TechSpot

Search engine redirect and system tray icons not reappearing

Inactive
By msmall10
Dec 31, 2010
Topic Status:
Not open for further replies.
  1. Last month I came on here with a search engine redirect problem, but i wasn't in front of the computer to fix it. After a week, Malwarebytes got rid of the search engine redirect problem, so i didn't investigate anymore once i returned home. Now the problem is back and another problem. When explorer.exe stops responding or i terminate it, certain icons do not return in the tray bar. Friends told me that its the individual programs, but I never had this problem when explorer.exe have closed before. Don't know if both problems are the same or not and thanks for any help in advance.
    *BTW, I started getting a little blue screen of death yesterday*
    Malwarebytes:
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5429

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    12/31/2010 4:31:04 PM
    mbam-log-2010-12-31 (16-31-04).txt

    Scan type: Quick scan
    Objects scanned: 181521
    Time elapsed: 32 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER log to follow....
  2. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-31 19:17:17
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_HD321KJ rev.CP100-11
    Running: p5429gd1.exe; Driver: C:\Users\MATTSM~1\AppData\Local\Temp\fxldypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8701A498 ZwConnectPort
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8398C2D6]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8398C4C8]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8398C6D0]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8398BF44]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 830839A9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830BD212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 830C4A6C 4 Bytes [98, A4, 01, 87]
    .text ntkrnlpa.exe!RtlSidHashLookup + 32C 830C4ABC 3 Bytes [D6, C2, 98]
    .text ntkrnlpa.exe!RtlSidHashLookup + 330 830C4AC0 3 Bytes [C8, C4, 98]
    .text ntkrnlpa.exe!RtlSidHashLookup + 364 830C4AF4 3 Bytes [D0, C6, 98] {ROL DH, 0x1; CWDE }
    .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 830C4F48 3 Bytes [44, BF, 98]
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9A413000, 0x31BA76, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtProtectVirtualMemory 778D5380 5 Bytes JMP 0028000A
    .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory 778D5F00 5 Bytes JMP 0029000A
    .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!KiUserExceptionDispatcher 778D6448 5 Bytes JMP 0027000A
    .text C:\Windows\system32\svchost.exe[1076] ole32.dll!CoCreateInstance 75F1590C 5 Bytes JMP 00C4000A
    .text C:\Windows\system32\svchost.exe[1076] USER32.dll!GetCursorPos 76E2C198 5 Bytes JMP 00F8000A
    .text C:\Windows\Explorer.EXE[2808] ntdll.dll!NtProtectVirtualMemory 778D5380 5 Bytes JMP 0018000A
    .text C:\Windows\Explorer.EXE[2808] ntdll.dll!NtWriteVirtualMemory 778D5F00 5 Bytes JMP 001D000A
    .text C:\Windows\Explorer.EXE[2808] ntdll.dll!KiUserExceptionDispatcher 778D6448 5 Bytes JMP 0017000A
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2812] ntdll.dll!NtProtectVirtualMemory 778D5380 5 Bytes JMP 007F000A
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2812] ntdll.dll!NtWriteVirtualMemory 778D5F00 5 Bytes JMP 0080000A
    .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2812] ntdll.dll!KiUserExceptionDispatcher 778D6448 5 Bytes JMP 007A000A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1628] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1840] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1840] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1840] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1840] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1840] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75935E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BB58] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
    IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2768] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
    IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BB58] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
    IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
    IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2768] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [0044BB58] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74452494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74435624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7445250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74448573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74444D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74448819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7444907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7444E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74444C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Program Files\Spyware Doctor\pctsTray.exe[5432] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044B82C] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
    IAT C:\Program Files\Spyware Doctor\pctsTray.exe[5432] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
    IAT C:\Program Files\Spyware Doctor\pctsTray.exe[5432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044B82C] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
    IAT C:\Program Files\Spyware Doctor\pctsTray.exe[5432] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
    IAT C:\Program Files\Spyware Doctor\pctsTray.exe[5432] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [0044B82C] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\00000059 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskSAMSUNG_HD321KJ_________________________CP100-11#5&30b50837&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002760dafcb
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002760dafcb@001fe32024e7 0xFE 0x44 0x3A 0x1C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002760dafcb@001a452a2516 0x42 0xBB 0xF4 0xA5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002760dafcb@00241c3f4e1f 0xCB 0xD6 0x1E 0x9B ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0004
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0004@BackupContext 0x02 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0004@COD Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0004@Identity 0x7B 0x00 0x39 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0004@InstallComplete 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings\0004@NodeID 0x8F 0x51 0x01 0xE4 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002760dafcb (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002760dafcb@001fe32024e7 0xFE 0x44 0x3A 0x1C ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002760dafcb@001a452a2516 0x42 0xBB 0xF4 0xA5 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002760dafcb@00241c3f4e1f 0xCB 0xD6 0x1E 0x9B ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0004 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0004@BackupContext 0x02 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0004@COD Type 1
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0004@Identity 0x7B 0x00 0x39 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0004@InstallComplete 1
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings\0004@NodeID 0x8F 0x51 0x01 0xE4 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----
  3. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by matt small at 19:27:56.77 on Fri 12/31/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.962 [GMT -5:00]

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Windows\system32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\AnywhereTS\srv\srvstart.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\AnywhereTS\srv\tftpd32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Xobni\XobniService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\matt small\Program Files\DNA\btdna.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DllHost.exe
    C:\Users\matt small\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = https://secure.logmein.com/login.asp
    uWindow Title = Internet Explorer provided by Dell
    mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070927
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [BitTorrent DNA] "c:\users\matt small\program files\dna\btdna.exe"
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [dscactivate] c:\dell\dsca.exe 3
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
    mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\mattsm~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\users\mattsm~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mlbtvn~1.lnk - c:\users\matt small\appdata\local\autobahn\mlb-nexdef-autobahn.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
    uPolicies-explorer: NoThumbnailCache = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: webattend.com
    Trusted Zone: webtrain.com
    DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} - hxxp://www.webattend.com/components/wt0523.cab
    DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=cce877c8fbf127563&browserVersion=8.0
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
    DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\windows\system32\acaptuser32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\mattsm~1\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\users\matt small\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\matt small\appdata\roaming\move networks\plugins\npqmp071500000347.dll
    FF - plugin: c:\users\matt small\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\users\matt small\appdata\roaming\move networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\users\matt small\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
    FF - plugin: c:\users\matt small\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\users\matt small\program files\dna\plugins\npbtdna.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Personas Interactive: btpersonas@brandthunder.com - %profile%\extensions\btpersonas@brandthunder.com
    FF - Ext: Fast Youtube Downloader: fastYoutubeDownloader@yevgenyandrov.net - %profile%\extensions\fastYoutubeDownloader@yevgenyandrov.net
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
    FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: MileWideBack: {dc0fa13c-3dae-73eb-e852-912722c852f9} - %profile%\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
    FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\matt small\appdata\roaming\Move Networks

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-24 218592]
    R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2008-12-19 81920]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 176128]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-11-24 112592]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-9-29 47640]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-23 363344]
    R2 MCEBuddy;MCEBuddy Service;c:\program files\tyrell\mcebuddy\MCEBuddySvc.exe [2010-1-24 20480]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-24 366840]
    R2 sdcoreservice;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-24 1142224]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
    R2 TS_TFTP;TS TFTP;c:\program files\anywherets\srv\srvstart.exe [2007-10-29 36864]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-21 24652]
    R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-6 5882368]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-6 210944]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
    R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-23 20952]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9e2c2e102d9f;Google Update Service (gupdate1c9e2c2e102d9f);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-6-19 45736]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-19 29472]
    S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-11-10 20704]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2010-5-13 39048]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SavRoam;SavRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
    S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]

    =============== Created Last 30 ================

    2010-12-31 02:21:40 81410 ----a-w- c:\progra~2\43XOi2ix.exe_
    2010-12-26 23:30:39 -------- d-----w- c:\program files\Xilisoft
    2010-12-26 19:25:05 -------- d-----w- c:\program files\CCleaner
    2010-12-26 01:18:53 -------- d-----w- c:\program files\iPod
    2010-12-26 01:18:48 -------- d-----w- c:\program files\iTunes
    2010-12-26 01:18:48 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-12-23 22:38:36 -------- d-----w- c:\program files\Free Window Registry Repair
    2010-12-23 19:53:55 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore-7\Microsoft.MediaCenter.Sports.UI.dll
    2010-12-15 20:01:06 516096 ----a-w- c:\program files\windows mail\wab.exe
    2010-12-15 20:01:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-10 10:55:54 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore-3\Microsoft.MediaCenter.Sports.UI.dll

    ==================== Find3M ====================

    2010-12-08 18:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-12-08 18:11:52 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2010-12-08 18:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-12-08 18:11:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-10 07:49:26 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
    2010-11-10 07:49:02 543328 ----a-w- c:\windows\system32\LVUI2.dll
    2010-11-10 07:47:28 195168 ----a-w- c:\windows\system32\lvci13101216.dll
    2010-11-10 07:47:14 416352 ----a-w- c:\windows\system32\LVCodec2.dll
    2010-11-10 07:45:32 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
    2010-11-10 07:45:30 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
    2010-11-10 07:45:20 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
    2010-11-10 07:32:16 38238 ----a-w- c:\windows\system32\Repository.reg
    2010-11-08 06:20:24 89088 ----a-w- c:\windows\MBR.exe
    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll
    2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: SAMSUNG_HD321KJ rev.CP100-11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll
    c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
    1 ntkrnlpa!IofCallDriver[0x8307CAB6] -> \Device\Harddisk0\DR0[0x86B6A808]
    3 CLASSPNP[0x8BB8F59E] -> ntkrnlpa!IofCallDriver[0x8307CAB6] -> [0x86B694B0]
    5 PCTCore[0x8398EEAE] -> ntkrnlpa!IofCallDriver[0x8307CAB6] -> [0x866AE408]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskSAMSUNG_HD321KJ_________________________CP100-11#5&30b50837&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 625142446 (+255): user != kernel

    ============= FINISH: 19:28:50.96 ===============
  4. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 1/6/2010 6:38:55 PM
    System Uptime: 12/31/2010 6:16:17 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0RY007
    Processor: Intel(R) Core(TM)2 Duo CPU E4400 @ 2.00GHz | Socket 775 | 2000/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 273 GiB total, 97.444 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.71 GiB free.
    E: is FIXED (NTFS) - 932 GiB total, 334.127 GiB free.
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet 6500 E709n
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: adfs
    Device ID: ROOT\LEGACY_ADFS\0000
    Manufacturer:
    Name: adfs
    PNP Device ID: ROOT\LEGACY_ADFS\0000
    Service: adfs

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd

    ==== System Restore Points ===================

    RP232: 12/26/2010 12:11:50 AM - Windows Backup
    RP234: 12/26/2010 6:47:02 PM - Removed WS_FTP
    RP235: 12/31/2010 12:33:54 AM - Windows Update

    ==== Installed Programs ======================

    "Nero SoundTrax Help
    32 Bit HP CIO Components Installer
    4Media Video Converter Ultimate
    6500_E709_eDocs
    6500_E709_Help
    6500_E709n
    7-Zip 4.57
    Acrobat.com
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 Professional
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS4
    Adobe Linguistics CS3
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop 6.0
    Adobe Photoshop CS3
    Adobe Reader 9.4.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advertising Center
    AIM 6
    AMD Drag and Drop Transcoding
    AnswerWorks 5.0 English Runtime
    AnywhereTS
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    ATI Parental Control & Encoder
    Audacity 1.3.4 (Unicode)
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    BitPim 1.0.7
    BitTorrent
    Bonjour
    Boris Graffiti
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    Browser Defender 2.0.6.15
    BufferChm
    CameraHelperMsi
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner
    Cinergy Script Editor
    Combined Community Codec Pack 2007-07-22
    Connect
    Creative MediaSource 5
    D3DX10
    Data Lifeguard Diagnostic for Windows
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Support Center
    Dell System Customization Wizard
    DellSupport
    Destinations
    DeviceDiscovery
    Digital Cable Advisor
    Digital Line Detect
    Digital Voice Editor 3
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DNA
    DocMgr
    DocProc
    DolbyFiles
    EasyBCD 1.7.2
    EasyFLV FLV Converter Ver 7 build 0.0.1
    erLT
    EVEREST Ultimate Edition v5.50
    Fax
    FoxyTunes for Firefox
    Free Window Registry Repair
    Games, Music, & Photos Launcher
    GameSpy Arcade
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    Google Chrome
    Google Desktop
    Google Earth
    Google Gears
    Google Update Helper
    Google Video Uploader
    GPBaseService2
    Guitar Hero III
    H.264 Encoder 1.5
    HP Customer Participation Program 13.0
    HP Document Manager 2.0
    HP Imaging Device Functions 13.0
    HP Officejet 6500 E709 Series
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPProductAssistant
    HPSSupply
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections 12.1.11.0
    Intel(R) TV Wizard
    Internet TV for Windows Media Center
    Ipswitch WS_FTP Pro
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    kuler
    LAME v3.98.2 for Audacity
    LG USB Modem driver
    LimeWire 5.6.2
    LiveUpdate 3.2 (Symantec Corporation)
    Logitech Vid HD
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    LogMeIn
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Magic Bullet Looks Studio
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    ManyCam 2.4 (remove only)
    MarketResearch
    MCEBuddy
    Menu Templates - Starter Kit
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Facebook 32-bit
    Microsoft Picture It! Photo Premium 9
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft Xbox 360 Accessories 1.1
    MKVtoolnix 4.2.0
    MobileMe Control Panel
    Motorola Driver Installation 3.2.0
    Move Media Player
    Movie Templates - Starter Kit
    Mozilla Firefox (3.6.13)
    Mozilla Thunderbird (3.1.4)
    Mpeg2Decoder 1.3
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Lite 8.2.8.0
    Nero 9
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    neroxml
    NetWaiting
    Network
    OCR Software by I.R.I.S. 13.0
    OGA Notifier 2.0.0048.0
    PDF Settings CS4
    PHOTOfunSTUDIO 5.0
    Photoshop Camera Raw
    Pinnacle Studio 12
    Pinnacle Studio 12 Ultimate Plugins
    Pinnacle Video Driver
    Pixel Bender Toolkit
    PlayReady PC Runtime x86
    proDAD Vitascene 1.0
    Product Documentation Launcher
    ProductContext
    Quicken 2009
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Rhapsody Player Engine
    Right PDF Printer 3.6 Server Edition
    River Past Audio Converter Pro
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Shop for HP Supplies
    Skype Toolbars
    Skype™ 5.0
    SmartWebPrinting
    Snagit 9.1.3
    SolutionCenter
    Sonic Activation Module
    SopCast 2.0.4
    Sound Blaster Audigy ADVANCED MB
    SoundTrax
    Spyware Doctor 7.0
    Status
    Suite Shared Configuration CS4
    SUPERAntiSpyware
    Symantec AntiVirus
    The Lord of the Rings FREE Trial
    The Weather Channel Desktop 6
    Tony Hawks Pro Skater 4
    Toolbox
    TrayApp
    Trillian
    TVT7Diag
    Uniblue RegistryBooster 2010
    University of Miami Desktop Communicator
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    URL Assistant
    User's Guides
    V CAST Music with Rhapsody
    VC80CRTRedist - 8.0.50727.4053
    Video Explosion 1.5
    Viewpoint Media Player
    Virtual Earth 3D (Beta)
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 1.1.5
    WD Diagnostics
    WebReg
    WebTrain Communicator
    WIDCOMM Bluetooth Software
    Winamp
    Winamp Detector Plug-in
    Winamp Remote
    Windows 7 Upgrade Advisor
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
    Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    Windows Mobile Device Center Driver Update
    Windows Movie Maker 2.6
    Windows Movie Maker 6.0
    Xobni
    Xobni Core
    Xvid 1.2.2 final uninstall
    Yahoo! Music Jukebox

    ==== Event Viewer Messages From Past Week ========

    12/31/2010 9:59:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    12/31/2010 9:59:51 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2010 9:58:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    12/31/2010 9:58:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/31/2010 9:58:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    12/31/2010 9:58:21 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2010 9:57:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec AntiVirus service.
    12/31/2010 9:57:21 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
    12/31/2010 9:57:21 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    12/31/2010 6:19:06 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    12/31/2010 6:18:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL sptd
    12/31/2010 6:18:03 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    12/31/2010 6:17:49 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    12/31/2010 6:16:20 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    12/31/2010 6:09:02 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    12/31/2010 5:25:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CertPropSvc service.
    12/31/2010 5:25:57 AM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2010 5:21:45 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
    12/31/2010 5:21:45 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 5:21:45 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 5:06:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 5:04:55 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
    12/31/2010 3:53:57 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 3:51:57 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:41:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 3:39:55 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/31/2010 12:14:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83288050, 0x8d91b774, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123110-39998-01.
    12/31/2010 10:10:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/31/2010 10:02:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    12/31/2010 10:02:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    12/31/2010 10:01:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/31/2010 10:01:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/31/2010 10:01:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/31/2010 10:01:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/31/2010 10:01:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/31/2010 10:01:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl SABKUTIL spldr sptd SRTSP SRTSPX SYMTDI Wanarpv6
    12/31/2010 10:01:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    12/30/2010 9:37:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    12/30/2010 9:27:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000016, 0x00000002, 0x00000000, 0x8244aa5b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123010-33275-01.
    12/30/2010 9:16:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x9b3d8870, 0x00000002, 0x00000000, 0x8ac01fb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123010-49187-01.
    12/30/2010 8:56:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000c, 0x00000002, 0x00000000, 0x83a0f131). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123010-37128-01.
    12/30/2010 8:51:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000001, 0x00000002, 0x00000000, 0x824a9f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123010-45287-01.
    12/30/2010 8:44:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000001, 0x00000002, 0x00000000, 0x8306af95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123010-41168-01.
    12/30/2010 8:12:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xb07d7a00, 0x00000002, 0x00000000, 0x83a01fb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123010-36457-01.
    12/30/2010 7:41:20 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/30/2010 7:41:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    12/30/2010 6:42:09 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    12/30/2010 5:29:35 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    12/30/2010 5:01:21 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    12/30/2010 3:01:00 PM, Error: Service Control Manager [7031] - The Windows Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    12/29/2010 12:48:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
    12/26/2010 12:10:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
    12/26/2010 12:10:32 AM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/26/2010 12:06:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
    12/25/2010 8:36:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    12/25/2010 8:36:59 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/25/2010 8:36:38 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    12/25/2010 8:33:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
    12/25/2010 8:33:42 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/25/2010 8:15:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    12/25/2010 8:14:03 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/25/2010 8:13:10 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/25/2010 11:47:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Scheduler Service service to connect.
    12/25/2010 11:45:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}

    ==== End Of File ===========================
  5. crunchie

    crunchie Malware Helper Posts: 761

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    • If an infected file is detected, the default action will be Cure, click on Continue.

    • If a suspicious file is detected, the default action will be Skip, click on Continue.

