================================================
    00:18:13.0382 3364 Scan finished
    00:18:13.0382 3364 ============================================================
    00:18:13.0392 5668 Detected object count: 0
    00:18:13.0392 5668 Actual detected object count: 0
     
  7. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Interesting. It looks like we fixed tdx.sys file with Blitzblank script.

    We won't worry about Combofix then.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    I keep getting this error message about the recycle bin being corrupted. I haven't tried running a virus scan yet, but it let me try when I opened McAfee. i will post the logs next.
     
  9. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    OTL keeps getting stuck on Scanning Modules.....
     
  10. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Maybe you need to be little bit more patient.
    Those scans take a while.
    What do you mean by "stuck"?
     
  11. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    Sorry about that. I was about to edit that post. The program froze the first two times I ran it and it would say OTL is not responding. It is running now.
     
     
  12. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    OTL

    OTL logfile created on: 10/14/2011 12:35:11 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Home\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19120)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.22% Memory free
    6.19 Gb Paging File | 4.51 Gb Available in Paging File | 72.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.29 Gb Total Space | 192.01 Gb Free Space | 66.60% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 4.45 Gb Free Space | 45.61% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/14 00:31:40 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    PRC - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    PRC - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/08/19 15:55:18 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/07/22 20:05:28 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
    PRC - [2011/07/13 09:58:00 | 001,312,384 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
    PRC - [2011/04/18 10:14:19 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2011/04/18 10:14:19 | 000,789,392 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
    PRC - [2009/07/07 10:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/09/24 00:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
    PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/07/17 08:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/07/17 08:00:18 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2008/07/17 08:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2008/07/17 08:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2008/07/17 06:23:04 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2008/07/17 06:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe
    PRC - [2008/07/17 06:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe
    PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/24 03:16:30 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\daffd5386c3b09c90f7afe4fbfeb44f9\MenuSkinning.ni.dll
    MOD - [2011/08/24 03:15:30 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\c5dcad722494de790c6fdb4a39a05e4f\VistaBridgeLibrary.ni.dll
    MOD - [2011/08/24 03:15:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
    MOD - [2011/08/24 03:15:25 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\5ad43d6a7092b5f6d84c95a50313bcd4\DellDock.ni.exe
    MOD - [2011/08/24 03:15:21 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\2b4ce14161bf585082d0f0fc60b9f4a6\MyDock.Util.ni.dll
    MOD - [2011/08/24 03:15:13 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
    MOD - [2011/08/24 03:14:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
    MOD - [2011/08/24 03:14:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
    MOD - [2011/08/24 03:14:43 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
    MOD - [2011/08/24 03:14:35 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
    MOD - [2011/08/24 03:14:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
    MOD - [2011/08/24 03:14:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
    MOD - [2011/08/24 03:14:15 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll
    MOD - [2011/08/24 03:12:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
    MOD - [2011/08/24 03:12:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
    MOD - [2009/10/23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/07/07 10:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
    MOD - [2009/07/07 10:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    MOD - [2009/07/07 10:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
    MOD - [2009/07/07 10:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    MOD - [2009/07/07 10:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
    MOD - [2008/12/24 16:38:31 | 001,687,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3106.38542__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2008/12/24 16:38:31 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3106.38494__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:31 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3106.38558__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2008/12/24 16:38:31 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3106.38756__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3106.38714__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3106.38533__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2008/12/24 16:38:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3106.38664__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3106.38517__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:30 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3106.38798__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2008/12/24 16:38:21 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3106.38724__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:21 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:21 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3106.38805__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:21 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3106.38731__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2008/12/24 16:38:21 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3106.38510__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:21 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3106.38723__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:20 | 000,806,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3106.38668__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:20 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3106.38573__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:20 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3106.38657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:20 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3106.38519__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:20 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3106.38746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2008/12/24 16:38:20 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3106.38706__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:20 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3106.38666__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:20 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3106.38579__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