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    ===============

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  6. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    2011/01/01 10:58:07.0648 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/01 10:58:07.0648 ================================================================================
    2011/01/01 10:58:07.0648 SystemInfo:
    2011/01/01 10:58:07.0648
    2011/01/01 10:58:07.0648 OS Version: 6.1.7600 ServicePack: 0.0
    2011/01/01 10:58:07.0648 Product type: Workstation
    2011/01/01 10:58:07.0648 ComputerName: MATT
    2011/01/01 10:58:07.0653 UserName: matt small
    2011/01/01 10:58:07.0653 Windows directory: C:\Windows
    2011/01/01 10:58:07.0653 System windows directory: C:\Windows
    2011/01/01 10:58:07.0653 Processor architecture: Intel x86
    2011/01/01 10:58:07.0653 Number of processors: 2
    2011/01/01 10:58:07.0653 Page size: 0x1000
    2011/01/01 10:58:07.0653 Boot type: Normal boot
    2011/01/01 10:58:07.0653 ================================================================================
    2011/01/01 10:58:09.0033 Initialize success
    2011/01/01 10:58:14.0423 ================================================================================
    2011/01/01 10:58:14.0424 Scan started
    2011/01/01 10:58:14.0424 Mode: Manual;
    2011/01/01 10:58:14.0424 ================================================================================
    2011/01/01 10:58:17.0138 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/01/01 10:58:17.0210 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
    2011/01/01 10:58:17.0257 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/01/01 10:58:17.0311 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/01/01 10:58:17.0419 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/01/01 10:58:17.0465 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/01/01 10:58:17.0508 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/01/01 10:58:17.0601 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/01/01 10:58:17.0644 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/01/01 10:58:17.0680 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/01/01 10:58:17.0732 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/01/01 10:58:17.0774 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/01/01 10:58:17.0805 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/01/01 10:58:17.0839 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/01/01 10:58:18.0074 amdkmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/01/01 10:58:18.0202 amdkmdap (41876830a043176f7902e781238f95ef) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/01/01 10:58:18.0244 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/01/01 10:58:18.0289 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/01/01 10:58:18.0325 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/01/01 10:58:18.0361 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/01/01 10:58:18.0411 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/01/01 10:58:18.0486 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/01/01 10:58:18.0521 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/01/01 10:58:18.0568 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/01 10:58:18.0627 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/01/01 10:58:18.0712 ATIAVPCI (0a03a17f15deae17abf0455cc9ffad59) C:\Windows\system32\DRIVERS\atinavrr.sys
    2011/01/01 10:58:18.0793 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/01/01 10:58:18.0977 atikmdag (71edf946145d2bead3c16f4fd2fa3773) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/01/01 10:58:19.0093 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
    2011/01/01 10:58:19.0176 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/01/01 10:58:19.0238 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/01/01 10:58:19.0330 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/01/01 10:58:19.0376 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/01/01 10:58:19.0420 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/01 10:58:19.0462 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/01/01 10:58:19.0492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/01/01 10:58:19.0540 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/01/01 10:58:19.0575 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/01/01 10:58:19.0608 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/01/01 10:58:19.0638 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/01/01 10:58:19.0692 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/01/01 10:58:19.0728 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/01/01 10:58:19.0769 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/01/01 10:58:19.0826 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
    2011/01/01 10:58:19.0876 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/01/01 10:58:19.0936 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
    2011/01/01 10:58:20.0023 btwaudio (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
    2011/01/01 10:58:20.0055 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\DRIVERS\btwavdt.sys
    2011/01/01 10:58:20.0100 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
    2011/01/01 10:58:20.0158 btwrchid (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
    2011/01/01 10:58:20.0208 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/01 10:58:20.0260 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/01 10:58:20.0311 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/01/01 10:58:20.0373 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/01/01 10:58:20.0458 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/01 10:58:20.0495 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/01/01 10:58:20.0542 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/01/01 10:58:20.0577 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/01 10:58:20.0647 CompFilter (216f2c5cd4b5858d9a80a09a5479562b) C:\Windows\system32\DRIVERS\lvbusflt.sys
    2011/01/01 10:58:20.0696 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/01/01 10:58:20.0737 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/01/01 10:58:20.0822 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/01 10:58:20.0869 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/01/01 10:58:20.0914 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/01/01 10:58:21.0000 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/01 10:58:21.0132 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    2011/01/01 10:58:21.0184 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
    2011/01/01 10:58:21.0242 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/01 10:58:21.0300 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
    2011/01/01 10:58:21.0417 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/01/01 10:58:21.0550 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/01/01 10:58:21.0625 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/01/01 10:58:21.0697 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/01/01 10:58:21.0732 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/01/01 10:58:21.0793 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/01/01 10:58:21.0832 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/01/01 10:58:21.0884 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/01 10:58:21.0923 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/01 10:58:21.0962 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/01/01 10:58:22.0003 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/01 10:58:22.0043 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/01 10:58:22.0089 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/01/01 10:58:22.0117 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/01 10:58:22.0177 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/01/01 10:58:22.0224 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/01/01 10:58:22.0279 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/01 10:58:22.0365 hcw18bda (2edbcbf69f9a3512ddab978067be4d20) C:\Windows\system32\drivers\hcw18bda.sys
    2011/01/01 10:58:22.0401 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/01/01 10:58:22.0501 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2011/01/01 10:58:22.0557 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/01 10:58:22.0621 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/01/01 10:58:22.0707 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/01/01 10:58:22.0748 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/01/01 10:58:22.0802 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/01 10:58:22.0872 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/01/01 10:58:22.0937 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/01/01 10:58:22.0976 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/01/01 10:58:23.0020 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/01 10:58:23.0070 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/01/01 10:58:23.0136 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\Windows\system32\Drivers\ICDUSB2.sys
    2011/01/01 10:58:23.0300 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/01/01 10:58:23.0387 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/01/01 10:58:23.0548 IntcAzAudAddService (bdc429c7ebdac534a959bf179ff4c63e) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/01/01 10:58:23.0646 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/01/01 10:58:23.0686 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/01 10:58:23.0746 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/01 10:58:23.0802 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/01/01 10:58:23.0838 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/01/01 10:58:23.0896 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/01/01 10:58:23.0930 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/01/01 10:58:23.0996 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/01 10:58:24.0037 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/01 10:58:24.0070 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/01 10:58:24.0105 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/01 10:58:24.0173 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/01/01 10:58:24.0250 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/01 10:58:24.0431 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    2011/01/01 10:58:24.0519 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
    2011/01/01 10:58:24.0572 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
    2011/01/01 10:58:24.0629 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/01/01 10:58:24.0663 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/01/01 10:58:24.0692 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/01/01 10:58:24.0733 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/01/01 10:58:24.0784 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/01/01 10:58:24.0849 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2011/01/01 10:58:24.0884 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
    2011/01/01 10:58:24.0960 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
    2011/01/01 10:58:25.0089 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
    2011/01/01 10:58:25.0206 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
    2011/01/01 10:58:25.0282 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
    2011/01/01 10:58:25.0360 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
    2011/01/01 10:58:25.0415 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
    2011/01/01 10:58:25.0505 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/01/01 10:58:25.0569 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/01/01 10:58:25.0634 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/01/01 10:58:25.0681 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/01 10:58:25.0730 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/01 10:58:25.0776 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/01 10:58:25.0808 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/01 10:58:25.0842 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/01/01 10:58:25.0880 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/01 10:58:25.0930 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/01 10:58:25.0978 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/01 10:58:26.0026 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/01 10:58:26.0059 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/01 10:58:26.0097 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/01/01 10:58:26.0151 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/01/01 10:58:26.0248 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
    2011/01/01 10:58:26.0293 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/01/01 10:58:26.0326 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/01/01 10:58:26.0399 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
    2011/01/01 10:58:26.0431 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/01/01 10:58:26.0488 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/01 10:58:26.0518 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/01 10:58:26.0558 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/01 10:58:26.0618 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/01 10:58:26.0649 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/01 10:58:26.0704 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/01 10:58:26.0741 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/01/01 10:58:26.0776 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/01/01 10:58:26.0837 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/01 10:58:26.0969 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101231.002\NAVENG.SYS
    2011/01/01 10:58:27.0039 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101231.002\NAVEX15.SYS
    2011/01/01 10:58:27.0105 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/01/01 10:58:27.0151 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/01/01 10:58:27.0204 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/01 10:58:27.0243 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/01 10:58:27.0284 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/01 10:58:27.0356 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/01 10:58:27.0418 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/01 10:58:27.0454 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/01 10:58:27.0521 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/01/01 10:58:27.0572 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/01/01 10:58:27.0612 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/01 10:58:27.0671 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/01 10:58:27.0839 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/01/01 10:58:27.0883 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/01/01 10:58:27.0924 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/01/01 10:58:27.0966 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/01/01 10:58:28.0015 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/01/01 10:58:28.0096 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/01/01 10:58:28.0130 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/01/01 10:58:28.0168 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/01/01 10:58:28.0208 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/01/01 10:58:28.0242 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/01/01 10:58:28.0297 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/01/01 10:58:28.0378 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\Windows\system32\drivers\PCTCore.sys
    2011/01/01 10:58:28.0414 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/01/01 10:58:28.0455 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/01/01 10:58:28.0571 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/01 10:58:28.0612 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/01/01 10:58:28.0676 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/01 10:58:28.0725 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/01/01 10:58:28.0794 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/01/01 10:58:28.0853 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/01/01 10:58:28.0900 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/01 10:58:28.0930 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/01 10:58:28.0991 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/01/01 10:58:29.0029 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/01 10:58:29.0072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/01 10:58:29.0101 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/01 10:58:29.0138 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/01 10:58:29.0179 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/01/01 10:58:29.0213 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/01 10:58:29.0268 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/01 10:58:29.0304 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/01/01 10:58:29.0352 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/01 10:58:29.0398 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/01/01 10:58:29.0473 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/01/01 10:58:29.0538 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/01 10:58:29.0645 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/01/01 10:58:29.0688 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/01/01 10:58:29.0765 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/01/01 10:58:29.0820 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/01/01 10:58:29.0862 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/01/01 10:58:29.0907 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/01/01 10:58:29.0993 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/01/01 10:58:30.0042 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/01/01 10:58:30.0082 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/01/01 10:58:30.0118 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/01/01 10:58:30.0248 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/01/01 10:58:30.0292 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/01/01 10:58:30.0330 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/01/01 10:58:30.0386 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/01 10:58:30.0606 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    2011/01/01 10:58:30.0650 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/01/01 10:58:30.0743 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
    2011/01/01 10:58:30.0827 SRTSP (1b2a1c6bc76e1ebe8bc2f4a4f3d43e23) C:\Windows\system32\Drivers\SRTSP.SYS
    2011/01/01 10:58:30.0870 SRTSPL (f01a7f6e60e95fe83345cf92728a32d4) C:\Windows\system32\Drivers\SRTSPL.SYS
    2011/01/01 10:58:30.0924 SRTSPX (d02812f89e18c6fb32f901be1e10bc17) C:\Windows\system32\Drivers\SRTSPX.SYS
    2011/01/01 10:58:30.0983 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/01 10:58:31.0063 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/01 10:58:31.0106 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/01 10:58:31.0165 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/01/01 10:58:31.0214 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    2011/01/01 10:58:31.0291 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/01 10:58:31.0368 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2011/01/01 10:58:31.0433 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
    2011/01/01 10:58:31.0507 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
    2011/01/01 10:58:31.0626 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/01/01 10:58:31.0700 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/01 10:58:31.0739 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/01 10:58:31.0777 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/01 10:58:31.0809 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/01 10:58:31.0848 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/01 10:58:31.0877 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/01 10:58:31.0951 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/01 10:58:32.0011 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/01 10:58:32.0048 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/01/01 10:58:32.0087 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/01 10:58:32.0140 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/01/01 10:58:32.0197 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/01 10:58:32.0247 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/01/01 10:58:32.0321 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
    2011/01/01 10:58:32.0383 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
    2011/01/01 10:58:32.0445 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
    2011/01/01 10:58:32.0481 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/01 10:58:32.0530 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/01/01 10:58:32.0592 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
    2011/01/01 10:58:32.0624 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/01 10:58:32.0660 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/01 10:58:32.0729 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    2011/01/01 10:58:32.0765 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/01/01 10:58:32.0801 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/01 10:58:32.0848 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/01 10:58:32.0886 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/01 10:58:32.0947 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
    2011/01/01 10:58:32.0995 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/01/01 10:58:33.0038 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/01 10:58:33.0076 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/01/01 10:58:33.0115 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/01/01 10:58:33.0158 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/01/01 10:58:33.0194 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/01/01 10:58:33.0233 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/01/01 10:58:33.0262 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/01/01 10:58:33.0307 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/01 10:58:33.0348 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/01/01 10:58:33.0401 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/01/01 10:58:33.0482 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
    2011/01/01 10:58:33.0552 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    2011/01/01 10:58:33.0615 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/01/01 10:58:33.0703 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/01/01 10:58:33.0755 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/01 10:58:33.0778 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/01 10:58:33.0860 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/01/01 10:58:33.0903 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/01 10:58:33.0998 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/01/01 10:58:34.0030 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/01/01 10:58:34.0083 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    2011/01/01 10:58:34.0207 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/01/01 10:58:34.0278 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/01 10:58:34.0379 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/01 10:58:34.0436 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/01/01 10:58:34.0554 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/01 10:58:34.0760 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/01 10:58:34.0769 ================================================================================
    2011/01/01 10:58:34.0769 Scan finished
    2011/01/01 10:58:34.0769 ================================================================================
    2011/01/01 10:58:34.0794 Detected object count: 1
    2011/01/01 10:58:40.0898 \HardDisk1 - will be cured after reboot
    2011/01/01 10:58:40.0901 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
    2011/01/01 10:59:46.0631 Deinitialize success
  7. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    OTL logs:

    OTL logfile created on: 1/1/2011 11:16:44 AM - Run 1
    OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\matt small\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 273.04 Gb Total Space | 102.85 Gb Free Space | 37.67% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 314.96 Gb Free Space | 33.81% Space Free | Partition Type: NTFS

    Computer Name: MATT | User Name: matt small | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/01 11:12:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\matt small\Desktop\OTL.exe
    PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2010/11/25 00:13:13 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
    PRC - [2010/11/24 21:45:32 | 000,397,176 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe
    PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/15 07:05:05 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/07/06 20:51:10 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2010/07/06 20:50:42 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/07/01 15:49:15 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2010/06/13 19:59:20 | 000,800,032 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2010/06/13 19:59:20 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
    PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
    PRC - [2010/03/01 19:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2010/01/24 10:03:50 | 000,020,480 | ---- | M] () -- C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe
    PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2009/11/07 07:54:54 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\matt small\Program Files\DNA\btdna.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/12 11:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2008/12/11 18:07:40 | 006,703,648 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    PRC - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008/09/25 16:49:22 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2008/01/29 21:19:34 | 000,041,472 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
    PRC - [2007/10/29 12:21:20 | 000,118,784 | ---- | M] () -- C:\Program Files\AnywhereTS\srv\tftpd32.exe
    PRC - [2007/10/29 12:21:20 | 000,036,864 | ---- | M] (Nick Rozanski (Nick@Rozanski.com)) -- C:\Program Files\AnywhereTS\srv\srvstart.exe
    PRC - [2007/09/27 04:36:58 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    PRC - [2007/09/26 20:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2007/08/03 15:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    PRC - [2006/11/28 05:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
    PRC - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/01 11:12:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\matt small\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/07/06 20:50:42 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/06/13 19:59:20 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdcoreservice)
    SRV - [2010/03/11 18:02:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2010/03/01 19:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/01/24 10:03:50 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe -- (MCEBuddy)
    SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2009/10/12 11:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
    SRV - [2009/07/27 21:32:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008/09/25 16:49:22 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
    SRV - [2008/01/29 21:19:34 | 000,041,472 | ---- | M] (Orb Networks) [Auto | Running] -- C:\Program Files\Winamp Remote\bin\OrbMediaService.exe -- (OrbMediaService)
    SRV - [2007/10/29 12:21:20 | 000,036,864 | ---- | M] (Nick Rozanski (Nick@Rozanski.com)) [Auto | Running] -- C:\Program Files\AnywhereTS\srv\srvstart.exe -- (TS_TFTP)
    SRV - [2007/09/27 04:55:38 | 001,862,144 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
    SRV - [2007/09/27 04:36:58 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2006/11/28 05:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101231.002\navex15.sys -- (NAVEX15)
    DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101231.002\naveng.sys -- (NAVENG)
    DRV - [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/11/25 00:11:25 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010/11/10 02:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUVC.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
    DRV - [2010/11/10 02:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2010/11/10 02:46:28 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
    DRV - [2010/07/06 21:29:16 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2010/07/06 21:29:16 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2010/07/06 20:15:24 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/06/19 17:04:56 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2010/06/19 17:04:56 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2010/06/19 17:04:56 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2010/06/19 17:04:56 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
    DRV - [2010/06/19 17:04:56 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2010/05/28 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/05/28 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2010/05/06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2010/01/29 01:03:58 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/11/04 09:11:04 | 001,084,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
    DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/09/16 15:55:25 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/13 18:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
    DRV - [2009/07/13 18:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
    DRV - [2009/07/13 18:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
    DRV - [2009/07/13 18:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
    DRV - [2009/07/13 17:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
    DRV - [2009/07/13 17:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
    DRV - [2009/07/13 17:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/05/28 14:46:18 | 000,391,296 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
    DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2009/01/05 19:11:04 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2008/12/11 17:23:08 | 002,250,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/10/18 06:13:45 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/02/29 09:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/12/03 18:26:32 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/12/03 18:26:32 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/12/03 18:26:22 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2006/11/22 15:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2006/11/22 15:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2006/11/22 15:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
    DRV - [2002/11/28 20:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070927

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.logmein.com/login.asp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://facebook.com"
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
    FF - prefs.js..extensions.enabledItems: {dc0fa13c-3dae-73eb-e852-912722c852f9}:0.3
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
    FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
    FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
    FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 19:08:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:43:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/25 20:10:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/25 20:10:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/25 20:10:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/12/25 20:10:57 | 000,000,000 | ---D | M]