    MOD - [2008/12/24 16:38:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3106.38565__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:20 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3106.38689__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2008/12/24 16:38:20 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3106.38665__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3106.38578__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:20 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3106.38687__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3106.38704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2008/12/24 16:38:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2008/12/24 16:38:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2008/12/24 16:38:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2008/12/24 16:38:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2008/12/24 16:38:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2008/12/24 16:38:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2008/12/24 16:38:20 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2008/12/24 16:38:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2008/12/24 16:38:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2008/12/24 16:38:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2008/12/24 16:38:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2008/12/24 16:38:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2008/12/24 16:38:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2008/12/24 16:38:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3091.17988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3091.17991__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2008/12/24 16:38:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2008/12/24 16:38:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll
    MOD - [2008/12/24 16:38:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2008/12/24 16:38:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2008/12/24 16:38:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2008/12/24 16:38:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2008/12/24 16:38:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2008/12/24 16:38:14 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3106.38526__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2008/12/24 16:38:14 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3106.38785__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2008/12/24 16:38:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3106.38782__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2008/12/24 16:38:14 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3106.38488__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2008/12/24 16:38:14 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2008/12/24 16:38:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2008/12/24 16:38:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3106.38822__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2008/12/24 16:38:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2008/12/24 16:38:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2008/12/24 16:38:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2008/12/24 16:38:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2008/12/24 16:38:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
    MOD - [2008/12/24 16:38:14 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    MOD - [2008/12/24 16:38:14 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
    MOD - [2008/12/24 16:38:14 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3106.38837__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
    MOD - [2008/12/24 16:38:14 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2008/12/24 16:38:13 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3106.38503__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2008/12/24 16:38:13 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3106.38486__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2008/12/24 16:38:13 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3106.38482__90ba9c70f846762e\APM.Server.dll
    MOD - [2008/12/24 16:38:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3106.38484__90ba9c70f846762e\AEM.Server.dll
    MOD - [2008/12/24 16:38:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2008/12/24 16:38:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2008/12/24 16:38:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3106.38784__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2008/12/24 16:38:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2008/12/24 16:38:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2008/11/03 11:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
    MOD - [2008/07/18 06:27:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV - [2011/08/19 15:55:18 | 000,166,024 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2011/04/18 10:14:19 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/02/19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2008/12/24 16:49:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/07/17 06:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe -- (STacSV)
    SRV - [2008/07/17 06:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe -- (AESTFilters)
    SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/15 10:00:06 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/08/15 10:00:06 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/08/15 10:00:06 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/08/15 10:00:06 | 000,164,776 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2011/08/15 10:00:06 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/08/15 10:00:06 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/08/15 10:00:06 | 000,064,712 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2011/08/15 10:00:06 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2011/08/15 10:00:06 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/07/14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
    DRV - [2009/12/02 09:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2008/10/27 02:25:30 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
    DRV - [2008/10/27 02:25:28 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
    DRV - [2008/07/28 05:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
    DRV - [2008/07/18 06:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2008/07/18 06:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/07/17 08:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/07/17 06:23:06 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/07/04 01:35:48 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/07/03 04:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2008/07/03 04:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2008/07/03 04:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/05/29 07:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
    DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Home\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/07 16:24:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/10/14 00:29:00 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Home\AppData\Roaming\Move Networks [2010/05/09 18:09:35 | 000,000,000 | ---D | M]