    [2010/09/18 13:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt small\AppData\Roaming\Mozilla\Extensions
    [2010/09/18 13:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt small\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009/03/06 00:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt small\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2011/01/01 01:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions
    [2010/01/06 17:57:42 | 000,000,000 | ---D | M] (NY Yankees) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{0502c898-4754-11dc-8314-0800200c9a66}
    [2010/09/24 07:49:17 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2010/12/21 22:07:42 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2010/05/17 14:22:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/01/06 17:57:42 | 000,000,000 | ---D | M] (Unofficial Google Translate Firefox extension) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{3eaacb33-878f-44fa-b4cd-6e67cbaf828b}
    [2010/01/06 17:57:42 | 000,000,000 | ---D | M] (Tar Heels) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{43eb9f3e-3d32-11dc-8314-0800200c9a66}
    [2010/09/17 22:00:34 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    [2010/01/06 17:57:43 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2010/01/06 17:57:43 | 000,000,000 | ---D | M] (Blue Ice 2 lite) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{c5b48c50-0394-11dd-95ff-0800200c9a66}
    [2010/10/08 13:22:14 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/04/01 07:56:46 | 000,000,000 | ---D | M] (MileWideBack) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
    [2010/06/17 15:42:48 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2010/08/12 12:52:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/11/25 12:31:05 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010/06/11 22:25:16 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
    [2010/11/25 12:31:07 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\btpersonas@brandthunder.com
    [2010/06/11 22:25:16 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
    [2010/05/05 11:32:55 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\LogMeInClient@logmein.com
    [2010/09/13 15:16:45 | 000,000,000 | ---D | M] (Personas) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\personas@christopher.beard
    [2010/11/10 21:26:35 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\smarterwiki@wikiatic.com
    [2010/08/25 11:01:48 | 000,002,273 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\searchplugins\ask.xml
    [2010/10/21 07:25:58 | 000,000,908 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\searchplugins\bing.xml
    [2010/12/23 12:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/15 13:03:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/08/13 18:39:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/28 20:10:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/22 23:40:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/23 12:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/03/05 21:43:41 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
    [2010/01/06 17:57:40 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MATT SMALL\APPDATA\ROAMING\MOVE NETWORKS
    [2011/01/01 11:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\MATT SMALL\PROGRAM FILES\DNA
    [2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    [2010/06/28 23:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    [2010/12/30 19:15:17 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
  8. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    Hosts file not found
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\matt small\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: webattend.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: webtrain.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} http://www.webattend.com/components/wt0523.cab (WebTrain.ctlWebTrain)
    O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} http://www.seetoo.com/downloadAddon...stintv&c=cce877c8fbf127563&browserVersion=8.0 (SeeTooControl Class)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab (Reg Error: Key error.)
    O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O16 - DPF: Justin.tv Publisher http://www.justin.tv/plugins/justintv_publisher.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop BackupWallPaper: C:\Users\matt small\AppData\Local\Microsoft\Wallpaper1.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{a89fb1b1-fb10-11de-a113-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{a89fb1b1-fb10-11de-a113-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/01 11:12:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\matt small\Desktop\OTL.exe
    [2010/12/30 21:14:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/12/29 17:19:52 | 000,000,000 | ---D | C] -- C:\Users\matt small\Documents\Nero Collections
    [2010/12/26 18:30:54 | 000,000,000 | ---D | C] -- C:\Users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft
    [2010/12/26 18:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
    [2010/12/26 14:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/12/25 20:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2010/12/25 20:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/12/25 20:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/12/25 20:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/12/25 20:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2010/12/25 20:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/12/23 17:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
    [2010/12/23 17:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
    [2010/12/18 12:56:21 | 000,000,000 | ---D | C] -- C:\Users\matt small\AppData\Roaming\vlc
    [2010/12/18 11:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2010/12/16 09:47:52 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\matt small\Desktop\TDSSKiller.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/01/01 11:13:06 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/01 11:13:06 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/01 11:12:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\matt small\Desktop\OTL.exe
    [2011/01/01 11:10:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/01 11:02:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/01 11:02:41 | 000,000,320 | -HS- | M] () -- C:\Windows\tasks\Fvfouxnb.job
    [2011/01/01 11:02:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/01 11:02:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
    [2011/01/01 11:02:11 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/01 01:38:51 | 647,450,965 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/12/31 18:04:32 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2010/12/31 10:17:12 | 000,000,044 | ---- | M] () -- C:\Windows\fWUvRxp2cg
    [2010/12/31 10:17:12 | 000,000,040 | ---- | M] () -- C:\Windows\HvNAoYB
    [2010/12/31 10:17:12 | 000,000,039 | ---- | M] () -- C:\Windows\1OLMhRDn3y
    [2010/12/31 10:17:12 | 000,000,038 | ---- | M] () -- C:\Windows\PgNmh
    [2010/12/31 10:17:12 | 000,000,038 | ---- | M] () -- C:\Windows\bOljP6a
    [2010/12/31 10:17:12 | 000,000,037 | ---- | M] () -- C:\Windows\MkxTP
    [2010/12/31 10:17:12 | 000,000,034 | ---- | M] () -- C:\Windows\YLjdu
    [2010/12/31 10:17:11 | 000,000,047 | ---- | M] () -- C:\Windows\barSpv
    [2010/12/31 10:17:11 | 000,000,046 | ---- | M] () -- C:\Windows\vQYeKvcTJ
    [2010/12/31 10:17:11 | 000,000,046 | ---- | M] () -- C:\Windows\jEOVv7j
    [2010/12/31 10:17:11 | 000,000,044 | ---- | M] () -- C:\Windows\WxRDxhb
    [2010/12/31 10:17:11 | 000,000,044 | ---- | M] () -- C:\Windows\E7XYuH
    [2010/12/31 10:17:11 | 000,000,044 | ---- | M] () -- C:\Windows\8bACfHV2
    [2010/12/31 10:17:11 | 000,000,044 | ---- | M] () -- C:\Windows\3TpxMDn
    [2010/12/31 10:17:11 | 000,000,042 | ---- | M] () -- C:\Windows\KpQXh
    [2010/12/31 10:17:11 | 000,000,042 | ---- | M] () -- C:\Windows\kawxBoK
    [2010/12/31 10:17:11 | 000,000,042 | ---- | M] () -- C:\Windows\85laC
    [2010/12/31 10:17:11 | 000,000,040 | ---- | M] () -- C:\Windows\vj6gvqs33S
    [2010/12/31 10:17:11 | 000,000,040 | ---- | M] () -- C:\Windows\JJCQj1FmH
    [2010/12/31 10:17:11 | 000,000,039 | ---- | M] () -- C:\Windows\nMVm8r6o
    [2010/12/31 10:17:11 | 000,000,039 | ---- | M] () -- C:\Windows\5m41mFM
    [2010/12/31 10:17:11 | 000,000,038 | ---- | M] () -- C:\Windows\UvlmrA2ola
    [2010/12/31 10:17:11 | 000,000,037 | ---- | M] () -- C:\Windows\iRJNwHtECY
    [2010/12/31 10:17:11 | 000,000,036 | ---- | M] () -- C:\Windows\pYNAj4
    [2010/12/31 10:17:11 | 000,000,033 | ---- | M] () -- C:\Windows\OT3bqteG4t
    [2010/12/31 10:17:11 | 000,000,032 | ---- | M] () -- C:\Windows\Yg3iiJAi
    [2010/12/31 10:17:11 | 000,000,032 | ---- | M] () -- C:\Windows\r13H1
    [2010/12/31 10:17:11 | 000,000,032 | ---- | M] () -- C:\Windows\NGXAcns
    [2010/12/31 10:17:11 | 000,000,031 | ---- | M] () -- C:\Windows\wilGbJ
    [2010/12/31 10:17:11 | 000,000,029 | ---- | M] () -- C:\Windows\NBxYe
    [2010/12/31 10:17:11 | 000,000,029 | ---- | M] () -- C:\Windows\NBxM25pb6
    [2010/12/31 10:17:11 | 000,000,029 | ---- | M] () -- C:\Windows\CxkxwNkl
    [2010/12/31 10:17:11 | 000,000,029 | ---- | M] () -- C:\Windows\83s1Ja
    [2010/12/31 10:17:11 | 000,000,028 | ---- | M] () -- C:\Windows\YVcEmCWHJ
    [2010/12/31 10:17:11 | 000,000,028 | ---- | M] () -- C:\Windows\EnRvpsGXl
    [2010/12/31 10:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\kYFJJM
    [2010/12/31 10:17:11 | 000,000,026 | ---- | M] () -- C:\Windows\JDQqAopPbx
    [2010/12/31 10:17:10 | 000,000,049 | ---- | M] () -- C:\Windows\6BuURPM3
    [2010/12/31 10:17:10 | 000,000,047 | ---- | M] () -- C:\Windows\sVYIGbx
    [2010/12/31 10:17:10 | 000,000,046 | ---- | M] () -- C:\Windows\IKDFk1Bqm5
    [2010/12/31 10:17:10 | 000,000,042 | ---- | M] () -- C:\Windows\4fBLU
    [2010/12/31 10:17:10 | 000,000,041 | ---- | M] () -- C:\Windows\I7P6J
    [2010/12/31 10:17:10 | 000,000,039 | ---- | M] () -- C:\Windows\6jIuPMc52
    [2010/12/31 10:17:10 | 000,000,039 | ---- | M] () -- C:\Windows\1glFrPN
    [2010/12/31 10:17:10 | 000,000,038 | ---- | M] () -- C:\Windows\YsCtBEDlRQ
    [2010/12/31 10:17:10 | 000,000,038 | ---- | M] () -- C:\Windows\KigOuxgJH6
    [2010/12/31 10:17:10 | 000,000,035 | ---- | M] () -- C:\Windows\RYQlGJY
    [2010/12/31 10:17:10 | 000,000,035 | ---- | M] () -- C:\Windows\K2mx685E
    [2010/12/31 10:17:10 | 000,000,034 | ---- | M] () -- C:\Windows\yJOAWI
    [2010/12/31 10:17:10 | 000,000,033 | ---- | M] () -- C:\Windows\p3nTg
    [2010/12/31 10:17:10 | 000,000,032 | ---- | M] () -- C:\Windows\afd8Sb
    [2010/12/31 10:17:10 | 000,000,031 | ---- | M] () -- C:\Windows\OXHEq
    [2010/12/31 10:17:10 | 000,000,031 | ---- | M] () -- C:\Windows\c4ex56ADv
    [2010/12/31 10:17:10 | 000,000,028 | ---- | M] () -- C:\Windows\O1lfT
    [2010/12/31 10:17:10 | 000,000,028 | ---- | M] () -- C:\Windows\CM7esEYs
    [2010/12/31 10:17:10 | 000,000,027 | ---- | M] () -- C:\Windows\NycIN
    [2010/12/31 10:17:10 | 000,000,026 | ---- | M] () -- C:\Windows\V7NlaT6Ru
    [2010/12/31 10:17:10 | 000,000,024 | ---- | M] () -- C:\Windows\AgdRtKVja
    [2010/12/31 10:17:09 | 000,000,048 | ---- | M] () -- C:\Windows\isAoO2VgbB
    [2010/12/31 10:17:09 | 000,000,047 | ---- | M] () -- C:\Windows\edsJS7
    [2010/12/31 10:17:09 | 000,000,046 | ---- | M] () -- C:\Windows\kK6DbQNE
    [2010/12/31 10:17:09 | 000,000,040 | ---- | M] () -- C:\Windows\OLHGO
    [2010/12/31 10:17:09 | 000,000,038 | ---- | M] () -- C:\Windows\l8CjEByRl
    [2010/12/31 10:17:09 | 000,000,037 | ---- | M] () -- C:\Windows\Hhrq2xl
    [2010/12/31 10:17:09 | 000,000,032 | ---- | M] () -- C:\Windows\mrTx7n
    [2010/12/31 10:17:09 | 000,000,030 | ---- | M] () -- C:\Windows\gfQXFJs2T4
    [2010/12/31 10:17:09 | 000,000,029 | ---- | M] () -- C:\Windows\2qSFUGj
    [2010/12/31 10:17:09 | 000,000,028 | ---- | M] () -- C:\Windows\75rjFy
    [2010/12/31 10:17:09 | 000,000,026 | ---- | M] () -- C:\Windows\emr7v
    [2010/12/31 10:17:08 | 000,000,037 | ---- | M] () -- C:\Windows\Fg8CxnqsW
    [2010/12/31 10:17:08 | 000,000,036 | ---- | M] () -- C:\Windows\8EyyTVJ
    [2010/12/31 10:17:08 | 000,000,035 | ---- | M] () -- C:\Windows\3JNHKvN
    [2010/12/31 10:17:08 | 000,000,034 | ---- | M] () -- C:\Windows\gtf7k77cD
    [2010/12/31 10:17:08 | 000,000,032 | ---- | M] () -- C:\Windows\olkmGq3T
    [2010/12/31 10:17:08 | 000,000,030 | ---- | M] () -- C:\Windows\qsijfwGf1
    [2010/12/31 10:17:08 | 000,000,026 | ---- | M] () -- C:\Windows\ImsaYbSth2
    [2010/12/31 10:17:07 | 000,000,038 | ---- | M] () -- C:\Windows\FDYCYdA
    [2010/12/31 10:17:07 | 000,000,038 | ---- | M] () -- C:\Windows\6Myk2cOdi
    [2010/12/31 10:17:07 | 000,000,036 | ---- | M] () -- C:\Windows\TFJXH
    [2010/12/31 10:17:07 | 000,000,035 | ---- | M] () -- C:\Windows\Kg4AHHaJT
    [2010/12/31 10:17:07 | 000,000,034 | ---- | M] () -- C:\Windows\UhdTFg
    [2010/12/31 10:17:07 | 000,000,032 | ---- | M] () -- C:\Windows\WVTQYW
    [2010/12/31 10:17:07 | 000,000,032 | ---- | M] () -- C:\Windows\oG6bwr8
    [2010/12/31 10:17:07 | 000,000,032 | ---- | M] () -- C:\Windows\bHdc7B
    [2010/12/31 10:17:07 | 000,000,031 | ---- | M] () -- C:\Windows\jDq13M24
    [2010/12/31 10:17:07 | 000,000,028 | ---- | M] () -- C:\Windows\eTUPgK1E
    [2010/12/31 10:17:07 | 000,000,026 | ---- | M] () -- C:\Windows\5y6AbV
    [2010/12/31 10:17:06 | 000,000,049 | ---- | M] () -- C:\Windows\yjW3C7
    [2010/12/31 10:17:06 | 000,000,045 | ---- | M] () -- C:\Windows\VTYjhMX
    [2010/12/31 10:17:06 | 000,000,043 | ---- | M] () -- C:\Windows\PUyVE
    [2010/12/31 10:17:06 | 000,000,041 | ---- | M] () -- C:\Windows\eaHyr8
    [2010/12/31 10:17:06 | 000,000,036 | ---- | M] () -- C:\Windows\SEGqplv
    [2010/12/31 10:17:06 | 000,000,036 | ---- | M] () -- C:\Windows\AQaRnS
    [2010/12/31 10:17:06 | 000,000,035 | ---- | M] () -- C:\Windows\ndqLdox
    [2010/12/31 10:17:06 | 000,000,032 | ---- | M] () -- C:\Windows\kSSdatQgG
    [2010/12/31 10:17:06 | 000,000,031 | ---- | M] () -- C:\Windows\SJSVKUKSkx
    [2010/12/31 10:17:06 | 000,000,025 | ---- | M] () -- C:\Windows\T61NCh
    [2010/12/31 00:30:46 | 000,013,834 | ---- | M] () -- C:\Users\matt small\Documents\cc_20101231_003040.reg
    [2010/12/30 21:21:29 | 000,000,112 | ---- | M] () -- C:\ProgramData\EdC4677J4.dat
    [2010/12/29 17:20:11 | 000,000,029 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\default.rss
    [2010/12/29 17:19:52 | 000,000,000 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\downloads.m3u
    [2010/12/26 14:29:40 | 000,067,148 | ---- | M] () -- C:\Users\matt small\Documents\cc_20101226_142836.reg
    [2010/12/26 14:25:09 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010/12/25 21:07:07 | 000,673,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/25 21:07:07 | 000,124,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/25 20:20:31 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/12/23 14:05:31 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/21 17:04:14 | 000,024,981 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2010/12/21 11:02:00 | 005,474,848 | ---- | M] () -- C:\Users\matt small\Documents\GraduationInvitation.png
    [2010/12/20 19:14:36 | 000,001,937 | ---- | M] () -- C:\Users\matt small\Desktop\On-Screen Keyboard.lnk
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/20 15:36:57 | 014,029,420 | ---- | M] () -- C:\Users\matt small\Documents\GraduationInvitation.psd
    [2010/12/18 11:00:06 | 019,985,265 | ---- | M] () -- C:\Users\matt small\Documents\vlc-1.1.5-win32.exe
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\matt small\Desktop\TDSSKiller.exe
    [2010/12/16 03:32:41 | 002,712,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
    [2010/12/08 13:11:46 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
    [2010/12/08 13:11:44 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll

    ========== Files Created - No Company Name ==========

    [2010/12/31 10:17:12 | 000,000,044 | ---- | C] () -- C:\Windows\fWUvRxp2cg
    [2010/12/31 10:17:12 | 000,000,040 | ---- | C] () -- C:\Windows\HvNAoYB
    [2010/12/31 10:17:12 | 000,000,039 | ---- | C] () -- C:\Windows\1OLMhRDn3y
    [2010/12/31 10:17:12 | 000,000,038 | ---- | C] () -- C:\Windows\bOljP6a
    [2010/12/31 10:17:12 | 000,000,037 | ---- | C] () -- C:\Windows\MkxTP
    [2010/12/31 10:17:12 | 000,000,034 | ---- | C] () -- C:\Windows\YLjdu
    [2010/12/31 10:17:11 | 000,000,047 | ---- | C] () -- C:\Windows\barSpv
    [2010/12/31 10:17:11 | 000,000,046 | ---- | C] () -- C:\Windows\vQYeKvcTJ
    [2010/12/31 10:17:11 | 000,000,046 | ---- | C] () -- C:\Windows\jEOVv7j
    [2010/12/31 10:17:11 | 000,000,044 | ---- | C] () -- C:\Windows\WxRDxhb
    [2010/12/31 10:17:11 | 000,000,044 | ---- | C] () -- C:\Windows\E7XYuH
    [2010/12/31 10:17:11 | 000,000,044 | ---- | C] () -- C:\Windows\8bACfHV2
    [2010/12/31 10:17:11 | 000,000,044 | ---- | C] () -- C:\Windows\3TpxMDn
    [2010/12/31 10:17:11 | 000,000,042 | ---- | C] () -- C:\Windows\KpQXh
    [2010/12/31 10:17:11 | 000,000,042 | ---- | C] () -- C:\Windows\kawxBoK
    [2010/12/31 10:17:11 | 000,000,042 | ---- | C] () -- C:\Windows\85laC
    [2010/12/31 10:17:11 | 000,000,040 | ---- | C] () -- C:\Windows\vj6gvqs33S
    [2010/12/31 10:17:11 | 000,000,040 | ---- | C] () -- C:\Windows\JJCQj1FmH
    [2010/12/31 10:17:11 | 000,000,039 | ---- | C] () -- C:\Windows\nMVm8r6o
    [2010/12/31 10:17:11 | 000,000,039 | ---- | C] () -- C:\Windows\5m41mFM
    [2010/12/31 10:17:11 | 000,000,038 | ---- | C] () -- C:\Windows\UvlmrA2ola
    [2010/12/31 10:17:11 | 000,000,038 | ---- | C] () -- C:\Windows\PgNmh
    [2010/12/31 10:17:11 | 000,000,037 | ---- | C] () -- C:\Windows\iRJNwHtECY
    [2010/12/31 10:17:11 | 000,000,036 | ---- | C] () -- C:\Windows\pYNAj4
    [2010/12/31 10:17:11 | 000,000,033 | ---- | C] () -- C:\Windows\OT3bqteG4t
    [2010/12/31 10:17:11 | 000,000,032 | ---- | C] () -- C:\Windows\Yg3iiJAi
    [2010/12/31 10:17:11 | 000,000,032 | ---- | C] () -- C:\Windows\r13H1
    [2010/12/31 10:17:11 | 000,000,032 | ---- | C] () -- C:\Windows\NGXAcns
    [2010/12/31 10:17:11 | 000,000,031 | ---- | C] () -- C:\Windows\wilGbJ
    [2010/12/31 10:17:11 | 000,000,029 | ---- | C] () -- C:\Windows\NBxYe
    [2010/12/31 10:17:11 | 000,000,029 | ---- | C] () -- C:\Windows\NBxM25pb6
    [2010/12/31 10:17:11 | 000,000,029 | ---- | C] () -- C:\Windows\CxkxwNkl
    [2010/12/31 10:17:11 | 000,000,029 | ---- | C] () -- C:\Windows\83s1Ja
    [2010/12/31 10:17:11 | 000,000,028 | ---- | C] () -- C:\Windows\YVcEmCWHJ
    [2010/12/31 10:17:11 | 000,000,028 | ---- | C] () -- C:\Windows\EnRvpsGXl
    [2010/12/31 10:17:11 | 000,000,027 | ---- | C] () -- C:\Windows\kYFJJM
    [2010/12/31 10:17:11 | 000,000,026 | ---- | C] () -- C:\Windows\JDQqAopPbx
    [2010/12/31 10:17:10 | 000,000,049 | ---- | C] () -- C:\Windows\6BuURPM3
    [2010/12/31 10:17:10 | 000,000,047 | ---- | C] () -- C:\Windows\sVYIGbx
    [2010/12/31 10:17:10 | 000,000,046 | ---- | C] () -- C:\Windows\IKDFk1Bqm5
    [2010/12/31 10:17:10 | 000,000,042 | ---- | C] () -- C:\Windows\4fBLU
    [2010/12/31 10:17:10 | 000,000,041 | ---- | C] () -- C:\Windows\I7P6J
    [2010/12/31 10:17:10 | 000,000,039 | ---- | C] () -- C:\Windows\6jIuPMc52
    [2010/12/31 10:17:10 | 000,000,039 | ---- | C] () -- C:\Windows\1glFrPN
    [2010/12/31 10:17:10 | 000,000,038 | ---- | C] () -- C:\Windows\YsCtBEDlRQ
    [2010/12/31 10:17:10 | 000,000,038 | ---- | C] () -- C:\Windows\KigOuxgJH6
    [2010/12/31 10:17:10 | 000,000,035 | ---- | C] () -- C:\Windows\RYQlGJY
    [2010/12/31 10:17:10 | 000,000,035 | ---- | C] () -- C:\Windows\K2mx685E
    [2010/12/31 10:17:10 | 000,000,034 | ---- | C] () -- C:\Windows\yJOAWI
    [2010/12/31 10:17:10 | 000,000,033 | ---- | C] () -- C:\Windows\p3nTg
    [2010/12/31 10:17:10 | 000,000,032 | ---- | C] () -- C:\Windows\afd8Sb
    [2010/12/31 10:17:10 | 000,000,031 | ---- | C] () -- C:\Windows\OXHEq
    [2010/12/31 10:17:10 | 000,000,031 | ---- | C] () -- C:\Windows\c4ex56ADv
    [2010/12/31 10:17:10 | 000,000,028 | ---- | C] () -- C:\Windows\O1lfT
    [2010/12/31 10:17:10 | 000,000,028 | ---- | C] () -- C:\Windows\CM7esEYs
    [2010/12/31 10:17:10 | 000,000,027 | ---- | C] () -- C:\Windows\NycIN
    [2010/12/31 10:17:10 | 000,000,026 | ---- | C] () -- C:\Windows\V7NlaT6Ru
    [2010/12/31 10:17:10 | 000,000,024 | ---- | C] () -- C:\Windows\AgdRtKVja
    [2010/12/31 10:17:09 | 000,000,048 | ---- | C] () -- C:\Windows\isAoO2VgbB
    [2010/12/31 10:17:09 | 000,000,047 | ---- | C] () -- C:\Windows\edsJS7
    [2010/12/31 10:17:09 | 000,000,046 | ---- | C] () -- C:\Windows\kK6DbQNE
    [2010/12/31 10:17:09 | 000,000,040 | ---- | C] () -- C:\Windows\OLHGO
    [2010/12/31 10:17:09 | 000,000,038 | ---- | C] () -- C:\Windows\l8CjEByRl
    [2010/12/31 10:17:09 | 000,000,037 | ---- | C] () -- C:\Windows\Hhrq2xl
    [2010/12/31 10:17:09 | 000,000,032 | ---- | C] () -- C:\Windows\mrTx7n
    [2010/12/31 10:17:09 | 000,000,030 | ---- | C] () -- C:\Windows\gfQXFJs2T4
    [2010/12/31 10:17:09 | 000,000,029 | ---- | C] () -- C:\Windows\2qSFUGj
    [2010/12/31 10:17:09 | 000,000,028 | ---- | C] () -- C:\Windows\75rjFy
    [2010/12/31 10:17:09 | 000,000,026 | ---- | C] () -- C:\Windows\emr7v
    [2010/12/31 10:17:08 | 000,000,037 | ---- | C] () -- C:\Windows\Fg8CxnqsW
    [2010/12/31 10:17:08 | 000,000,036 | ---- | C] () -- C:\Windows\8EyyTVJ
    [2010/12/31 10:17:08 | 000,000,035 | ---- | C] () -- C:\Windows\3JNHKvN
    [2010/12/31 10:17:08 | 000,000,034 | ---- | C] () -- C:\Windows\gtf7k77cD
    [2010/12/31 10:17:08 | 000,000,032 | ---- | C] () -- C:\Windows\olkmGq3T
    [2010/12/31 10:17:08 | 000,000,030 | ---- | C] () -- C:\Windows\qsijfwGf1
    [2010/12/31 10:17:08 | 000,000,026 | ---- | C] () -- C:\Windows\ImsaYbSth2
    [2010/12/31 10:17:07 | 000,000,038 | ---- | C] () -- C:\Windows\FDYCYdA
    [2010/12/31 10:17:07 | 000,000,038 | ---- | C] () -- C:\Windows\6Myk2cOdi
    [2010/12/31 10:17:07 | 000,000,036 | ---- | C] () -- C:\Windows\TFJXH
    [2010/12/31 10:17:07 | 000,000,035 | ---- | C] () -- C:\Windows\Kg4AHHaJT
    [2010/12/31 10:17:07 | 000,000,034 | ---- | C] () -- C:\Windows\UhdTFg
    [2010/12/31 10:17:07 | 000,000,032 | ---- | C] () -- C:\Windows\WVTQYW
    [2010/12/31 10:17:07 | 000,000,032 | ---- | C] () -- C:\Windows\oG6bwr8
    [2010/12/31 10:17:07 | 000,000,032 | ---- | C] () -- C:\Windows\bHdc7B
    [2010/12/31 10:17:07 | 000,000,031 | ---- | C] () -- C:\Windows\jDq13M24
    [2010/12/31 10:17:07 | 000,000,028 | ---- | C] () -- C:\Windows\eTUPgK1E
    [2010/12/31 10:17:07 | 000,000,026 | ---- | C] () -- C:\Windows\5y6AbV
    [2010/12/31 10:17:06 | 000,000,049 | ---- | C] () -- C:\Windows\yjW3C7
    [2010/12/31 10:17:06 | 000,000,045 | ---- | C] () -- C:\Windows\VTYjhMX
    [2010/12/31 10:17:06 | 000,000,043 | ---- | C] () -- C:\Windows\PUyVE
    [2010/12/31 10:17:06 | 000,000,041 | ---- | C] () -- C:\Windows\eaHyr8
    [2010/12/31 10:17:06 | 000,000,036 | ---- | C] () -- C:\Windows\SEGqplv
    [2010/12/31 10:17:06 | 000,000,036 | ---- | C] () -- C:\Windows\AQaRnS
    [2010/12/31 10:17:06 | 000,000,035 | ---- | C] () -- C:\Windows\ndqLdox
    [2010/12/31 10:17:06 | 000,000,032 | ---- | C] () -- C:\Windows\kSSdatQgG
    [2010/12/31 10:17:06 | 000,000,031 | ---- | C] () -- C:\Windows\SJSVKUKSkx
    [2010/12/31 10:17:06 | 000,000,025 | ---- | C] () -- C:\Windows\T61NCh
    [2010/12/31 00:30:44 | 000,013,834 | ---- | C] () -- C:\Users\matt small\Documents\cc_20101231_003040.reg
    [2010/12/30 21:21:29 | 000,000,112 | ---- | C] () -- C:\ProgramData\EdC4677J4.dat
    [2010/12/29 17:19:52 | 000,000,000 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\downloads.m3u
    [2010/12/26 18:29:56 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At1.job
    [2010/12/26 14:28:44 | 000,067,148 | ---- | C] () -- C:\Users\matt small\Documents\cc_20101226_142836.reg
    [2010/12/26 14:25:09 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010/12/25 20:20:31 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/12/21 17:04:13 | 000,024,981 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2010/12/21 11:01:55 | 005,474,848 | ---- | C] () -- C:\Users\matt small\Documents\GraduationInvitation.png
    [2010/12/20 15:36:54 | 014,029,420 | ---- | C] () -- C:\Users\matt small\Documents\GraduationInvitation.psd
    [2010/12/18 10:59:32 | 019,985,265 | ---- | C] () -- C:\Users\matt small\Documents\vlc-1.1.5-win32.exe
    [2010/11/24 23:56:31 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2010/11/10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2010/11/10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2010/11/10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2010/06/18 12:15:59 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll
    [2010/06/18 12:15:59 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
    [2010/05/17 15:25:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2010/05/13 23:03:29 | 000,122,880 | ---- | C] () -- C:\Windows\System32\trc.dll
    [2010/05/13 23:03:06 | 000,010,600 | R--- | C] () -- C:\Windows\System32\IcdSptSvps.dll
    [2010/05/13 23:03:05 | 000,124,264 | R--- | C] () -- C:\Windows\System32\mp3dec.dll
    [2010/05/13 23:03:05 | 000,081,920 | R--- | C] () -- C:\Windows\System32\dsp_trc.dll
    [2010/05/07 17:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
    [2010/01/18 11:17:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/17 13:08:24 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2010/01/12 14:50:26 | 000,002,380 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/01/06 18:39:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/01/05 15:20:52 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2010/01/04 18:59:20 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
    [2010/01/03 13:19:32 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/01/03 13:18:59 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/11/24 10:32:25 | 000,010,056 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (DOS).CAL
    [2009/09/23 17:17:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/18 22:55:36 | 000,000,029 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\default.rss
    [2009/08/11 16:46:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/05/20 13:00:21 | 000,000,004 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\7FE408
    [2009/05/20 13:00:20 | 000,870,128 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\mcs.rma
    [2008/12/04 17:18:28 | 000,036,581 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2008/10/12 15:25:29 | 000,684,032 | ---- | C] () -- C:\Windows\System32\ltmm_n.dll
    [2008/08/27 10:06:25 | 000,009,884 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (Windows).CAL
    [2008/08/12 14:38:43 | 000,009,913 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\PStrip.bk!
    [2008/08/12 14:37:28 | 000,009,817 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\PStrip.bak
    [2008/08/09 14:15:29 | 000,009,595 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\PStrip.ini
    [2008/06/10 19:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/02/08 16:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll
    [2007/09/29 23:26:33 | 000,000,000 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\wklnhst.dat
    [2007/09/27 04:37:35 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
    [2007/09/27 04:37:34 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
    [2007/09/27 04:37:34 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
    [2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
    [2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
    [2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/07/21 18:50:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll

    ========== LOP Check ==========

    [2010/09/28 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\4Media Software Studio
    [2010/01/06 17:56:46 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\acccore
    [2010/01/06 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Any Video Converter
    [2010/12/30 21:42:15 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Audacity
    [2010/01/06 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\AVSMedia
    [2011/01/01 11:23:52 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\BitTorrent
    [2010/01/06 17:56:53 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Bytescout SWF To Video Scout
    [2009/09/16 15:55:24 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\DAEMON Tools Lite
    [2010/12/30 21:42:15 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\DNA
    [2010/01/06 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\FileZilla
    [2010/11/11 21:20:28 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\FixCleaner
    [2010/01/06 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\GetRightToGo
    [2010/01/06 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Leadertech
    [2010/12/30 21:42:15 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\LimeWire
    [2010/02/25 14:54:10 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\ManyCam
    [2010/07/09 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\mkvtoolnix
    [2010/01/06 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\MusicNet
    [2008/05/23 11:39:37 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\NetMedia Providers
    [2010/01/06 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\New Tier
    [2010/06/18 12:16:41 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\proDAD
    [2008/05/23 11:39:37 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Publish Providers
    [2010/09/14 10:31:50 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\River Past G5
    [2008/03/14 22:56:07 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Template
    [2010/09/18 13:37:45 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Thunderbird
    [2010/01/06 17:58:02 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Trillian
    [2010/01/22 10:23:43 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Uniblue
    [2008/06/15 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Video DVD Maker FREE
    [2010/12/31 18:04:32 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\At1.job
    [2011/01/01 11:02:41 | 000,000,320 | -HS- | M] () -- C:\Windows\Tasks\Fvfouxnb.job
    [2010/12/31 05:04:54 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
    [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
    [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
    [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

    < MD5 for: EVENTLOG.DLL >
    [2009/12/02 16:12:14 | 000,044,032 | ---- | M] (Panasonic Corporation) MD5=C69C760478573085FA11243AE15E8A28 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 5.0\Core\EventLog\EventLog.dll

    < MD5 for: IASTOR.SYS >
    [2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
    [2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_854e9851bc5e0ffb\iaStor.sys
    [2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_3926b8183d8240e3\iaStor.sys

    < MD5 for: IASTORV.SYS >
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
    [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
    [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Users\matt small\Documents\OT.dmsd:Roxio EMC Stream
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\loiscard.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\housing.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\Copy of loiscard.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasv.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasv.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasthankyou.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasjricks.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasjricks.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasfront08.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasfront08.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmascousinapril.png:Updt_SummaryInformation
    @Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >
  9. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    OTL Extras logfile created on: 1/1/2011 11:16:44 AM - Run 1
    OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\matt small\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 273.04 Gb Total Space | 102.85 Gb Free Space | 37.67% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 314.96 Gb Free Space | 33.81% Space Free | Partition Type: NTFS

    Computer Name: MATT | User Name: matt small | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
    "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
    "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
    "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
    "{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
    "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
    "{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista
    "{3888fa7d-8ea9-461f-bb13-7e2e530a082c}" = Nero 9
    "{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FEC3A5B-60FF-4626-B425-08E09B121A15}" = LogMeIn
    "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
    "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
    "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
    "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
    "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
    "{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A5E0EE-432A-40D3-BB56-858B998EA8BB}" = AnywhereTS
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
    "{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{71D5559C-85E5-5206-3B1C-A8A9DDDE4AC9}" = AMD Drag and Drop Transcoding
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{72C5B9DA-F3B1-45E2-96EF-AA6C3F42D1BB}" = Video Explosion 1.5
    "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
    "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
    "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
    "{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static
    "{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
    "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
    "{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
    "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
    "{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E1AB809-F821-4F41-8431-44A11ED1EDBA}" = TVT7Diag
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
    "{91410E47-BB57-FF5D-8C8D-A45D22742A71}" = ATI AVIVO Codecs
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{93A038DC-5F4C-4463-9847-E184E74951B6}" = Digital Cable Advisor
    "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
    "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
    "{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English
    "{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
    "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
    "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
    "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
    "{AF833083-331F-4EC2-8FAA-FE0B8BF12C0E}" = WebTrain Communicator
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
    "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
    "{B99459D2-B91A-417E-9DFA-F53D569F4445}_is1" = H.264 Encoder 1.5
    "{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEEC0AD1-588C-4DD1-AD56-839120A39B06}" = MCEBuddy
    "{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
    "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
    "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DCF60B7D-5830-4AF6-998F-1CD79E1A4BF6}" = Microsoft LifeCam
    "{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
    "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
    "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
    "{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
    "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
    "4Media Video Converter Ultimate" = 4Media Video Converter Ultimate
    "745D2949D37D22B578F30B5527277D1FB8BB0709" = Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
    "7-Zip" = 7-Zip 4.57
    "9B930C353B70A8D589052B35FD6D22DF019FA7A4" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
    "A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 6.0" = Adobe Photoshop 6.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
    "Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
    "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
    "AIM_6" = AIM 6
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.4 (Unicode)
    "Audio Converter Pro" = River Past Audio Converter Pro
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
    "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "Browser Defender_is1" = Browser Defender 2.0.6.15
    "CCleaner" = CCleaner
    "Cinergy Script Editor" = Cinergy Script Editor
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "EasyBCD" = EasyBCD 1.7.2
    "EFLVFLVCN_is1" = EasyFLV FLV Converter Ver 7 build 0.0.1
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
    "FoxyTunesForFirefox" = FoxyTunes for Firefox
    "Free Window Registry Repair" = Free Window Registry Repair
    "GameSpy Arcade" = GameSpy Arcade
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "Google Video Uploader" = Google Video Uploader
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "LimeWire" = LimeWire 5.6.2
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Logitech Vid" = Logitech Vid HD
    "lvdrivers_12.0" = Logitech Webcam Software Driver Package
    "Magic Bullet Looks Studio" = Magic Bullet Looks Studio
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "ManyCam" = ManyCam 2.4 (remove only)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MKVtoolnix" = MKVtoolnix 4.2.0
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
    "Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
    "Nero8Lite_is1" = Nero 8 Lite 8.2.8.0
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Orb" = Winamp Remote
    "PictureIt_v9" = Microsoft Picture It! Photo Premium 9
    "proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
    "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
    "RealPlayer 12.0" = RealPlayer
    "Right PDF Printer Server Edition_is1" = Right PDF Printer 3.6 Server Edition
    "Shop for HP Supplies" = Shop for HP Supplies
    "SopCast" = SopCast 2.0.4
    "Spyware Doctor" = Spyware Doctor 7.0
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "Trillian" = Trillian
    "TVWiz" = Intel(R) TV Wizard
    "V CAST Music with Rhapsody" = V CAST Music with Rhapsody
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 1.1.5
    "Winamp" = Winamp
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Movie Maker 6.0" = Windows Movie Maker 6.0
    "WinLiveSuite" = Windows Live Essentials
    "Works2004Setup" = Microsoft Works 2004 Setup Launcher
    "XobniMain" = Xobni
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "BitTorrent DNA" = DNA
    "MIAMIFLA" = University of Miami Desktop Communicator
    "Move Media Player" = Move Media Player
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/1/2011 2:50:08 AM | Computer Name = Matt | Source = MCEBuddy | ID = 0
    Description = Error scanning commercials using ComSkip. Activity failed at 8% Time
    taken: 00:10:32.4678364

    Error - 1/1/2011 3:03:08 AM | Computer Name = Matt | Source = Symantec AntiVirus | ID = 16711726
    Description = Security Risk Found!Risk: Trojan.ADH in File: C:\ProgramData\43XOi2ix.exe_
    by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

    Error - 1/1/2011 3:03:08 AM | Computer Name = Matt | Source = Symantec AntiVirus | ID = 16711685
    Description = Risk Found!Risk: Trojan.ADH in File: C:\ProgramData\43XOi2ix.exe_
    by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

    Error - 1/1/2011 3:03:18 AM | Computer Name = Matt | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Risk: Trojan.ADH in File: C:\ProgramData\43XOi2ix.exe_
    by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

    Error - 1/1/2011 11:34:15 AM | Computer Name = Matt | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 1/1/2011 12:06:58 PM | Computer Name = Matt | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 1/1/2011 1:09:18 PM | Computer Name = Matt | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 1/1/2011 2:09:47 PM | Computer Name = Matt | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 1/1/2011 3:00:33 PM | Computer Name = Matt | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 1/1/2011 4:05:48 PM | Computer Name = Matt | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ Media Center Events ]
    Error - 12/20/2010 8:34:55 PM | Computer Name = Matt | Source = ehRecvr | ID = 3
    Description = TV tuner encountered an error. (0xc004050b) ATI AVStream Analog Tuner

    Error - 12/20/2010 8:35:04 PM | Computer Name = Matt | Source = ehRecvr | ID = 3
    Description = TV tuner encountered an error. (0xc004050b) ATI AVStream Analog Tuner

    Error - 12/20/2010 8:35:12 PM | Computer Name = Matt | Source = ehRecvr | ID = 3
    Description = TV tuner encountered an error. (0xc004050b) ATI AVStream Analog Tuner

    Error - 12/22/2010 3:21:31 AM | Computer Name = Matt | Source = MCUpdate | ID = 0
    Description = 2:21:31 AM - Failed to retrieve SportsV2 (Error: The operation has
    timed out)

    Error - 12/22/2010 3:21:56 AM | Computer Name = Matt | Source = MCUpdate | ID = 0
    Description = 2:21:56 AM - Failed to retrieve NetTV (Error: The underlying connection
    was closed: An unexpected error occurred on a receive.)

    Error - 12/22/2010 3:22:30 AM | Computer Name = Matt | Source = MCUpdate | ID = 0
    Description = 2:22:13 AM - Failed to retrieve MCEClientUX (Error: The underlying
    connection was closed: An unexpected error occurred on a receive.)

    Error - 12/22/2010 3:23:01 AM | Computer Name = Matt | Source = MCUpdate | ID = 0
    Description = 2:22:45 AM - Failed to retrieve Broadband (Error: The underlying connection
    was closed: An unexpected error occurred on a receive.)

    Error - 12/22/2010 3:24:58 AM | Computer Name = Matt | Source = MCUpdate | ID = 0
    Description = 2:24:41 AM - Failed to retrieve EpgListings (Error: The operation
    has timed out)

    Error - 12/22/2010 3:26:10 AM | Computer Name = Matt | Source = MCUpdate | ID = 0
    Description = 2:25:55 AM - Failed to retrieve EpgListings (Error: The underlying
    connection was closed: An unexpected error occurred on a receive.)

    Error - 12/22/2010 3:27:01 AM | Computer Name = Matt | Source = MCUpdate | ID = 0
    Description = 2:26:23 AM - Failed to retrieve EpgListings (Error: The underlying
    connection was closed: An unexpected error occurred on a receive.)

    [ OSession Events ]
    Error - 1/23/2010 6:18:23 PM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 66110
    seconds with 1560 seconds of active time. This session ended with a crash.

    Error - 1/25/2010 5:24:30 PM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72582
    seconds with 2160 seconds of active time. This session ended with a crash.

    Error - 1/26/2010 8:44:31 AM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55173
    seconds with 3600 seconds of active time. This session ended with a crash.

    Error - 1/27/2010 5:00:23 AM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72927
    seconds with 1860 seconds of active time. This session ended with a crash.

    Error - 1/27/2010 7:22:18 PM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51689
    seconds with 1680 seconds of active time. This session ended with a crash.

    Error - 1/29/2010 10:21:06 AM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52035
    seconds with 480 seconds of active time. This session ended with a crash.

    Error - 4/4/2010 1:22:25 AM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52792
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 4/15/2010 4:39:39 PM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 401 seconds with 120 seconds of active time. This session ended with a crash.

    Error - 5/3/2010 11:18:50 AM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 160866
    seconds with 840 seconds of active time. This session ended with a crash.

    Error - 5/14/2010 5:28:01 PM | Computer Name = Matt | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/1/2011 11:27:15 AM | Computer Name = Matt | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 1/1/2011 11:27:41 AM | Computer Name = Matt | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SABKUTIL sptd

    Error - 1/1/2011 11:27:45 AM | Computer Name = Matt | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 1/1/2011 11:27:45 AM | Computer Name = Matt | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 1/1/2011 12:01:36 PM | Computer Name = Matt | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 1/1/2011 12:02:40 PM | Computer Name = Matt | Source = Service Control Manager | ID = 7000
    Description = The adfs service failed to start due to the following error: %%2

    Error - 1/1/2011 12:02:44 PM | Computer Name = Matt | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 1/1/2011 12:02:45 PM | Computer Name = Matt | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 1/1/2011 12:04:11 PM | Computer Name = Matt | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SABKUTIL sptd

    Error - 1/1/2011 12:05:19 PM | Computer Name = Matt | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.