    [2011/10/05 09:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

    O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110912204510.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000..\Run: [Aim6] File not found
    O4 - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JS...0/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74DEFE3F-39CD-4C3C-BA38-21F4073BE24A}: DhcpNameServer = 68.87.74.166 68.87.68.166
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFFA35B4-D23B-40D8-B629-64AA5A8B21DF}: DhcpNameServer = 68.87.74.166 68.87.68.166
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3b578285-72f8-11de-8c9b-002219dd4f07}\Shell - "" = AutoRun
    O33 - MountPoints2\{3b578285-72f8-11de-8c9b-002219dd4f07}\Shell\AutoRun\command - "" = F:\DTE_Privacy_launcher.exe
    O33 - MountPoints2\{401212fd-07fd-11de-848f-002219dd4f07}\Shell - "" = AutoRun
    O33 - MountPoints2\{401212fd-07fd-11de-848f-002219dd4f07}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{74338414-0291-11de-80af-002219dd4f07}\Shell - "" = AutoRun
    O33 - MountPoints2\{74338414-0291-11de-80af-002219dd4f07}\Shell\AutoRun\command - "" = F:\DTE_Privacy_launcher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  13. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    OTL cont.

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/14 00:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/10/14 00:31:22 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2011/10/13 23:45:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/10/13 23:45:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/10/13 23:45:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/10/13 23:44:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/10/13 23:44:46 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/10/13 23:43:17 | 004,259,790 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
    [2011/10/13 07:24:01 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\GrantPerms
    [2011/10/13 01:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2011/10/12 22:35:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\E8896
    [2011/10/12 21:36:26 | 000,000,000 | --SD | C] -- C:\dshoff115
    [2011/10/12 08:00:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/10/11 22:51:06 | 000,000,000 | ---D | C] -- C:\Windows\3951070527
    [2011/10/11 22:50:31 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\DummyCreator
    [2011/10/10 21:36:34 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Niuqmod
    [2011/10/10 20:23:34 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\espn1
    [2011/10/09 23:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/10/09 23:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/10/09 23:32:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\PC Tools
    [2011/10/09 23:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/10/09 23:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/10/09 22:59:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2011/10/09 15:15:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\VkIIVVrlO
    [2011/10/09 15:15:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Y5Q6KTjCeBz2FQ6
    [2011/10/09 15:15:47 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OfffRL99hX
    [2011/10/09 14:59:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\hmGG55sQJ6dE89X
    [2011/10/09 14:58:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\bsQJ7dEEK8RZ9Yj
    [2011/10/09 14:58:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\b55ssQJ77EK8gZh
    [2011/10/09 14:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/10/09 14:50:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/10/09 14:32:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
    [2011/10/09 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\A000uccS2ib3
    [2011/10/09 14:32:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\d777fEEL8gTqhCw
    [2009/07/23 22:20:37 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Home\AppData\Roaming\DataSafeDotNet.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/10/14 00:32:02 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/10/14 00:32:02 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/10/14 00:31:40 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2011/10/14 00:25:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/14 00:25:42 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/10/14 00:25:42 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/10/14 00:25:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/10/14 00:25:31 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/13 23:55:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/13 23:43:26 | 004,259,790 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
    [2011/10/13 07:23:07 | 000,450,862 | ---- | M] () -- C:\Users\Home\Desktop\GrantPerms.zip
    [2011/10/12 22:09:29 | 000,079,623 | ---- | M] () -- C:\Users\Home\Desktop\Junction.zip
    [2011/10/11 23:13:45 | 000,007,512 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
    [2011/10/11 22:49:57 | 000,455,503 | ---- | M] () -- C:\Users\Home\Desktop\DummyCreator.zip
    [2011/10/11 21:34:05 | 000,000,000 | ---- | M] () -- C:\Users\Home\AppData\Local\{A9B41FBA-28DE-413B-9F58-D3E9D126E15A}
    [2011/10/10 20:51:32 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable
    [2011/10/10 20:23:16 | 001,540,270 | ---- | M] () -- C:\Users\Home\Desktop\espn1.zip
    [2011/10/09 22:16:56 | 000,000,000 | -H-- | M] () -- C:\Users\Home\AppData\Roaming\tghMEigAJ0g7
    [2011/10/05 20:49:52 | 000,064,355 | ---- | M] () -- C:\Users\Home\Desktop\SymphonyDS.pdf
    [2011/09/20 20:32:53 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

    ========== Files Created - No Company Name ==========

    [2011/10/13 23:45:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/10/13 23:45:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/10/13 23:45:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/10/13 23:45:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/10/13 23:45:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/10/13 07:23:03 | 000,450,862 | ---- | C] () -- C:\Users\Home\Desktop\GrantPerms.zip
    [2011/10/12 22:33:26 | 3215,831,040 | -HS- | C] () -- C:\hiberfil.sys
    [2011/10/12 22:09:28 | 000,079,623 | ---- | C] () -- C:\Users\Home\Desktop\Junction.zip
    [2011/10/11 22:49:55 | 000,455,503 | ---- | C] () -- C:\Users\Home\Desktop\DummyCreator.zip
    [2011/10/11 21:34:05 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{A9B41FBA-28DE-413B-9F58-D3E9D126E15A}
    [2011/10/10 20:51:32 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable
    [2011/10/10 20:23:10 | 001,540,270 | ---- | C] () -- C:\Users\Home\Desktop\espn1.zip
    [2011/10/09 22:16:56 | 000,000,000 | -H-- | C] () -- C:\Users\Home\AppData\Roaming\tghMEigAJ0g7
    [2011/10/05 20:49:46 | 000,064,355 | ---- | C] () -- C:\Users\Home\Desktop\SymphonyDS.pdf
    [2010/03/31 12:49:44 | 000,000,016 | ---- | C] () -- C:\Users\Home\AppData\Roaming\jasltw.dat
    [2010/01/27 00:50:06 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2010/01/11 22:36:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/09/23 19:01:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/23 19:01:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/29 17:11:52 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/04/20 12:52:03 | 000,140,800 | ---- | C] () -- C:\Windows\System32\dg153.dll
    [2008/12/29 22:37:34 | 000,007,512 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
    [2008/12/29 20:08:34 | 000,025,088 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/24 18:14:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2008/12/24 18:14:49 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2008/12/24 18:14:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/12/24 18:14:49 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2008/12/24 18:11:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/12/24 16:44:33 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2008/12/24 10:21:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 000,379,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2009/03/05 23:14:51 | 000,000,000 | -HSD | M] -- C:\Users\Home\AppData\Roaming\.#
    [2011/10/09 14:32:15 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\A000uccS2ib3
    [2008/12/30 15:52:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\acccore
    [2011/10/09 14:58:58 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\b55ssQJ77EK8gZh
    [2011/10/09 14:58:59 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\bsQJ7dEEK8RZ9Yj
    [2011/10/09 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\d777fEEL8gTqhCw
    [2011/10/13 07:22:27 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\E8896
    [2009/01/22 18:57:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FileOpen
    [2011/10/09 14:59:04 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\hmGG55sQJ6dE89X
    [2011/03/04 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ICAClient
    [2011/10/13 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Niuqmod
    [2011/10/09 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\OfffRL99hX
    [2009/06/17 10:05:10 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SecondLife
    [2011/10/09 15:15:52 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\VkIIVVrlO
    [2011/10/09 15:15:49 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Y5Q6KTjCeBz2FQ6
    [2011/10/14 00:24:39 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/10/14 00:25:29 | 000,043,377 | ---- | M] () -- C:\aaw7boot.log
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/12/24 18:14:59 | 000,003,416 | RH-- | M] () -- C:\dell.sdr
    [2011/10/14 00:25:31 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys
    [2009/10/09 21:34:22 | 000,000,746 | -H-- | M] () -- C:\IPH.PH
    [2011/10/14 00:25:29 | 3529,445,376 | -HS- | M] () -- C:\pagefile.sys
    [2011/10/12 23:09:53 | 000,000,458 | ---- | M] () -- C:\rkill.log
    [2011/10/09 22:59:52 | 000,076,302 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_09.10.2011_22.57.35_log.txt
    [2011/10/09 23:25:52 | 000,147,612 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_09.10.2011_23.19.50_log.txt
    [2011/10/10 08:03:58 | 000,077,108 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_10.10.2011_08.02.22_log.txt
    [2011/10/10 20:22:55 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_10.10.2011_20.22.48_log.txt
    [2011/10/10 21:46:30 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_10.10.2011_21.46.27_log.txt
    [2011/10/12 23:08:18 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_12.10.2011_23.08.14_log.txt
    [2011/10/12 23:55:32 | 000,075,606 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_12.10.2011_23.54.08_log.txt
    [2011/10/14 00:14:56 | 000,074,470 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_14.10.2011_00.13.29_log.txt
    [2011/10/14 00:16:47 | 000,074,504 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_14.10.2011_00.15.36_log.txt
    [2011/10/10 20:27:04 | 000,077,108 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_10.10.2011_20.23.54_log.txt
    [2011/10/10 21:47:36 | 000,076,882 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_10.10.2011_21.46.54_log.txt
    [2011/10/11 22:43:23 | 000,001,832 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_22.43.17_log.txt
    [2011/10/11 23:01:21 | 000,076,402 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_22.58.26_log.txt
    [2011/10/14 00:21:10 | 000,074,470 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_14.10.2011_00.17.37_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/08/23 20:29:23 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/20 22:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [9 C:\Users\Home\AppData\Roaming\Microsoft\*.tmp files -> C:\Users\Home\AppData\Roaming\Microsoft\*.tmp -> ]