    < End of report >
  10. crunchie

    crunchie Malware Helper Posts: 761

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
      :Commands
      [purity]
      [emptyflash]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    ====

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:


    ====

    How are things now?
  11. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    ========== COMMANDS ==========

    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: matt small
    ->Flash cache emptied: 5664 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: matt small
    ->Temp folder emptied: 4957547 bytes
    ->Temporary Internet Files folder emptied: 8296510 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 95733490 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 36589 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 18899179594 bytes

    Total Files Cleaned = 18,128.00 mb

    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.20.0 log created on 01012011_193620

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  12. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    OTL logfile created on: 1/1/2011 8:10:35 PM - Run 2
    OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\matt small\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 273.04 Gb Total Space | 102.88 Gb Free Space | 37.68% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.10% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 330.72 Gb Free Space | 35.50% Space Free | Partition Type: NTFS

    Computer Name: MATT | User Name: matt small | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/01 11:12:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\matt small\Desktop\OTL.exe
    PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010/12/10 12:23:11 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/12/10 12:23:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2010/11/25 00:13:13 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
    PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/15 07:05:05 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/09/01 01:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/07/06 20:51:10 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2010/07/06 20:50:42 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/07/01 15:49:15 | 002,397,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2010/06/13 19:59:20 | 000,800,032 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2010/06/13 19:59:20 | 000,628,000 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
    PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
    PRC - [2010/03/01 19:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2010/01/24 10:03:50 | 000,020,480 | ---- | M] () -- C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe
    PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2009/11/07 07:54:54 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\matt small\Program Files\DNA\btdna.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/12 11:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
    PRC - [2008/12/11 18:07:40 | 006,703,648 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    PRC - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008/09/25 16:49:22 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2008/01/29 21:19:34 | 000,041,472 | ---- | M] (Orb Networks) -- C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
    PRC - [2007/10/29 12:21:20 | 000,118,784 | ---- | M] () -- C:\Program Files\AnywhereTS\srv\tftpd32.exe
    PRC - [2007/10/29 12:21:20 | 000,036,864 | ---- | M] (Nick Rozanski (Nick@Rozanski.com)) -- C:\Program Files\AnywhereTS\srv\srvstart.exe
    PRC - [2007/09/27 04:36:58 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    PRC - [2007/09/26 20:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2007/08/03 15:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    PRC - [2006/11/28 05:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
    PRC - [2006/11/28 05:34:28 | 000,075,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SavUI.exe
    PRC - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2006/11/28 05:34:02 | 000,024,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
    PRC - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2006/11/27 08:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    PRC - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/01 11:12:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\matt small\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/07/06 20:50:42 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/06/13 19:59:20 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdcoreservice)
    SRV - [2010/03/11 18:02:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2010/03/01 19:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/01/24 10:03:50 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe -- (MCEBuddy)
    SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2009/10/12 11:33:26 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
    SRV - [2009/07/27 21:32:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008/09/25 16:49:22 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
    SRV - [2008/01/29 21:19:34 | 000,041,472 | ---- | M] (Orb Networks) [Auto | Running] -- C:\Program Files\Winamp Remote\bin\OrbMediaService.exe -- (OrbMediaService)
    SRV - [2007/10/29 12:21:20 | 000,036,864 | ---- | M] (Nick Rozanski (Nick@Rozanski.com)) [Auto | Running] -- C:\Program Files\AnywhereTS\srv\srvstart.exe -- (TS_TFTP)
    SRV - [2007/09/27 04:55:38 | 001,862,144 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
    SRV - [2007/09/27 04:36:58 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2006/11/28 05:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101231.002\navex15.sys -- (NAVEX15)
    DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101231.002\naveng.sys -- (NAVENG)
    DRV - [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/11/25 00:11:25 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010/11/10 02:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUVC.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
    DRV - [2010/11/10 02:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2010/11/10 02:46:28 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
    DRV - [2010/07/06 21:29:16 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2010/07/06 21:29:16 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2010/07/06 20:15:24 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/06/19 17:04:56 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2010/06/19 17:04:56 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2010/06/19 17:04:56 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2010/06/19 17:04:56 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
    DRV - [2010/06/19 17:04:56 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2010/05/28 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/05/28 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2010/05/06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2010/01/29 01:03:58 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/11/04 09:11:04 | 001,084,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
    DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/09/16 15:55:25 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/13 18:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
    DRV - [2009/07/13 18:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
    DRV - [2009/07/13 18:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
    DRV - [2009/07/13 18:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
    DRV - [2009/07/13 17:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
    DRV - [2009/07/13 17:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
    DRV - [2009/07/13 17:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/05/28 14:46:18 | 000,391,296 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
    DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2009/01/05 19:11:04 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2008/12/11 17:23:08 | 002,250,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/10/18 06:13:45 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/02/29 09:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/12/03 18:26:32 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/12/03 18:26:32 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/12/03 18:26:22 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2006/11/22 15:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2006/11/22 15:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2006/11/22 15:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
    DRV - [2002/11/28 20:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070927

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://secure.logmein.com/login.asp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://facebook.com"
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
    FF - prefs.js..extensions.enabledItems: {dc0fa13c-3dae-73eb-e852-912722c852f9}:0.3
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
    FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
    FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
    FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 19:08:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 21:43:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/25 20:10:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/25 20:10:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/25 20:10:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/12/25 20:10:57 | 000,000,000 | ---D | M]
  13. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    [2010/09/18 13:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt small\AppData\Roaming\Mozilla\Extensions
    [2010/09/18 13:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt small\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009/03/06 00:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt small\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2011/01/01 01:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions
    [2010/01/06 17:57:42 | 000,000,000 | ---D | M] (NY Yankees) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{0502c898-4754-11dc-8314-0800200c9a66}
    [2010/09/24 07:49:17 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2010/12/21 22:07:42 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2010/05/17 14:22:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/01/06 17:57:42 | 000,000,000 | ---D | M] (Unofficial Google Translate Firefox extension) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{3eaacb33-878f-44fa-b4cd-6e67cbaf828b}
    [2010/01/06 17:57:42 | 000,000,000 | ---D | M] (Tar Heels) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{43eb9f3e-3d32-11dc-8314-0800200c9a66}
    [2010/09/17 22:00:34 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    [2010/01/06 17:57:43 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2010/01/06 17:57:43 | 000,000,000 | ---D | M] (Blue Ice 2 lite) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{c5b48c50-0394-11dd-95ff-0800200c9a66}
    [2010/10/08 13:22:14 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/04/01 07:56:46 | 000,000,000 | ---D | M] (MileWideBack) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
    [2010/06/17 15:42:48 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2010/08/12 12:52:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/11/25 12:31:05 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010/06/11 22:25:16 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
    [2010/11/25 12:31:07 | 000,000,000 | ---D | M] ("Personas Interactive") -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\btpersonas@brandthunder.com
    [2010/06/11 22:25:16 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
    [2010/05/05 11:32:55 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\LogMeInClient@logmein.com
    [2010/09/13 15:16:45 | 000,000,000 | ---D | M] (Personas) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\personas@christopher.beard
    [2010/11/10 21:26:35 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\extensions\smarterwiki@wikiatic.com
    [2010/08/25 11:01:48 | 000,002,273 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\searchplugins\ask.xml
    [2010/10/21 07:25:58 | 000,000,908 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\searchplugins\bing.xml
    [2010/12/23 12:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/15 13:03:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/08/13 18:39:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/28 20:10:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/22 23:40:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/23 12:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/03/05 21:43:41 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
    [2010/01/06 17:57:40 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MATT SMALL\APPDATA\ROAMING\MOVE NETWORKS
    [2011/01/01 19:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\MATT SMALL\PROGRAM FILES\DNA
    [2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    [2010/06/28 23:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    [2010/12/30 19:15:17 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

    O1 HOSTS File: ([2011/01/01 19:36:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
    O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\matt small\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: webattend.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: webtrain.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} http://www.webattend.com/components/wt0523.cab (WebTrain.ctlWebTrain)
    O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} http://www.seetoo.com/downloadAddon...stintv&c=cce877c8fbf127563&browserVersion=8.0 (SeeTooControl Class)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab (Reg Error: Key error.)
    O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O16 - DPF: Justin.tv Publisher http://www.justin.tv/plugins/justintv_publisher.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop BackupWallPaper: C:\Users\matt small\AppData\Local\Microsoft\Wallpaper1.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{a89fb1b1-fb10-11de-a113-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{a89fb1b1-fb10-11de-a113-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/01 19:36:20 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/01/01 11:12:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\matt small\Desktop\OTL.exe
    [2010/12/30 21:14:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/12/29 17:19:52 | 000,000,000 | ---D | C] -- C:\Users\matt small\Documents\Nero Collections
    [2010/12/26 18:30:54 | 000,000,000 | ---D | C] -- C:\Users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft
    [2010/12/26 18:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
    [2010/12/26 14:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/12/25 20:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2010/12/25 20:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/12/25 20:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/12/25 20:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/12/25 20:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2010/12/25 20:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/12/23 17:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
    [2010/12/23 17:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
    [2010/12/18 12:56:21 | 000,000,000 | ---D | C] -- C:\Users\matt small\AppData\Roaming\vlc
    [2010/12/18 11:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2010/12/16 09:47:52 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\matt small\Desktop\TDSSKiller.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/01/01 20:13:40 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/01 20:13:39 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/01 20:10:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/01 20:03:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/01 20:03:04 | 000,000,320 | -HS- | M] () -- C:\Windows\tasks\Fvfouxnb.job
    [2011/01/01 20:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/01 20:02:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
    [2011/01/01 20:02:38 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/01 19:36:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2011/01/01 17:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2011/01/01 11:12:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\matt small\Desktop\OTL.exe
    [2011/01/01 01:38:51 | 647,450,965 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/12/31 10:17:12 | 000,000,044 | ---- | M] () -- C:\Windows\fWUvRxp2cg
    [2010/12/31 10:17:12 | 000,000,040 | ---- | M] () -- C:\Windows\HvNAoYB
    [2010/12/31 10:17:12 | 000,000,039 | ---- | M] () -- C:\Windows\1OLMhRDn3y
    [2010/12/31 10:17:12 | 000,000,038 | ---- | M] () -- C:\Windows\PgNmh
    [2010/12/31 10:17:12 | 000,000,038 | ---- | M] () -- C:\Windows\bOljP6a
    [2010/12/31 10:17:12 | 000,000,037 | ---- | M] () -- C:\Windows\MkxTP
    [2010/12/31 10:17:12 | 000,000,034 | ---- | M] () -- C:\Windows\YLjdu
    [2010/12/31 10:17:11 | 000,000,047 | ---- | M] () -- C:\Windows\barSpv
    [2010/12/31 10:17:11 | 000,000,046 | ---- | M] () -- C:\Windows\vQYeKvcTJ
    [2010/12/31 10:17:11 | 000,000,046 | ---- | M] () -- C:\Windows\jEOVv7j
    [2010/12/31 10:17:11 | 000,000,044 | ---- | M] () -- C:\Windows\WxRDxhb
    [2010/12/31 10:17:11 | 000,000,044 | ---- | M] () -- C:\Windows\E7XYuH
    [2010/12/31 10:17:11 | 000,000,044 | ---- | M] () -- C:\Windows\8bACfHV2
    [2010/12/31 10:17:11 | 000,000,044 | ---- | M] () -- C:\Windows\3TpxMDn
    [2010/12/31 10:17:11 | 000,000,042 | ---- | M] () -- C:\Windows\KpQXh
    [2010/12/31 10:17:11 | 000,000,042 | ---- | M] () -- C:\Windows\kawxBoK
    [2010/12/31 10:17:11 | 000,000,042 | ---- | M] () -- C:\Windows\85laC
    [2010/12/31 10:17:11 | 000,000,040 | ---- | M] () -- C:\Windows\vj6gvqs33S
    [2010/12/31 10:17:11 | 000,000,040 | ---- | M] () -- C:\Windows\JJCQj1FmH
    [2010/12/31 10:17:11 | 000,000,039 | ---- | M] () -- C:\Windows\nMVm8r6o
    [2010/12/31 10:17:11 | 000,000,039 | ---- | M] () -- C:\Windows\5m41mFM
    [2010/12/31 10:17:11 | 000,000,038 | ---- | M] () -- C:\Windows\UvlmrA2ola
    [2010/12/31 10:17:11 | 000,000,037 | ---- | M] () -- C:\Windows\iRJNwHtECY
    [2010/12/31 10:17:11 | 000,000,036 | ---- | M] () -- C:\Windows\pYNAj4
    [2010/12/31 10:17:11 | 000,000,033 | ---- | M] () -- C:\Windows\OT3bqteG4t
    [2010/12/31 10:17:11 | 000,000,032 | ---- | M] () -- C:\Windows\Yg3iiJAi
    [2010/12/31 10:17:11 | 000,000,032 | ---- | M] () -- C:\Windows\r13H1
    [2010/12/31 10:17:11 | 000,000,032 | ---- | M] () -- C:\Windows\NGXAcns
    [2010/12/31 10:17:11 | 000,000,031 | ---- | M] () -- C:\Windows\wilGbJ
    [2010/12/31 10:17:11 | 000,000,029 | ---- | M] () -- C:\Windows\NBxYe
    [2010/12/31 10:17:11 | 000,000,029 | ---- | M] () -- C:\Windows\NBxM25pb6
    [2010/12/31 10:17:11 | 000,000,029 | ---- | M] () -- C:\Windows\CxkxwNkl
    [2010/12/31 10:17:11 | 000,000,029 | ---- | M] () -- C:\Windows\83s1Ja
    [2010/12/31 10:17:11 | 000,000,028 | ---- | M] () -- C:\Windows\YVcEmCWHJ
    [2010/12/31 10:17:11 | 000,000,028 | ---- | M] () -- C:\Windows\EnRvpsGXl
    [2010/12/31 10:17:11 | 000,000,027 | ---- | M] () -- C:\Windows\kYFJJM
    [2010/12/31 10:17:11 | 000,000,026 | ---- | M] () -- C:\Windows\JDQqAopPbx
    [2010/12/31 10:17:10 | 000,000,049 | ---- | M] () -- C:\Windows\6BuURPM3
    [2010/12/31 10:17:10 | 000,000,047 | ---- | M] () -- C:\Windows\sVYIGbx
    [2010/12/31 10:17:10 | 000,000,046 | ---- | M] () -- C:\Windows\IKDFk1Bqm5
    [2010/12/31 10:17:10 | 000,000,042 | ---- | M] () -- C:\Windows\4fBLU
    [2010/12/31 10:17:10 | 000,000,041 | ---- | M] () -- C:\Windows\I7P6J
    [2010/12/31 10:17:10 | 000,000,039 | ---- | M] () -- C:\Windows\6jIuPMc52
    [2010/12/31 10:17:10 | 000,000,039 | ---- | M] () -- C:\Windows\1glFrPN
    [2010/12/31 10:17:10 | 000,000,038 | ---- | M] () -- C:\Windows\YsCtBEDlRQ
    [2010/12/31 10:17:10 | 000,000,038 | ---- | M] () -- C:\Windows\KigOuxgJH6
    [2010/12/31 10:17:10 | 000,000,035 | ---- | M] () -- C:\Windows\RYQlGJY
    [2010/12/31 10:17:10 | 000,000,035 | ---- | M] () -- C:\Windows\K2mx685E
    [2010/12/31 10:17:10 | 000,000,034 | ---- | M] () -- C:\Windows\yJOAWI
    [2010/12/31 10:17:10 | 000,000,033 | ---- | M] () -- C:\Windows\p3nTg
    [2010/12/31 10:17:10 | 000,000,032 | ---- | M] () -- C:\Windows\afd8Sb
    [2010/12/31 10:17:10 | 000,000,031 | ---- | M] () -- C:\Windows\OXHEq
    [2010/12/31 10:17:10 | 000,000,031 | ---- | M] () -- C:\Windows\c4ex56ADv
    [2010/12/31 10:17:10 | 000,000,028 | ---- | M] () -- C:\Windows\O1lfT
    [2010/12/31 10:17:10 | 000,000,028 | ---- | M] () -- C:\Windows\CM7esEYs
    [2010/12/31 10:17:10 | 000,000,027 | ---- | M] () -- C:\Windows\NycIN
    [2010/12/31 10:17:10 | 000,000,026 | ---- | M] () -- C:\Windows\V7NlaT6Ru
    [2010/12/31 10:17:10 | 000,000,024 | ---- | M] () -- C:\Windows\AgdRtKVja
    [2010/12/31 10:17:09 | 000,000,048 | ---- | M] () -- C:\Windows\isAoO2VgbB
    [2010/12/31 10:17:09 | 000,000,047 | ---- | M] () -- C:\Windows\edsJS7
    [2010/12/31 10:17:09 | 000,000,046 | ---- | M] () -- C:\Windows\kK6DbQNE
    [2010/12/31 10:17:09 | 000,000,040 | ---- | M] () -- C:\Windows\OLHGO
    [2010/12/31 10:17:09 | 000,000,038 | ---- | M] () -- C:\Windows\l8CjEByRl
    [2010/12/31 10:17:09 | 000,000,037 | ---- | M] () -- C:\Windows\Hhrq2xl
    [2010/12/31 10:17:09 | 000,000,032 | ---- | M] () -- C:\Windows\mrTx7n
    [2010/12/31 10:17:09 | 000,000,030 | ---- | M] () -- C:\Windows\gfQXFJs2T4
    [2010/12/31 10:17:09 | 000,000,029 | ---- | M] () -- C:\Windows\2qSFUGj
    [2010/12/31 10:17:09 | 000,000,028 | ---- | M] () -- C:\Windows\75rjFy
    [2010/12/31 10:17:09 | 000,000,026 | ---- | M] () -- C:\Windows\emr7v
    [2010/12/31 10:17:08 | 000,000,037 | ---- | M] () -- C:\Windows\Fg8CxnqsW
    [2010/12/31 10:17:08 | 000,000,036 | ---- | M] () -- C:\Windows\8EyyTVJ
    [2010/12/31 10:17:08 | 000,000,035 | ---- | M] () -- C:\Windows\3JNHKvN
    [2010/12/31 10:17:08 | 000,000,034 | ---- | M] () -- C:\Windows\gtf7k77cD
    [2010/12/31 10:17:08 | 000,000,032 | ---- | M] () -- C:\Windows\olkmGq3T
    [2010/12/31 10:17:08 | 000,000,030 | ---- | M] () -- C:\Windows\qsijfwGf1
    [2010/12/31 10:17:08 | 000,000,026 | ---- | M] () -- C:\Windows\ImsaYbSth2
    [2010/12/31 10:17:07 | 000,000,038 | ---- | M] () -- C:\Windows\FDYCYdA
    [2010/12/31 10:17:07 | 000,000,038 | ---- | M] () -- C:\Windows\6Myk2cOdi
    [2010/12/31 10:17:07 | 000,000,036 | ---- | M] () -- C:\Windows\TFJXH
    [2010/12/31 10:17:07 | 000,000,035 | ---- | M] () -- C:\Windows\Kg4AHHaJT
    [2010/12/31 10:17:07 | 000,000,034 | ---- | M] () -- C:\Windows\UhdTFg
    [2010/12/31 10:17:07 | 000,000,032 | ---- | M] () -- C:\Windows\WVTQYW
    [2010/12/31 10:17:07 | 000,000,032 | ---- | M] () -- C:\Windows\oG6bwr8
    [2010/12/31 10:17:07 | 000,000,032 | ---- | M] () -- C:\Windows\bHdc7B
    [2010/12/31 10:17:07 | 000,000,031 | ---- | M] () -- C:\Windows\jDq13M24
    [2010/12/31 10:17:07 | 000,000,028 | ---- | M] () -- C:\Windows\eTUPgK1E
    [2010/12/31 10:17:07 | 000,000,026 | ---- | M] () -- C:\Windows\5y6AbV
    [2010/12/31 10:17:06 | 000,000,049 | ---- | M] () -- C:\Windows\yjW3C7
    [2010/12/31 10:17:06 | 000,000,045 | ---- | M] () -- C:\Windows\VTYjhMX
    [2010/12/31 10:17:06 | 000,000,043 | ---- | M] () -- C:\Windows\PUyVE
    [2010/12/31 10:17:06 | 000,000,041 | ---- | M] () -- C:\Windows\eaHyr8
    [2010/12/31 10:17:06 | 000,000,036 | ---- | M] () -- C:\Windows\SEGqplv
    [2010/12/31 10:17:06 | 000,000,036 | ---- | M] () -- C:\Windows\AQaRnS
    [2010/12/31 10:17:06 | 000,000,035 | ---- | M] () -- C:\Windows\ndqLdox
    [2010/12/31 10:17:06 | 000,000,032 | ---- | M] () -- C:\Windows\kSSdatQgG
    [2010/12/31 10:17:06 | 000,000,031 | ---- | M] () -- C:\Windows\SJSVKUKSkx
    [2010/12/31 10:17:06 | 000,000,025 | ---- | M] () -- C:\Windows\T61NCh
    [2010/12/31 00:30:46 | 000,013,834 | ---- | M] () -- C:\Users\matt small\Documents\cc_20101231_003040.reg
    [2010/12/30 21:21:29 | 000,000,112 | ---- | M] () -- C:\ProgramData\EdC4677J4.dat
    [2010/12/29 17:20:11 | 000,000,029 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\default.rss
    [2010/12/29 17:19:52 | 000,000,000 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\downloads.m3u
    [2010/12/26 14:29:40 | 000,067,148 | ---- | M] () -- C:\Users\matt small\Documents\cc_20101226_142836.reg
    [2010/12/26 14:25:09 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010/12/25 21:07:07 | 000,673,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/25 21:07:07 | 000,124,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/25 20:20:31 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/12/23 14:05:31 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/21 17:04:14 | 000,024,981 | ---- | M] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2010/12/21 11:02:00 | 005,474,848 | ---- | M] () -- C:\Users\matt small\Documents\GraduationInvitation.png
    [2010/12/20 19:14:36 | 000,001,937 | ---- | M] () -- C:\Users\matt small\Desktop\On-Screen Keyboard.lnk
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/20 15:36:57 | 014,029,420 | ---- | M] () -- C:\Users\matt small\Documents\GraduationInvitation.psd
    [2010/12/18 11:00:06 | 019,985,265 | ---- | M] () -- C:\Users\matt small\Documents\vlc-1.1.5-win32.exe
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\matt small\Desktop\TDSSKiller.exe
    [2010/12/16 03:32:41 | 002,712,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
    [2010/12/08 13:11:46 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
    [2010/12/08 13:11:44 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll

    ========== Files Created - No Company Name ==========

    [2010/12/31 10:17:12 | 000,000,044 | ---- | C] () -- C:\Windows\fWUvRxp2cg
    [2010/12/31 10:17:12 | 000,000,040 | ---- | C] () -- C:\Windows\HvNAoYB
    [2010/12/31 10:17:12 | 000,000,039 | ---- | C] () -- C:\Windows\1OLMhRDn3y
    [2010/12/31 10:17:12 | 000,000,038 | ---- | C] () -- C:\Windows\bOljP6a
    [2010/12/31 10:17:12 | 000,000,037 | ---- | C] () -- C:\Windows\MkxTP
    [2010/12/31 10:17:12 | 000,000,034 | ---- | C] () -- C:\Windows\YLjdu
    [2010/12/31 10:17:11 | 000,000,047 | ---- | C] () -- C:\Windows\barSpv
    [2010/12/31 10:17:11 | 000,000,046 | ---- | C] () -- C:\Windows\vQYeKvcTJ
    [2010/12/31 10:17:11 | 000,000,046 | ---- | C] () -- C:\Windows\jEOVv7j
    [2010/12/31 10:17:11 | 000,000,044 | ---- | C] () -- C:\Windows\WxRDxhb
    [2010/12/31 10:17:11 | 000,000,044 | ---- | C] () -- C:\Windows\E7XYuH
    [2010/12/31 10:17:11 | 000,000,044 | ---- | C] () -- C:\Windows\8bACfHV2
    [2010/12/31 10:17:11 | 000,000,044 | ---- | C] () -- C:\Windows\3TpxMDn
    [2010/12/31 10:17:11 | 000,000,042 | ---- | C] () -- C:\Windows\KpQXh
    [2010/12/31 10:17:11 | 000,000,042 | ---- | C] () -- C:\Windows\kawxBoK
    [2010/12/31 10:17:11 | 000,000,042 | ---- | C] () -- C:\Windows\85laC
    [2010/12/31 10:17:11 | 000,000,040 | ---- | C] () -- C:\Windows\vj6gvqs33S
    [2010/12/31 10:17:11 | 000,000,040 | ---- | C] () -- C:\Windows\JJCQj1FmH
    [2010/12/31 10:17:11 | 000,000,039 | ---- | C] () -- C:\Windows\nMVm8r6o
    [2010/12/31 10:17:11 | 000,000,039 | ---- | C] () -- C:\Windows\5m41mFM
    [2010/12/31 10:17:11 | 000,000,038 | ---- | C] () -- C:\Windows\UvlmrA2ola
    [2010/12/31 10:17:11 | 000,000,038 | ---- | C] () -- C:\Windows\PgNmh
    [2010/12/31 10:17:11 | 000,000,037 | ---- | C] () -- C:\Windows\iRJNwHtECY
    [2010/12/31 10:17:11 | 000,000,036 | ---- | C] () -- C:\Windows\pYNAj4
    [2010/12/31 10:17:11 | 000,000,033 | ---- | C] () -- C:\Windows\OT3bqteG4t
    [2010/12/31 10:17:11 | 000,000,032 | ---- | C] () -- C:\Windows\Yg3iiJAi
    [2010/12/31 10:17:11 | 000,000,032 | ---- | C] () -- C:\Windows\r13H1
    [2010/12/31 10:17:11 | 000,000,032 | ---- | C] () -- C:\Windows\NGXAcns
    [2010/12/31 10:17:11 | 000,000,031 | ---- | C] () -- C:\Windows\wilGbJ
    [2010/12/31 10:17:11 | 000,000,029 | ---- | C] () -- C:\Windows\NBxYe
    [2010/12/31 10:17:11 | 000,000,029 | ---- | C] () -- C:\Windows\NBxM25pb6
    [2010/12/31 10:17:11 | 000,000,029 | ---- | C] () -- C:\Windows\CxkxwNkl
    [2010/12/31 10:17:11 | 000,000,029 | ---- | C] () -- C:\Windows\83s1Ja
    [2010/12/31 10:17:11 | 000,000,028 | ---- | C] () -- C:\Windows\YVcEmCWHJ
    [2010/12/31 10:17:11 | 000,000,028 | ---- | C] () -- C:\Windows\EnRvpsGXl
    [2010/12/31 10:17:11 | 000,000,027 | ---- | C] () -- C:\Windows\kYFJJM
    [2010/12/31 10:17:11 | 000,000,026 | ---- | C] () -- C:\Windows\JDQqAopPbx
    [2010/12/31 10:17:10 | 000,000,049 | ---- | C] () -- C:\Windows\6BuURPM3
    [2010/12/31 10:17:10 | 000,000,047 | ---- | C] () -- C:\Windows\sVYIGbx
    [2010/12/31 10:17:10 | 000,000,046 | ---- | C] () -- C:\Windows\IKDFk1Bqm5
    [2010/12/31 10:17:10 | 000,000,042 | ---- | C] () -- C:\Windows\4fBLU
    [2010/12/31 10:17:10 | 000,000,041 | ---- | C] () -- C:\Windows\I7P6J
    [2010/12/31 10:17:10 | 000,000,039 | ---- | C] () -- C:\Windows\6jIuPMc52
    [2010/12/31 10:17:10 | 000,000,039 | ---- | C] () -- C:\Windows\1glFrPN
    [2010/12/31 10:17:10 | 000,000,038 | ---- | C] () -- C:\Windows\YsCtBEDlRQ
    [2010/12/31 10:17:10 | 000,000,038 | ---- | C] () -- C:\Windows\KigOuxgJH6
    [2010/12/31 10:17:10 | 000,000,035 | ---- | C] () -- C:\Windows\RYQlGJY
    [2010/12/31 10:17:10 | 000,000,035 | ---- | C] () -- C:\Windows\K2mx685E
    [2010/12/31 10:17:10 | 000,000,034 | ---- | C] () -- C:\Windows\yJOAWI
    [2010/12/31 10:17:10 | 000,000,033 | ---- | C] () -- C:\Windows\p3nTg
    [2010/12/31 10:17:10 | 000,000,032 | ---- | C] () -- C:\Windows\afd8Sb
    [2010/12/31 10:17:10 | 000,000,031 | ---- | C] () -- C:\Windows\OXHEq
    [2010/12/31 10:17:10 | 000,000,031 | ---- | C] () -- C:\Windows\c4ex56ADv
    [2010/12/31 10:17:10 | 000,000,028 | ---- | C] () -- C:\Windows\O1lfT
    [2010/12/31 10:17:10 | 000,000,028 | ---- | C] () -- C:\Windows\CM7esEYs
    [2010/12/31 10:17:10 | 000,000,027 | ---- | C] () -- C:\Windows\NycIN
    [2010/12/31 10:17:10 | 000,000,026 | ---- | C] () -- C:\Windows\V7NlaT6Ru
    [2010/12/31 10:17:10 | 000,000,024 | ---- | C] () -- C:\Windows\AgdRtKVja
    [2010/12/31 10:17:09 | 000,000,048 | ---- | C] () -- C:\Windows\isAoO2VgbB
    [2010/12/31 10:17:09 | 000,000,047 | ---- | C] () -- C:\Windows\edsJS7
    [2010/12/31 10:17:09 | 000,000,046 | ---- | C] () -- C:\Windows\kK6DbQNE
    [2010/12/31 10:17:09 | 000,000,040 | ---- | C] () -- C:\Windows\OLHGO
    [2010/12/31 10:17:09 | 000,000,038 | ---- | C] () -- C:\Windows\l8CjEByRl
    [2010/12/31 10:17:09 | 000,000,037 | ---- | C] () -- C:\Windows\Hhrq2xl
    [2010/12/31 10:17:09 | 000,000,032 | ---- | C] () -- C:\Windows\mrTx7n
    [2010/12/31 10:17:09 | 000,000,030 | ---- | C] () -- C:\Windows\gfQXFJs2T4
    [2010/12/31 10:17:09 | 000,000,029 | ---- | C] () -- C:\Windows\2qSFUGj
    [2010/12/31 10:17:09 | 000,000,028 | ---- | C] () -- C:\Windows\75rjFy
    [2010/12/31 10:17:09 | 000,000,026 | ---- | C] () -- C:\Windows\emr7v
    [2010/12/31 10:17:08 | 000,000,037 | ---- | C] () -- C:\Windows\Fg8CxnqsW
    [2010/12/31 10:17:08 | 000,000,036 | ---- | C] () -- C:\Windows\8EyyTVJ
    [2010/12/31 10:17:08 | 000,000,035 | ---- | C] () -- C:\Windows\3JNHKvN
    [2010/12/31 10:17:08 | 000,000,034 | ---- | C] () -- C:\Windows\gtf7k77cD
    [2010/12/31 10:17:08 | 000,000,032 | ---- | C] () -- C:\Windows\olkmGq3T
    [2010/12/31 10:17:08 | 000,000,030 | ---- | C] () -- C:\Windows\qsijfwGf1
    [2010/12/31 10:17:08 | 000,000,026 | ---- | C] () -- C:\Windows\ImsaYbSth2
    [2010/12/31 10:17:07 | 000,000,038 | ---- | C] () -- C:\Windows\FDYCYdA
    [2010/12/31 10:17:07 | 000,000,038 | ---- | C] () -- C:\Windows\6Myk2cOdi
    [2010/12/31 10:17:07 | 000,000,036 | ---- | C] () -- C:\Windows\TFJXH
    [2010/12/31 10:17:07 | 000,000,035 | ---- | C] () -- C:\Windows\Kg4AHHaJT
    [2010/12/31 10:17:07 | 000,000,034 | ---- | C] () -- C:\Windows\UhdTFg
    [2010/12/31 10:17:07 | 000,000,032 | ---- | C] () -- C:\Windows\WVTQYW
    [2010/12/31 10:17:07 | 000,000,032 | ---- | C] () -- C:\Windows\oG6bwr8
    [2010/12/31 10:17:07 | 000,000,032 | ---- | C] () -- C:\Windows\bHdc7B
    [2010/12/31 10:17:07 | 000,000,031 | ---- | C] () -- C:\Windows\jDq13M24
    [2010/12/31 10:17:07 | 000,000,028 | ---- | C] () -- C:\Windows\eTUPgK1E
    [2010/12/31 10:17:07 | 000,000,026 | ---- | C] () -- C:\Windows\5y6AbV
    [2010/12/31 10:17:06 | 000,000,049 | ---- | C] () -- C:\Windows\yjW3C7
    [2010/12/31 10:17:06 | 000,000,045 | ---- | C] () -- C:\Windows\VTYjhMX
    [2010/12/31 10:17:06 | 000,000,043 | ---- | C] () -- C:\Windows\PUyVE
    [2010/12/31 10:17:06 | 000,000,041 | ---- | C] () -- C:\Windows\eaHyr8
    [2010/12/31 10:17:06 | 000,000,036 | ---- | C] () -- C:\Windows\SEGqplv
    [2010/12/31 10:17:06 | 000,000,036 | ---- | C] () -- C:\Windows\AQaRnS
    [2010/12/31 10:17:06 | 000,000,035 | ---- | C] () -- C:\Windows\ndqLdox
    [2010/12/31 10:17:06 | 000,000,032 | ---- | C] () -- C:\Windows\kSSdatQgG
    [2010/12/31 10:17:06 | 000,000,031 | ---- | C] () -- C:\Windows\SJSVKUKSkx
    [2010/12/31 10:17:06 | 000,000,025 | ---- | C] () -- C:\Windows\T61NCh
    [2010/12/31 00:30:44 | 000,013,834 | ---- | C] () -- C:\Users\matt small\Documents\cc_20101231_003040.reg
    [2010/12/30 21:21:29 | 000,000,112 | ---- | C] () -- C:\ProgramData\EdC4677J4.dat
    [2010/12/29 17:19:52 | 000,000,000 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\downloads.m3u
    [2010/12/26 18:29:56 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At1.job
    [2010/12/26 14:28:44 | 000,067,148 | ---- | C] () -- C:\Users\matt small\Documents\cc_20101226_142836.reg
    [2010/12/26 14:25:09 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2010/12/25 20:20:31 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/12/21 17:04:13 | 000,024,981 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2010/12/21 11:01:55 | 005,474,848 | ---- | C] () -- C:\Users\matt small\Documents\GraduationInvitation.png
    [2010/12/20 15:36:54 | 014,029,420 | ---- | C] () -- C:\Users\matt small\Documents\GraduationInvitation.psd
    [2010/12/18 10:59:32 | 019,985,265 | ---- | C] () -- C:\Users\matt small\Documents\vlc-1.1.5-win32.exe
    [2010/11/24 23:56:31 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2010/11/10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2010/11/10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2010/11/10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2010/06/18 12:15:59 | 000,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll
    [2010/06/18 12:15:59 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
    [2010/05/17 15:25:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2010/05/13 23:03:29 | 000,122,880 | ---- | C] () -- C:\Windows\System32\trc.dll
    [2010/05/13 23:03:06 | 000,010,600 | R--- | C] () -- C:\Windows\System32\IcdSptSvps.dll
    [2010/05/13 23:03:05 | 000,124,264 | R--- | C] () -- C:\Windows\System32\mp3dec.dll
    [2010/05/13 23:03:05 | 000,081,920 | R--- | C] () -- C:\Windows\System32\dsp_trc.dll
    [2010/05/07 17:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
    [2010/01/18 11:17:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/17 13:08:24 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2010/01/12 14:50:26 | 000,002,380 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/01/06 18:39:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/01/05 15:20:52 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2010/01/04 18:59:20 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
    [2010/01/03 13:19:32 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/01/03 13:18:59 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/11/24 10:32:25 | 000,010,056 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (DOS).CAL
    [2009/09/23 17:17:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/18 22:55:36 | 000,000,029 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\default.rss
    [2009/08/11 16:46:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/05/20 13:00:21 | 000,000,004 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\7FE408
    [2009/05/20 13:00:20 | 000,870,128 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\mcs.rma
    [2008/12/04 17:18:28 | 000,036,581 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2008/10/12 15:25:29 | 000,684,032 | ---- | C] () -- C:\Windows\System32\ltmm_n.dll
    [2008/08/27 10:06:25 | 000,009,884 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\Comma Separated Values (Windows).CAL
    [2008/08/12 14:38:43 | 000,009,913 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\PStrip.bk!
    [2008/08/12 14:37:28 | 000,009,817 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\PStrip.bak
    [2008/08/09 14:15:29 | 000,009,595 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\PStrip.ini
    [2008/06/10 19:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/02/08 16:13:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll
    [2007/09/29 23:26:33 | 000,000,000 | ---- | C] () -- C:\Users\matt small\AppData\Roaming\wklnhst.dat
    [2007/09/27 04:37:35 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
    [2007/09/27 04:37:34 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
    [2007/09/27 04:37:34 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
    [2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
    [2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
    [2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/07/21 18:50:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll

    ========== LOP Check ==========

    [2010/09/28 11:39:38 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\4Media Software Studio
    [2010/01/06 17:56:46 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\acccore
    [2010/01/06 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Any Video Converter
    [2010/12/30 21:42:15 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Audacity
    [2010/01/06 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\AVSMedia
    [2011/01/01 19:36:09 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\BitTorrent
    [2010/01/06 17:56:53 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Bytescout SWF To Video Scout
    [2009/09/16 15:55:24 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\DAEMON Tools Lite
    [2010/12/30 21:42:15 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\DNA
    [2010/01/06 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\FileZilla
    [2010/11/11 21:20:28 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\FixCleaner
    [2010/01/06 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\GetRightToGo
    [2010/01/06 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Leadertech
    [2010/12/30 21:42:15 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\LimeWire
    [2010/02/25 14:54:10 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\ManyCam
    [2010/07/09 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\mkvtoolnix
    [2010/01/06 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\MusicNet
    [2008/05/23 11:39:37 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\NetMedia Providers
    [2010/01/06 17:57:46 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\New Tier
    [2010/06/18 12:16:41 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\proDAD
    [2008/05/23 11:39:37 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Publish Providers
    [2010/09/14 10:31:50 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\River Past G5
    [2008/03/14 22:56:07 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Template
    [2010/09/18 13:37:45 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Thunderbird
    [2010/01/06 17:58:02 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Trillian
    [2010/01/22 10:23:43 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Uniblue
    [2008/06/15 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\matt small\AppData\Roaming\Video DVD Maker FREE
    [2011/01/01 17:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\At1.job
    [2011/01/01 20:03:04 | 000,000,320 | -HS- | M] () -- C:\Windows\Tasks\Fvfouxnb.job
    [2010/12/31 05:04:54 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
  14. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Users\matt small\Documents\OT.dmsd:Roxio EMC Stream
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\loiscard.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\housing.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\Copy of loiscard.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasv.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasv.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasthankyou.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasjricks.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasjricks.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasfront08.png:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmasfront08.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\matt small\Documents\christmascousinapril.png:Updt_SummaryInformation
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    < End of report >
  15. crunchie

    crunchie Malware Helper Posts: 761

    Will you be doing the rest soon?
  16. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    the ESET scanner is at 3 hrs 10 mins and going. there's about 100,000 files left to be scanned (says 99% but that's not right).
  17. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK

    C:\Documents and Settings\....\Downloads\registrybooster(2).exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
    C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
    DELEDTED:
    C:\Programs&Games\WSFTP_ProT128_Install.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
    DELETED:
    C:\Programs&Games\Microsoft Office 2010 Activator [KMS Activator] - www.GuruFuel.com\mini-KMS_Activator_v1.053.exe a variant of Win32/HackKMS.A application
    DELETED:
    C:\Programs&Games\Xilisoft iPhone Software Suite 2.1.39.1103\x-iphone-software-suite.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan

    C:\Users\....\Downloads\registrybooster(2).exe Win32/RegistryBooster application


    I didn't touch the other files yet.
  18. crunchie

    crunchie Malware Helper Posts: 761

    Ok. How did you delete them? My instructions were to not delete anything:
    .
    Looks to me like the first two entries were left alone, the next three were deleted and the remainder left alone.
    Please confirm.

    Also, can you please answer my earlier question as to how the PC is now?
  19. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    I deleted those 3 files on my own, because i didn't need them anymore. I left the other ones.

    PC is running alright. the search engines are working and the computer hasn't shut down yet.
  20. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    explorer.exe shut down once and most of the system tray icons reappeared. There were one or two that did not reappear. Everything else is good so far.
  21. crunchie

    crunchie Malware Helper Posts: 761

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
  22. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    ok thanks. ill do it in the morning and post the results.
  23. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    ComboFix 11-01-02.04 - matt small 01/03/2011 10:03:54.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1241 [GMT -5:00]
    Running from: c:\users\matt small\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\std.dll
    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
    c:\windows\jestertb.dll
    c:\windows\system32\Ijl11.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
    .

    2011-01-03 15:31 . 2011-01-03 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-02 22:48 . 2011-01-02 22:48 -------- d-----w- c:\program files\ZSoft
    2011-01-02 01:23 . 2011-01-02 01:23 -------- d-----w- c:\program files\ESET
    2011-01-02 00:36 . 2011-01-02 00:36 -------- d-----w- C:\_OTL
    2010-12-26 23:30 . 2010-12-31 02:55 -------- d-----w- c:\program files\Xilisoft
    2010-12-26 19:25 . 2010-12-31 02:42 -------- d-----w- c:\program files\CCleaner
    2010-12-26 01:18 . 2010-12-26 01:18 -------- d-----w- c:\program files\iPod
    2010-12-26 01:18 . 2010-12-31 02:44 -------- d-----w- c:\program files\iTunes
    2010-12-26 01:18 . 2010-12-26 01:20 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-12-23 22:38 . 2010-12-31 02:42 -------- d-----w- c:\program files\Free Window Registry Repair
    2010-12-23 19:53 . 2010-12-23 19:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
    2010-12-18 17:56 . 2011-01-03 02:52 -------- d-----w- c:\users\matt small\AppData\Roaming\vlc
    2010-12-15 20:01 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-15 20:01 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-10 10:55 . 2010-12-10 10:55 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-23 19:54 . 2010-01-07 00:50 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-12-23 19:53 . 2010-05-19 07:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-12-23 07:42 . 2010-05-01 18:37 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-12-23 07:41 . 2010-05-20 08:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2010-12-20 23:09 . 2010-11-24 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-11-24 03:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-09 07:13 . 2010-01-07 00:50 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-12-08 18:12 . 2007-09-30 03:33 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-12-08 18:11 . 2007-09-30 03:33 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2010-12-08 18:11 . 2007-09-30 03:33 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-12-08 18:11 . 2007-09-30 03:33 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-25 05:11 . 2010-11-25 04:51 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-11-25 05:11 . 2010-11-25 04:52 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-11-12 23:53 . 2010-05-23 14:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-10 07:49 . 2010-07-07 18:55 4323040 ----a-w- c:\windows\system32\drivers\LVUVC.sys
    2010-11-10 07:49 . 2010-07-07 18:54 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
    2010-11-10 07:49 . 2010-07-07 18:54 543328 ----a-w- c:\windows\system32\LVUI2.dll
    2010-11-10 07:48 . 2010-11-10 07:48 283744 ----a-w- c:\windows\system32\drivers\lvrs.sys
    2010-11-10 07:47 . 2010-11-10 07:47 195168 ----a-w- c:\windows\system32\lvci13101216.dll
    2010-11-10 07:47 . 2010-07-07 18:50 416352 ----a-w- c:\windows\system32\LVCodec2.dll
    2010-11-10 07:46 . 2010-11-10 07:46 20704 ----a-w- c:\windows\system32\drivers\lvbusflt.sys
    2010-11-10 07:45 . 2010-11-10 07:45 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
    2010-11-10 07:45 . 2010-11-10 07:45 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
    2010-11-10 07:45 . 2010-11-10 07:45 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
    2010-11-10 07:32 . 2010-11-10 07:32 38238 ----a-w- c:\windows\system32\Repository.reg
    2010-10-19 15:41 . 2009-10-03 05:57 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-07 23:21 . 2010-11-12 08:40 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B1A8904-F55D-4A1E-8E5B-6F028F1E69F6}\mpengine.dll
    2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23 . 2010-10-07 17:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
    .