    < %PROGRAMFILES%\*.* >
    [2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/09/05 12:05:18 | 000,000,286 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/13 23:43:26 | 004,259,790 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
    [2011/10/14 00:31:40 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >
    [1 C:\Program Files\Internet Explorer\*.tmp files -> C:\Program Files\Internet Explorer\*.tmp -> ]

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/12/29 19:53:11 | 000,000,402 | -HS- | M] () -- C:\Users\Home\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
     
  14. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    cation Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\$NtUninstallKB16537$] -> -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
  15. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    Extras

    OTL Extras logfile created on: 10/14/2011 12:35:11 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Home\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19120)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.22% Memory free
    6.19 Gb Paging File | 4.51 Gb Available in Paging File | 72.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.29 Gb Total Space | 192.01 Gb Free Space | 66.60% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 4.45 Gb Free Space | 45.61% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{C3CBF181-687D-4F74-A1BE-C00C080695B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{099C1F27-F2FC-475D-A6D7-AE111E92EED3}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
    "{0D25E406-33D9-48DC-98D0-FE3583F7A2EE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{2467DEB6-4870-4DB0-947A-8B32728F1AF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2D824F79-2030-43FE-A1B5-CFD1E49B2249}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{396A80A2-A0A7-40DF-ADFB-1A372B5C92CA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{44B7FD0E-AEF1-41E9-ADA2-E737A6A59A8A}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{4D6C6736-5EE2-4040-8496-AF65E2638F0D}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{5B6BE643-329F-47AE-8D67-13F47CB7ED96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{64E64CC5-A517-46A9-9A1E-EA55115CA73A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{7111AAC7-5A79-40B4-838E-FDC323982A44}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{74D71AC6-E7AD-47CA-95CF-8994570800E7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{86339A4C-10CD-4476-AD8E-1F0344DE6C15}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{86CFB8FD-CC37-463C-A9E9-34B1C9F2D0AC}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{92DC96A9-AC75-4B78-BAD2-C8BF27F52E1A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{AE043756-08E9-4180-92E6-74FA8FE1805E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{B6B09E10-430B-457B-9018-F5584D6B40ED}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{B7A48987-C04E-483F-9B43-640711874C68}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BE0E0AD4-4597-4DBB-A46F-59A6451EBA26}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D6800565-7614-40CC-8F7F-E5C4BE222F7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D921F5D8-B5AC-4906-9A05-5C3D57AB353B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{DA0800C0-9449-48CC-A01C-37C9072BEC28}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
    "{E300A6DC-C5B1-482A-BA7B-2F52B887FB82}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{FADD7FAE-1112-4788-860E-26A6CE343669}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{FC7AEC3E-B6F3-48A3-AD1C-0B4E38E9AAD0}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
    "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{265C893D-9D3D-4CE6-A317-9FFF1C6C9C44}" = RealProducer Basic 11
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
    "{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
    "{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
    "{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
    "{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
    "{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
    "{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
    "{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
    "{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
    "{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
    "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
    "{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
    "{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
    "{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
    "{9B8C0986-647E-40D5-8C36-C67E5A606EBB}" = RealProducer Basic 10
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
    "{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
    "{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
    "{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
    "{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
    "{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
    "{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
    "{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
    "{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
    "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
    "{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
    "{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
    "{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
    "{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
    "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "AIM_6" = AIM 6
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
    "Dell Video Chat" = Dell Video Chat (remove only)
    "Dell Webcam Central" = Dell Webcam Central
    "DerivaGem_is1" = DerivaGem 1.53
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "EPSON Printer and Utilities" = EPSON Logiciel imprimante
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "GoToAssist" = GoToAssist 8.0.0.514
    "KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MSC" = McAfee SecurityCenter
    "PhotoStitch" = Canon Utilities PhotoStitch
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 6.0" = RealPlayer
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "SecondLife" = SecondLife (remove only)
    "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Messenger" = Yahoo! Messenger
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4049473567-3120623037-3281121414-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/12/2011 8:06:23 AM | Computer Name = Home-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/12/2011 12:07:20 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application swxcacls.3XE, version 1.0.1.1, time stamp 0x2a425e19,
    faulting module swxcacls.3XE, version 1.0.1.1, time stamp 0x2a425e19, exception
    code 0xc0000005, fault offset 0x00004b2a, process id 0x1428, application start time
    0x01cc88d6e916759e.

    Error - 10/12/2011 8:40:26 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
    0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
    exception code 0xc000071b, fault offset 0x00088d15, process id 0xb14, application
    start time 0x01cc88d6018675ee.

    Error - 10/12/2011 8:42:36 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/12/2011 9:18:24 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 10/12/2011 9:20:29 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/12/2011 9:20:38 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 10/12/2011 9:25:12 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 10/12/2011 9:29:12 PM | Computer Name = Home-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 10/12/2011 9:32:51 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 8/12/2009 9:13:29 AM | Computer Name = Home-PC | Source = DCOM | ID = 10010
    Description =

    Error - 8/12/2009 9:13:59 AM | Computer Name = Home-PC | Source = DCOM | ID = 10010
    Description =

    Error - 8/12/2009 9:17:03 AM | Computer Name = Home-PC | Source = DCOM | ID = 10005
    Description =

    Error - 8/12/2009 9:17:03 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 8/12/2009 9:17:03 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 8/12/2009 9:19:40 AM | Computer Name = Home-PC | Source = HTTP | ID = 15016
    Description =

    Error - 8/13/2009 3:07:11 AM | Computer Name = Home-PC | Source = HTTP | ID = 15016
    Description =

    Error - 8/20/2009 9:02:33 PM | Computer Name = Home-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 8/20/2009 9:02:53 PM | Computer Name = Home-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:00:16 PM on 8/20/2009 was unexpected.

    Error - 8/20/2009 9:02:57 PM | Computer Name = Home-PC | Source = HTTP | ID = 15016
    Description =


    < End of report >
     
  16. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    I wanted to let you know that McAfee was able to run my usual weekly scan. I will let you know the results when I get home later today.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Good :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
      O4 - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000..\Run: [Aim6] File not found
      O15 - HKU\S-1-5-21-4049473567-3120623037-3281121414-1000\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O33 - MountPoints2\{3b578285-72f8-11de-8c9b-002219dd4f07}\Shell - "" = AutoRun
      O33 - MountPoints2\{3b578285-72f8-11de-8c9b-002219dd4f07}\Shell\AutoRun\command - "" = F:\DTE_Privacy_launcher.exe
      O33 - MountPoints2\{401212fd-07fd-11de-848f-002219dd4f07}\Shell - "" = AutoRun
      O33 - MountPoints2\{401212fd-07fd-11de-848f-002219dd4f07}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
      O33 - MountPoints2\{74338414-0291-11de-80af-002219dd4f07}\Shell - "" = AutoRun
      O33 - MountPoints2\{74338414-0291-11de-80af-002219dd4f07}\Shell\AutoRun\command - "" = F:\DTE_Privacy_launcher.exe
      [2011/10/11 22:51:06 | 000,000,000 | ---D | C] -- C:\Windows\3951070527
      [2011/10/09 15:15:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\VkIIVVrlO
      [2011/10/09 15:15:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Y5Q6KTjCeBz2FQ6
      [2011/10/09 15:15:47 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OfffRL99hX
      [2011/10/09 14:59:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\hmGG55sQJ6dE89X
      [2011/10/09 14:58:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\bsQJ7dEEK8RZ9Yj
      [2011/10/09 14:58:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\b55ssQJ77EK8gZh
      [2011/10/09 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\A000uccS2ib3
      [2011/10/09 14:32:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\d777fEEL8gTqhCw
      [2011/10/09 22:16:56 | 000,000,000 | -H-- | M] () -- C:\Users\Home\AppData\Roaming\tghMEigAJ0g7
      [2011/10/13 07:22:27 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\E8896
      @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    Here is the scan I keep getting with OTL on the custom scan I run. I keep getting OTL is not responding as an error message. Also, McAfee found like 20 items and was unable to remove one.