    ------- Sigcheck -------

    [7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
    [-] 2009-07-14 . C468ADABA2040F6585FE04EA4C81984A . 543232 . . [6.1.7600.16385] . . c:\windows\System32\termsrv.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\users\matt small\Program Files\DNA\btdna.exe" [2009-11-07 323392]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-01 2397424]
    "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
    "dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-27 1862144]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
    "VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-11-25 1287120]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

    c:\users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-7-18 576000]
    MLB.TV NexDef Plug-in.lnk - c:\users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-5-13 802960]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-5 113664]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-13 800032]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-27 50688]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
    PHOTOfunSTUDIO 5.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-5-17 172544]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoThumbnailCache"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-16 721904]
    R1 SABKUTIL;SABKUTIL; [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9e2c2e102d9f;Google Update Service (gupdate1c9e2c2e102d9f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
    R2 MCEBuddy;MCEBuddy Service;c:\program files\Tyrell\MCEBuddy\MCEBuddySvc.exe [2010-01-24 20480]
    R2 TS_TFTP;TS TFTP;c:\program files\AnywhereTS\srv\srvstart.exe [2007-10-29 36864]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-06-19 45736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-19 29472]
    R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-11-10 20704]
    R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
    R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
    R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 218592]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2008-09-25 81920]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-10-12 46824]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 102448]
    S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]