    Files\Folders moved on Reboot...
    Folder move failed. C:\Windows\3951070527 scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  19. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Download BlitzBlank and save it to your desktop.
    Double click on Blitzblank.exe

    • Click OK at the warning.
    • Click the Script tab and copy/paste the following text there:
    Code:
    DeleteFolder:
    C:\Windows\3951070527
    
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post the report created by Blitzblank.
      You can find it in the root of the drive, normally C:\
     
  20. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    It worked the 3rd time!

    ll processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
    Registry value HKEY_USERS\S-1-5-21-4049473567-3120623037-3281121414-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 not found.
    Registry key HKEY_USERS\S-1-5-21-4049473567-3120623037-3281121414-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\office\ not found.
    Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b578285-72f8-11de-8c9b-002219dd4f07}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b578285-72f8-11de-8c9b-002219dd4f07}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b578285-72f8-11de-8c9b-002219dd4f07}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b578285-72f8-11de-8c9b-002219dd4f07}\ not found.
    File F:\DTE_Privacy_launcher.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401212fd-07fd-11de-848f-002219dd4f07}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401212fd-07fd-11de-848f-002219dd4f07}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{401212fd-07fd-11de-848f-002219dd4f07}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{401212fd-07fd-11de-848f-002219dd4f07}\ not found.
    File F:\LaunchU3.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74338414-0291-11de-80af-002219dd4f07}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74338414-0291-11de-80af-002219dd4f07}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74338414-0291-11de-80af-002219dd4f07}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74338414-0291-11de-80af-002219dd4f07}\ not found.
    File F:\DTE_Privacy_launcher.exe not found.
    Folder move failed. C:\Windows\3951070527 scheduled to be moved on reboot.
    Folder C:\Users\Home\AppData\Roaming\VkIIVVrlO\ not found.
    Folder C:\Users\Home\AppData\Roaming\Y5Q6KTjCeBz2FQ6\ not found.
    Folder C:\Users\Home\AppData\Roaming\OfffRL99hX\ not found.
    Folder C:\Users\Home\AppData\Roaming\hmGG55sQJ6dE89X\ not found.
    Folder C:\Users\Home\AppData\Roaming\bsQJ7dEEK8RZ9Yj\ not found.
    Folder C:\Users\Home\AppData\Roaming\b55ssQJ77EK8gZh\ not found.
    Folder C:\Users\Home\AppData\Roaming\A000uccS2ib3\ not found.
    Folder C:\Users\Home\AppData\Roaming\d777fEEL8gTqhCw\ not found.
    File C:\Users\Home\AppData\Roaming\tghMEigAJ0g7 not found.
    Folder C:\Users\Home\AppData\Roaming\E8896\ not found.
    Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Home
    ->Temp folder emptied: 181344 bytes
    ->Temporary Internet Files folder emptied: 374763540 bytes
    ->Java cache emptied: 14702571 bytes
    ->Google Chrome cache emptied: 11307609 bytes
    ->Flash cache emptied: 309632 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1538432908 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,850.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Home
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.29.1 log created on 10152011_005126

    Files\Folders moved on Reboot...
    Folder move failed. C:\Windows\3951070527 scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  21. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    I didn't see your response until after I posted the results. Should I still download blitzbank?
     
  22. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    It depends.
    See if this folder is still there:
    C:\Windows\3951070527
    If it's gone proceed with next steps and don't run Blitzblank.
     
  23. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    BlitzBlank 1.0.0.32

    File/Registry Modification Engine native application
    MoveDirectoryOnReboot: sourceDirectory = "\??\c:\windows\3951070527", destinationDirectory = "(null)", replaceWithDummy = 0
    MoveDirectoryOnReboot: ZwCreateFile(sourceDirectory) failed: status = c0000022
     
  24. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Leave it alone an proceed with other steps.
     
  25. dshoff115

    dshoff115 TS Rookie Topic Starter Posts: 62

    checkup

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    McAfee SecurityCenter
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 12
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9.4.5
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSASCui.exe
    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    Windows Defender MSASCui.exe
    ``````````End of Log````````````
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.