    2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://secure.logmein.com/login.asp
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: webattend.com
    Trusted Zone: webtrain.com
    DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
    DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} - hxxp://www.webattend.com/components/wt0523.cab
    DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=cce877c8fbf127563&browserVersion=8.0
    FF - ProfilePath - c:\users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Personas Interactive: btpersonas@brandthunder.com - %profile%\extensions\btpersonas@brandthunder.com
    FF - Ext: Fast Youtube Downloader: fastYoutubeDownloader@yevgenyandrov.net - %profile%\extensions\fastYoutubeDownloader@yevgenyandrov.net
    FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
    FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: MileWideBack: {dc0fa13c-3dae-73eb-e852-912722c852f9} - %profile%\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
    FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\matt small\AppData\Roaming\Move Networks
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
  24. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client\ccService\Channels]
    @Denied: (C D) (Everyone)
    "{258E4CF1-8035-474F-AF1B-30D6B9E4F55B}"="{3D8D3047-FF84-4703-A918-351E3745C966}"
    "{6EEEC0B2-3418-4583-BD12-01AD3A35ED15}"="{68380BAF-A48A-4B14-876B-A54EE40DE840}"
    "{7647BDA1-EF1E-489F-88CC-67B09631C987}"="{724A4FD9-1DF6-4668-A6E3-836C77B2B8E9}"
    "{8152B3EB-E728-47A8-9388-EC9264F0CD75}"="{3D8D3047-FF84-4703-A918-351E3745C966}"
    "{CDE9F31D-F3BF-4697-862E-A7330FA5DEE4}"="{724A4FD9-1DF6-4668-A6E3-836C77B2B8E9}"
    "{E610EE94-FB92-45EF-8C2D-6805C31F608D}"="{83EBB44C-C727-47EB-9963-083878E71FF0}"
    "{5A10FD38-3275-4C4B-97BF-283CA5AEA699}"="{255B818E-671E-4987-84AC-22116EBE364A}"
    "{1D60D9F8-6F51-4145-B818-8C8A504856C4}"="{14201159-DCB9-4CEB-9F28-717E0DB9DC07}"
    "{0F28522A-0EEC-4B08-9B45-EB0AF900DA18}"="{14201159-DCB9-4CEB-9F28-717E0DB9DC07}"
    "{B28AFF3F-2F8C-41FD-B125-FAD0C4A36AE9}"="{94D09C89-5E35-46BC-85E5-46D078CA2E46}"
    "{9F6440D7-CA1F-43A0-AEA7-8B285B8D0128}"="{D3A604EA-19C9-4651-9852-C3005A5BA0F3}"
    "{2C72071F-3563-4275-A161-2CD94B2B098F}"="{7062E343-DF18-445B-84A8-E641B45055F3}"
    "{8A3070D2-FD93-4680-96DA-19A55FBB51F5}"="{7062E343-DF18-445B-84A8-E641B45055F3}"
    "{451830F4-B220-4A2F-A310-5D7B486F3E36}"="{9B0D58BF-26AF-4913-B662-DAF0992ECD2E}"
    "{F7521315-7B2C-44E3-A702-69056D3FDE6B}"="{437F4045-78B3-4AF6-B167-A54D2F848D0F}"
    "{D6D59B50-97E0-4FDE-8760-9D585206C638}"="{437F4045-78B3-4AF6-B167-A54D2F848D0F}"
    "{59717720-12DC-451C-8768-76303490E3B3}"="{DAFF7E5F-B7E0-4000-9287-64B774811443}"
    "{FB500B33-0A2D-4C92-93DF-DE87BB96DEE5}"="{3711A508-755F-4C50-9178-A9579CEF77D8}"
    "{A1B08C8F-BE3C-48FE-B2D7-41D21C6F4512}"="{3711A508-755F-4C50-9178-A9579CEF77D8}"
    "{683536F0-317E-47FE-A1C9-6615372F040C}"="{DCEFEE93-4F8A-4B2E-8639-11287478C279}"
    "{251B70D5-DA3F-4013-B7A9-37F08ECDCCBE}"="{1EF9216C-A16E-4D81-B2EC-B26A80248DF5}"
    "{F5A62E4F-9385-4725-90A0-C532BAF1E5E7}"="{56036F8C-374E-47EE-9060-3BA1DB1F5473}"
    "{C7EDA060-AABF-433F-A11B-D24499D2B328}"="{D908C5B3-BBE8-49DA-9723-B8E18D3D9178}"
    "{F898FFF5-E5DC-45DC-8C67-C02D8436BD6F}"="{D908C5B3-BBE8-49DA-9723-B8E18D3D9178}"
    "{5BAE098A-BA52-4F3F-ADA5-17A7F72F90B8}"="{56036F8C-374E-47EE-9060-3BA1DB1F5473}"
    "{9A6031F4-7877-424E-8AA5-77BEA4AC3147}"="{00550BDC-792F-41A0-A408-F8FF89A51394}"
    "{1D7E1748-62E1-48FD-B730-03A2FA97EC2F}"="{2F3F005F-D523-45C2-9B11-3A025B45EDE5}"
    "{7ED437EB-9BCC-446C-9846-5FEAFACFDCC5}"="{CCB7D5E0-414A-43AE-9565-E837FA831098}"
    "{C9B500EB-2510-4A63-8587-BA89E32CE066}"="{81F91242-E942-46CB-A731-F96D950C77A0}"
    "{C5D938E8-22FF-47EE-8BCE-6D79E7D4B9FD}"="{81F91242-E942-46CB-A731-F96D950C77A0}"
    "{CD2DFC60-EDC1-4618-9218-34AE12741D1A}"="{20B47F36-7B4C-4FD1-A2FE-F317202EC6E6}"
    "{C5EA4095-B6FE-4EB5-99B0-F44B7217AB2A}"="{FD3F4311-0717-4254-B267-F67D9DDCC870}"
    "{9F6F6FEA-F117-4245-BB10-851383676056}"="{FD3F4311-0717-4254-B267-F67D9DDCC870}"
    "{FCAA19F0-1B86-4C62-AB94-4436979F5385}"="{C526BF9F-F73F-4633-A454-E7B0A7837964}"
    "{5F1875E4-D7AE-420F-AA87-C1E79553FB0D}"="{78137BD4-B9BA-434E-88AD-0C8BA91EC282}"
    "{C51A1A6F-A2D6-458A-B126-1BFC01C2F4ED}"="{78137BD4-B9BA-434E-88AD-0C8BA91EC282}"
    "{E49D6033-1C73-444D-8412-B92DAC0F5CF2}"="{A429E9FD-BF02-45C4-A8BB-274488692C7C}"
    "{0D9BB854-373C-4E44-80DD-82D9D07A47EC}"="{F0985EEB-2B0F-477A-B00B-3E748361F847}"
    "{B65720CC-1E32-4CA1-95C6-F35E03D13DF3}"="{1472A385-C849-456F-949F-5E421558F02D}"
    "{C3984182-071B-4C42-9EAB-03B0C44F9B97}"="{CAAF4C9D-5509-45AF-A656-32B7C20BE82F}"
    "{7DADC287-F8AF-4E0A-8D4D-17199150C72D}"="{CAAF4C9D-5509-45AF-A656-32B7C20BE82F}"
    "{B5D40B69-6415-4849-A169-9471E9805CD5}"="{07B89D75-59C8-42A7-B741-E7999B1C3065}"
    "{E4E9DF46-6BA0-44E6-82E1-B2A69851C3E9}"="{EF6F37BF-6C9B-484F-AA7B-680B594CB016}"
    "{2703F341-C77B-455C-BA72-5530902DBDE5}"="{EF6F37BF-6C9B-484F-AA7B-680B594CB016}"
    "{1278A7DC-D927-4A17-8FF0-7A2DA459E719}"="{86890D00-1186-488C-923A-36943771E9C1}"
    "{FEC9EA5F-D2F8-420A-A957-70781AFFD1C1}"="{86890D00-1186-488C-923A-36943771E9C1}"
    "{3B3133BF-DEBC-4EEE-863A-E868E25189E1}"="{58E7A825-6828-4AB1-BA4A-E350D8E056DA}"
    "{93E1082A-C53C-46C1-B137-1F86F3179AE2}"="{58E7A825-6828-4AB1-BA4A-E350D8E056DA}"
    "{837A30D3-F8FC-4B08-9F70-CB5702613C1B}"="{F7AD1465-8071-48EC-990D-CFC2233C0078}"
    "{6EC8B00E-DDD4-4EDD-9567-C52075D8D5AC}"="{4FB41A77-C5EC-4F1A-A34A-D1B6513FA65B}"
    "{04EDC334-004B-47D2-B4A0-4F75361B52B6}"="{4FB41A77-C5EC-4F1A-A34A-D1B6513FA65B}"
    "{A38E6936-AB16-43F1-9F1F-0D7B3EB199D5}"="{F0F21A32-BD1D-4415-A04F-49478413BC8D}"
    "{B7B30845-0926-4489-8A16-F5C71FE91DFC}"="{F0F21A32-BD1D-4415-A04F-49478413BC8D}"
    "{C2390DA8-41AE-46B2-A5E6-3CD64C10E1BF}"="{3FA99524-34A0-4262-8116-F515CEE79BF1}"
    "{B5CAF68E-630A-4E90-97AA-05813232220E}"="{15E7FCBC-9ABA-4275-953B-152D3EEC45A8}"
    "{C53FB0FE-7B0F-40AF-85BD-4F4F5AA4C4D3}"="{530DD3BA-CCCB-458C-80AD-D7EE32F89628}"
    "{632E6357-958D-491F-980F-184CAB0C7426}"="{530DD3BA-CCCB-458C-80AD-D7EE32F89628}"
    "{8470AB1E-8907-4F5A-943E-93A769504504}"="{70F991BD-264E-4F86-95D2-CD5D4C228B83}"
    "{9B3C6960-55A4-48BD-B0C3-ABD075908B6E}"="{7F078DCF-CD8F-451A-9BCE-FADA41FA7A6D}"
    "{57F4F6E0-ACBA-4541-8E93-423514564F60}"="{7F078DCF-CD8F-451A-9BCE-FADA41FA7A6D}"
    "{19A6C8CE-85E5-423A-93A2-00EFB09ABBBA}"="{B7C6C05C-10C4-47AD-AD3F-074B481E3953}"
    "{4F787445-CF68-454D-B541-6FABC9DCEBF2}"="{74EB45F7-62BE-4EC8-B452-D0126175D2AD}"
    "{FB65F464-A4DC-4A4D-A5E9-B65D13EA2870}"="{74EB45F7-62BE-4EC8-B452-D0126175D2AD}"
    "{B4EBEE3F-CBFA-4C4B-873D-82FCCF6AE2C3}"="{EA64EF25-E470-4722-8866-8C1783724D08}"
    "{D9788DC5-BE8E-43C3-9C66-BE713FAF03E6}"="{DB554A0D-8CA5-4329-BE68-16309911E9A9}"
    "{354FAF73-B0F1-49FB-A2C5-78246C4F43CA}"="{08185047-17BF-4348-AAA2-486A34BCF393}"
    "{96E5D08D-2CB5-42E6-9E1A-EBA425A5780A}"="{08185047-17BF-4348-AAA2-486A34BCF393}"
    "{1C50A936-4CE1-4BE7-BBB5-28BB268CBA9A}"="{53BEBD27-F224-457C-A022-DB59FF21E281}"
    "{940D08E0-521D-4206-B05F-C8B2E12F8937}"="{16F76879-BBF8-46B0-8FE0-BF43FEAAC16A}"
    "{A3B50ED7-534C-4D8F-8A76-681DE3E7381F}"="{16F76879-BBF8-46B0-8FE0-BF43FEAAC16A}"
    "{A46BB227-C246-4010-82FC-642E6FB3F10F}"="{DFA1D955-9DBC-4751-ACFB-FD4D1853DE8F}"
    "{E39926E5-64C0-40F2-B762-C0389DCD0B9A}"="{6F892C6A-F705-44D8-A5CB-F2EFFC10DC70}"
    "{A5AA1692-43C2-482F-B7A5-93229AE0704F}"="{6F892C6A-F705-44D8-A5CB-F2EFFC10DC70}"
    "{4018A635-2BD5-4FED-96E5-4C53E2A3AD32}"="{DFD21436-3CC4-40EA-8AC4-E44CC105F2F0}"
    "{A6522AD4-344F-493D-95C8-097FCE154CA2}"="{AFFF198C-51DF-4CC3-B018-A04374470F67}"
    "{ACF34CAF-6B7E-4948-B7D0-0159B91CD5A3}"="{AFFF198C-51DF-4CC3-B018-A04374470F67}"
    "{1C09A06E-7839-401A-B875-3090CE29FDEA}"="{17EF6B9D-D3F0-43B9-B396-F3347C7D61F7}"
    "{FAEC2551-F71A-4F00-86F9-1E2FB8C67403}"="{F1F9FDB9-DD2A-4A25-9876-9B27F6892353}"
    "{0415DC78-85A9-49DC-9B81-62398CB57041}"="{F1F9FDB9-DD2A-4A25-9876-9B27F6892353}"
    "{9A7D1D79-DE78-4C01-8600-FFC3A8042A91}"="{FC9E4F8A-111C-4201-AB7E-DCD1A172C8FC}"
    "{12E32C8F-EB7F-460C-86B5-3EB54658357C}"="{912A5AD7-B700-4BB6-AF01-D2595DE1E1B3}"
    "{E9C90F07-8662-4A02-BEE5-52B3D09564D2}"="{912A5AD7-B700-4BB6-AF01-D2595DE1E1B3}"
    "{1AD8FC30-A34B-4AB1-BE17-BE6D71A5A748}"="{C9DE9539-064E-43A1-84B4-9FF1D93E2D32}"
    "{6B2E84E9-F31C-41EC-9057-2F1B6F438CF2}"="{C9DE9539-064E-43A1-84B4-9FF1D93E2D32}"
    "{538CC162-09D0-49CE-9999-C343ABF133C2}"="{F7ABFEEA-6B7B-4071-8EB7-D3F42FF37814}"
    "{29FD1373-619E-4D0B-830A-06E1A16E7D2E}"="{C693BB16-AD3B-4CDB-BD04-1AD8DD8A18A7}"
    "{4C69C2FA-72FE-4B0B-87F0-A41651A1C747}"="{F0BD8310-B95B-46B6-BA79-10866D87A177}"
    "{C1A4A44D-8772-46CB-A99A-2689AE9F2492}"="{1700A072-4BC8-4DB8-ACFE-96E25FDBB32D}"
    "{B1EC4AE6-8544-43CD-9556-4FA850E6E53B}"="{F0BD8310-B95B-46B6-BA79-10866D87A177}"
    "{E6FC24BD-6584-450E-BE77-F8B48AC92245}"="{C693BB16-AD3B-4CDB-BD04-1AD8DD8A18A7}"
    "{9D1B5001-364C-4C80-BA31-B078018F258E}"="{E06A47B5-FC3A-4D68-AF8E-CA1A5E391BCB}"
    "{0C061882-A081-402E-8EEA-D327FAEDDD53}"="{6317FCC0-DA66-4FE8-BE17-926452CFB755}"
    "{17C3C0C3-C169-4A10-ABE4-8D7492D5F565}"="{CE7490AA-7DF8-4F0F-8A13-99F6DEE154D6}"
    "{47D15730-341E-485F-9C97-252B7CEC3B13}"="{362FF233-2807-4E02-ACB2-73E7C54D8008}"
    "{23AEC6D0-9E4E-4F33-99D4-4B367861B717}"="{362FF233-2807-4E02-ACB2-73E7C54D8008}"
    "{C97A97D7-7248-4A77-8615-3AA19A650C1A}"="{6317FCC0-DA66-4FE8-BE17-926452CFB755}"
    "{B9D73179-3649-4EBE-B364-E969A30D9165}"="{B3A63B7D-6EB3-46FE-A022-2468057F5B73}"
    "{85A9CFD9-D375-4C1D-9731-54B147698EE8}"="{DF2F84C4-1B1F-4145-88AA-1E7A8EFE35D4}"
    "{7E97C6EE-ABD1-4BAF-AF8E-016D1EB32519}"="{947EAA02-5A8B-4FA1-AEDA-FE4B7D717D97}"
    "{8F980EE4-2F9C-4B66-8536-D0EA994081CB}"="{947EAA02-5A8B-4FA1-AEDA-FE4B7D717D97}"
    "{64F846BD-6EB0-4441-ACE4-C87605482F3A}"="{BC035A46-DFE7-45E6-8F32-3ED77AEAC5CD}"
    "{A7F55D1C-98A5-444A-8D57-E47C90421942}"="{2ABDD67E-019C-4C8B-8442-4BDA01060029}"
    "{F5893AAB-7AFB-4003-9CFD-ADB8968403FF}"="{2ABDD67E-019C-4C8B-8442-4BDA01060029}"
    "{45297EE0-2A2F-4366-9EB9-64ADB26016D8}"="{2B0AA92B-AC1B-44FF-B725-6A72AF7AFC52}"
    "{40672798-D005-4DAC-B1CB-B3A707E32497}"="{019A9326-3F5D-429B-9BFD-9DD0619FEB2D}"
    "{67B4EC11-8052-4B77-977F-6655C276CADE}"="{E3E6D072-5573-429F-AD54-D02A71D51B90}"
    "{CD2EE7D4-5E85-4F03-88D6-D80D9F59EB50}"="{0007C8BF-6D42-4D90-AA20-ED3C337EF3E5}"
    "{EA008516-432C-487F-B398-BFE40F85AC29}"="{E3E6D072-5573-429F-AD54-D02A71D51B90}"
    "{99319FE2-DCDD-491B-9668-C708AF79B7CB}"="{019A9326-3F5D-429B-9BFD-9DD0619FEB2D}"
    "{0AAE6FE1-8287-46B8-BFEE-1BE2F4ED28BE}"="{35EBCB59-28C8-430E-9E9B-86CFED4A97B0}"
    "{45A53D27-42C3-419A-8867-ACA136350DDB}"="{35EBCB59-28C8-430E-9E9B-86CFED4A97B0}"
    "{3719C6D5-AC48-4E3D-AB0B-9FB4C3DBFAC6}"="{0C55BCFC-DECE-4F5E-88EF-839298D671BF}"
    "{CD1A8723-C02B-49FA-BDAC-FF2CAC21C36D}"="{AD85EC12-F09C-4920-A1E4-4243C13B2D8D}"
    "{63539E95-2BB0-4F7F-B429-915DD7DA897C}"="{DA65D6AB-E821-4311-B904-A4939E7A3018}"
    "{E71878A4-2415-4D27-9073-942C3489E1FF}"="{DA65D6AB-E821-4311-B904-A4939E7A3018}"
    "{65C3361D-27DF-4E3E-8775-89D7FBA7FBCF}"="{E24DB8FE-437B-45D5-8431-305C8038C5B1}"
    "{BCD30C9A-40ED-4D2E-A73A-D113AD4EC89E}"="{EE089F88-B5E9-4337-9FBA-4D47A08C5248}"
    "{65032204-9E31-4D36-9F2A-4F523EAAB4FD}"="{0BC7EF78-466D-49DF-9749-EC2F5F868AAA}"
    "{2044C65D-5C2C-479D-BA67-35ECE280D082}"="{0BC7EF78-466D-49DF-9749-EC2F5F868AAA}"
    "{81194EB1-7D27-4086-B23A-BB2050ED8151}"="{476BFD72-837D-4D60-BE35-B8E4B93C963A}"
    "{060FD416-0E8B-4193-AAC6-C962976C3C51}"="{40F53C37-7183-40FD-99B7-D26A7D20FEE7}"
    "{842DF0D7-93F6-47E8-9A63-962EA10951AF}"="{7C90A2A2-00CA-4F90-8B92-12689C9F1797}"
    "{D7165859-FA7E-4799-9DBB-67925B50838D}"="{D02B940A-E99E-4EC2-A7D1-B9BCED56ABA3}"
    "{4578AB4C-BFCF-4779-B832-A61B2D343C49}"="{D02B940A-E99E-4EC2-A7D1-B9BCED56ABA3}"
    "{96DCB54C-74BE-4E6F-A8FD-5460624A04CA}"="{0872CF1C-F5B3-4EF1-A86B-854938E9208A}"
    "{EFB4DA93-AB4E-4185-AA52-13268EDB457B}"="{6CEB6F64-DCD0-489F-BBCE-B916796F7B49}"
    "{F796C74C-C182-4EB2-AF0E-8BE4D7146F52}"="{213DA905-2868-4BCE-A01D-859436D2F8DA}"
    "{733F5E51-FEE7-40B6-B8C6-2706621E3635}"="{213DA905-2868-4BCE-A01D-859436D2F8DA}"
    "{98FDB9FF-7AA9-4C05-A8F7-7421813D8E20}"="{049FECBB-3AB5-488A-92EE-CE22FD0805A2}"
    "{21A8BBBA-2B67-4D82-924A-485E36F4CE8B}"="{049FECBB-3AB5-488A-92EE-CE22FD0805A2}"
    "{6032716C-0967-46BD-8AB8-38160BD2A109}"="{7EBB3D30-D5E2-4869-A055-DADC23541D04}"
    "{141693A7-197A-4CE3-A81C-48BA04414F09}"="{EF7D13CB-4CDA-4D22-BCEC-3CCA19CF2E63}"
    "{76C7E9A9-5016-4816-B84F-9BCEAF70A5A0}"="{3D1CF165-115A-4920-917F-37C1E632CC55}"
    "{32046A9D-4FF4-4AF4-B728-F3E605B9006F}"="{E79A2CC9-C8D4-499C-B020-845014A788AD}"
    "{D0C3EC87-81A1-4B23-A178-AFE74FC10412}"="{E79A2CC9-C8D4-499C-B020-845014A788AD}"
    "{86491098-AE2E-4EC0-9EC5-9A179AF6F9D4}"="{78702EB3-2BF2-48CF-988F-66C48529D14D}"
    "{31092FAC-8B60-4911-9B60-B0CA43D875D9}"="{7414233B-97C5-4149-B613-DA6C8EF6EAB8}"
    "{72324082-633A-448D-86FA-9652EA37A00B}"="{A36CC76D-AA7F-4FB3-814B-560AF32DE00D}"
    "{380E1C76-B555-43DF-9227-75CFE6F00821}"="{A36CC76D-AA7F-4FB3-814B-560AF32DE00D}"
    "{3F86791A-038F-41A7-8F92-4FD77EA370B6}"="{4A85E6B6-EF0E-4B86-98E6-52F241CAE3B1}"
    "{F4F105B4-AFCE-44A1-B100-4930BC105522}"="{69A59FD2-DDAD-4952-BACD-DCEABF8FE01F}"
    "{4BC49A4B-27B7-42C0-A26F-2D0BEC864286}"="{E8476E2A-CBD2-4490-9CDF-6FEC9E7292EE}"
    "{99D16E9F-8C1E-4EF2-BAB6-CCC4C296B58D}"="{E8476E2A-CBD2-4490-9CDF-6FEC9E7292EE}"
    "{72E3D79E-A7E0-4918-B096-7048CE9C27FA}"="{CAB4A579-F842-4D61-80BD-E977135F8148}"
    "{DA51CBB1-BE33-48BD-9830-598BA06AA162}"="{83267CEF-AE80-4F88-A231-C7D082761E0E}"
    "{D70B7BAA-F812-4722-97BC-12C8CCC2C28A}"="{83267CEF-AE80-4F88-A231-C7D082761E0E}"
    "{99079BA8-BBD8-4A91-8A72-D8F2FDA03F3F}"="{540D89DB-1D4B-42D2-BF6D-568893DC05B6}"
    "{D2025B70-57BE-450B-AE88-0E7BDFFF36B4}"="{CC8D4491-B15C-4B5D-9E4F-9B18629495AB}"
    "{7F75F690-10B2-46AD-89BC-F69C0F53499A}"="{CC8D4491-B15C-4B5D-9E4F-9B18629495AB}"
    "{6B889403-B2BF-4F62-A97D-DB2E54BD9927}"="{FA425946-CE5A-47A0-B1AF-E434B4BE12AE}"
    "{A35B49CF-586B-432B-BDFD-F86A689381BC}"="{31271B9A-8A02-46E2-82D2-2A2C48F5AE6D}"
    "{25EA500D-DAE6-4720-A596-CBBD0413090A}"="{0AB481C9-B80A-4CDD-B284-C8DF84A81B2B}"
    "{D738ED55-829B-4C64-BE07-E57D7D67FE15}"="{31271B9A-8A02-46E2-82D2-2A2C48F5AE6D}"
    "{802E0237-22D6-4A1E-943C-AD8C322C03DA}"="{A6895D9E-ECC7-4A7D-BF4A-8B0F8DBC6CDF}"
    "{9145A899-328A-47F7-BA40-80A2DCBF81DC}"="{5FAFD5DF-D815-480B-8A94-4EAF91DB16DC}"
    "{E59B07D4-4DC1-4DE3-8BE4-C627D7FDE932}"="{F1DA788A-1977-4F90-84D4-20AE667C17CB}"
    "{E3D03E3D-F5F0-445C-BE09-384C8DAE46D3}"="{5FAFD5DF-D815-480B-8A94-4EAF91DB16DC}"
    "{405FA2E8-329F-4E94-8FE1-6DF42E829E90}"="{80A9280E-32A2-4076-A18B-77432F28D39C}"
    "{A59C4985-2D80-4EDF-9378-DD35EEF876EC}"="{27C7061F-3412-441C-8D23-9A66CEDEE8FA}"
    "{7BC333D9-A3DB-4DCE-A7FA-1EFD74C317E8}"="{1B486873-93AC-444F-989D-431FA73E034A}"
    "{218095ED-CC14-4889-99E5-9CF34FB8B143}"="{1B486873-93AC-444F-989D-431FA73E034A}"
    "{B24DC7E6-8302-4C87-A8AE-69A6EA7240E8}"="{1EE35DEC-5642-420E-BEBB-FF37F2E3A35D}"
    "{B3C9D609-5A4A-4B19-A0EB-1F8D42E0A07E}"="{AD67A87A-9CC2-42C1-8D8D-93D50B885809}"
    "{9614E561-76D6-4170-A07C-E91D8C9E7263}"="{31923B3C-54F5-4DBF-8F8A-ED42BA4BDD05}"
    "{78B9BB84-018B-4E98-8163-C49E184264C5}"="{AD67A87A-9CC2-42C1-8D8D-93D50B885809}"
    "{F74D1A26-7184-4860-B4AF-61DB5AC11581}"="{D8C80CC6-4DE3-4244-A210-D350E62B6121}"
    "{5F67012B-0008-456B-A001-8A59208CED4F}"="{FCD2D189-170C-4173-85BD-7F7E6DFEF2DB}"
    "{59E8D1A1-9AD0-4BB9-8695-D65C6EC45F64}"="{FCD2D189-170C-4173-85BD-7F7E6DFEF2DB}"
    "{6416F6F3-137B-4306-BBC6-F4B5087DE943}"="{B9665550-EDA4-4265-8936-4BB1515C0123}"
    "{66287DFF-B4D3-4864-9691-D517AA389153}"="{B86E81D3-85D0-48BB-A7B0-1D399F272F1D}"
    "{E458896D-52C6-4FDD-B557-0D4A1B0D6349}"="{B86E81D3-85D0-48BB-A7B0-1D399F272F1D}"
    "{EEF45D3B-4BCA-4599-AED3-3A8FE77DD56C}"="{BC70ECAD-4C5F-4C22-8123-AD37596373AA}"
    "{0486EB87-45EA-4FDB-A942-5083F8978981}"="{3B34029C-EAA6-4057-A80C-EF88B70EA1FF}"
    "{F9C03C2A-5DF4-42D3-98A8-F1D6F5CFBB86}"="{3B34029C-EAA6-4057-A80C-EF88B70EA1FF}"
    "{60B1D13A-1211-4118-91E9-EA7AFDF05C00}"="{ADCF4E3D-B79D-46D3-8F06-902F4BD1DD82}"
    "{E24C0B83-6430-47A7-9A7B-6A701B6BE858}"="{C4A20312-4DF9-4F75-82AE-E58212705194}"
    "{2B71D7EE-4CBC-4FCC-8C2C-A4AC14A1FB4C}"="{C4A20312-4DF9-4F75-82AE-E58212705194}"
    "{3F1551CC-4760-4A7C-B958-A7E0BA71DFCD}"="{F5CD8E58-EDB7-40D3-A6C4-E5C3A39FE8EB}"
    "{A1615DE3-FE1E-4877-9469-6C9349E0F987}"="{95877741-3D54-41DD-AC0C-4D7DC5536073}"
    "{2DD5A06F-A65D-441B-991B-F8BBB48F1215}"="{95877741-3D54-41DD-AC0C-4D7DC5536073}"
    "{D074FC68-5EA2-4C6F-95A4-7E7D1FCEAC07}"="{F05D84DF-A39E-4A63-9851-C050A2741B3B}"
    "{62DB2AD9-4A6A-45EC-956D-CF21DABB6510}"="{6CD7B555-E734-4A08-A405-661D493ACD50}"
    "{D56E1065-3AB8-440B-8ACC-1607350F54A7}"="{D3647F80-DAFA-4D52-8E7C-B3830FB29EBA}"
    "{A2188A35-D70C-40E1-98D5-D2A3105C1937}"="{D3647F80-DAFA-4D52-8E7C-B3830FB29EBA}"
    "{790BAA31-042B-46B2-82A1-8351D029D01E}"="{CA552C25-6C8A-4B89-BD18-E15ABD9A7A0D}"
    "{456A505D-95C9-43C9-8F80-1D76A48F2968}"="{3DA1BB7E-16D5-456F-921B-14506AA4801A}"
    "{702F1BE1-5743-4799-B48F-468860118347}"="{C6142F1C-6700-4285-AACD-75460E011AD8}"
    "{C63D9836-A18E-4DDF-892B-B49DF234280E}"="{C6142F1C-6700-4285-AACD-75460E011AD8}"
    "{7817A2B7-4344-4FDE-B73F-0B6735E9198F}"="{3ED3D105-AE21-4239-8580-E4F17E05ABC8}"
    "{FC8B4735-0565-40D6-A95C-90B8CF789FB8}"="{3ED3D105-AE21-4239-8580-E4F17E05ABC8}"
    "{2D4A30F8-2206-4680-B0E6-FF7ECA89B133}"="{7F5A48F3-EF08-459A-ADAB-CFC1361DE676}"
    "{8B483EE0-424A-4DEE-BE1A-4FAAE4322388}"="{7F5A48F3-EF08-459A-ADAB-CFC1361DE676}"
    "{E27BF9E2-4167-46AB-BCEE-8CC9928FCF7D}"="{3A0D0488-98D8-4B90-96A9-61CFEAEC74B7}"
    "{BE208E4D-E54B-4FB0-AEF2-669D97E48290}"="{3A0D0488-98D8-4B90-96A9-61CFEAEC74B7}"
    "{828FC422-7820-44EC-A8AC-8CB85E6D8F2D}"="{67143093-AA32-4D1E-B2F9-B09F4C482836}"
    "{5921FDC9-8DC2-427A-ABB8-A19D8B12D8DB}"="{CDB9E30B-C735-4B46-85D9-BC901F0CE7EC}"
    "{BAA7EE63-C1FC-4BEB-9556-AAB47AA9907C}"="{2B70C6CE-0B3E-4798-9A0E-2739096695FF}"
    "{39A84DB0-C3D0-4108-9C0A-7DCCECB7909C}"="{2B70C6CE-0B3E-4798-9A0E-2739096695FF}"
    "{00C930C8-BDE0-4385-9152-710CCFC36310}"="{2FFAF49D-728C-43C7-9553-6A170AE83501}"
    "{45404933-07F4-4018-903F-9D8F657317AB}"="{2FFAF49D-728C-43C7-9553-6A170AE83501}"
    "{562DD3C5-78C0-42CD-9A72-C53C4FC2EA12}"="{79FF9686-5647-49CB-8894-7C072D9DFF92}"
    "{4DCF4C2E-3C51-4940-86D6-478B7318E113}"="{33EF58A4-DADD-4D2C-AF5B-E333B0272452}"
    "{54E62B05-58C0-4210-9E04-C80BFADF22DC}"="{33EF58A4-DADD-4D2C-AF5B-E333B0272452}"
    "{6B9799F2-2DCA-4904-8815-885832CA56B3}"="{D985D8A9-D171-480D-BEC7-CFEC1D17CF6F}"
    "{63EFB789-8C54-4D29-BFAA-1DB5D62071C4}"="{D985D8A9-D171-480D-BEC7-CFEC1D17CF6F}"
    "{6BF149A5-545B-4408-90A2-264DC41D7757}"="{AC26EC0D-26DD-4BE6-AE71-228AF5E795CE}"
    "{91A581CD-8E2F-48C6-9318-8E9F88F38EAF}"="{1BD3FFEE-2625-448F-9A8C-79B355B9CC7E}"
    "{FD4ACC6D-F7CA-4688-A9B0-AA104A020236}"="{1BD3FFEE-2625-448F-9A8C-79B355B9CC7E}"
    "{F78B9899-4706-42CC-B683-F32CB369523E}"="{97F3BDED-4FFF-4450-844E-01F26BDA4131}"
    "{446F82CE-EE26-4175-BBE6-2FFB8C07CD70}"="{8AAD365E-B87D-47D6-B9E3-DC9D5F890332}"
    "{D12427F3-CE75-4D97-8284-953F4772D248}"="{8AAD365E-B87D-47D6-B9E3-DC9D5F890332}"
    "{0A361B80-3FBF-4A5D-90D6-FD9A1BACDF8D}"="{27C96B01-09BE-4E32-99F3-C22DB2BAC3EC}"
    "{555143D0-7104-404F-B48F-D9BB02C7AA88}"="{2E97F4C5-4380-42EA-A75C-1DBEE8687C44}"
    "{AFA2BF53-EE8F-4856-B081-35F310D8B351}"="{2728906F-EBA8-42E1-8832-AD60D652D7BB}"
    "{5A540FA3-2B2C-4219-BF2B-D57531F64478}"="{2728906F-EBA8-42E1-8832-AD60D652D7BB}"
    "{D68C82BE-66F8-4421-AD97-62C9CEE97703}"="{176C1456-4E78-4EF1-8D14-B86FC796F367}"
    "{78B36DB9-E549-496A-920C-889242C85697}"="{0767A3E3-EA48-4950-A2C4-6AE6FB2622E9}"
    "{597D6C09-2939-48CD-B1F6-7133103C179C}"="{0F70F440-7622-4253-85D2-6BC27B70480D}"
    "{AE89E38B-6DBE-4053-A7FF-2BDD9024A5BE}"="{0767A3E3-EA48-4950-A2C4-6AE6FB2622E9}"
    "{9A2AC5EA-AEB8-4739-BC36-D47B788DE345}"="{13A54885-FA74-49CC-B79C-613C9B07A6D8}"
    "{7C8F85BB-0EAD-4CF6-B23F-361678FA1DC8}"="{A1D005A3-F59A-4B24-B30B-0ACEAEA8319F}"
    "{A74B0DC2-FA35-4AAF-85BB-DE3A362471F2}"="{A1D005A3-F59A-4B24-B30B-0ACEAEA8319F}"
    "{A0F617E8-07D2-4B6C-992E-65597D9CA438}"="{8838570A-DB07-4474-A27E-93919DD09E7F}"
    "{6FDEAD34-E502-436E-8536-004528302F9E}"="{8F2A4155-5CCD-4BBB-B107-21F69DCAAF5E}"
    "{3C3FA589-2EDC-42BB-ACBB-D95686AA96FF}"="{8F2A4155-5CCD-4BBB-B107-21F69DCAAF5E}"
    "{D8744430-22E0-41A7-A040-848FFB568BB6}"="{228E5B79-503F-413E-99F8-1D56150D6A32}"
    "{AD9B45EB-7FE6-4173-B1A4-04DD4A89E027}"="{CD68FAAD-7244-4024-A66D-9F67E355DD03}"
    "{0BE3CD42-3004-41B8-BA6B-BCC71AB2F639}"="{CD68FAAD-7244-4024-A66D-9F67E355DD03}"
    "{8DCC33A6-E918-464B-9072-7262A0A7A036}"="{5E745C93-3E7F-4ED8-9EF3-12B1BEE416FE}"
    "{5D102B75-4AE7-43D3-97A6-102390F2D58C}"="{5E745C93-3E7F-4ED8-9EF3-12B1BEE416FE}"
    "{837F07E6-F62A-40EF-A8F0-D6B280C66F5E}"="{EAFD7A7C-C2AD-47AA-B9AC-3B3D2C8C9F3D}"
    "{F5F342BF-F8F5-4B4B-8E45-FA08CFB8925A}"="{1624442B-1402-482D-A86E-49A2CA1F616B}"
    "{4788FE6D-1BF1-4412-BAE8-8EBED55BB5A3}"="{1624442B-1402-482D-A86E-49A2CA1F616B}"
    "{F4ABD4F2-2410-4C10-B86D-DF808A0BBAD1}"="{848F66E6-2DF0-4C6F-AF9C-D2BDD94E48FE}"
    "{2FAE970B-EA62-4DD1-8927-8FF430672644}"="{DA9D401B-5453-400B-9F29-3687B6BB4631}"
    "{518E4A02-48C9-4351-9DFB-D3101B3FDAD8}"="{DA9D401B-5453-400B-9F29-3687B6BB4631}"
    "{EF41E6FB-810B-436C-8941-352710216505}"="{CF861977-15E9-4BC2-A4FE-DBD5B36817D2}"
    "{CAAA4BC7-A253-4BED-9ED9-CC2D0E849DAA}"="{8807E36D-A82E-4BC5-BA1F-5F61A7F73AF5}"
    "{D6843473-ED97-47EE-9C8A-62C3245E92D5}"="{8807E36D-A82E-4BC5-BA1F-5F61A7F73AF5}"
    "{D4424352-CF57-45FD-A96C-B69F2728B1AC}"="{F46F159D-9B30-49F2-881F-57CFF2556066}"
    "{7154A47C-738C-4279-813F-9B098ECF7377}"="{0B833DAA-B935-4196-AB92-BFE7ECC7B92D}"
    "{AB261A51-F2E9-4697-A489-596AE8D58109}"="{81692DED-1285-47BE-BC04-D7BED69F97B4}"
    "{C0AA8CA2-5BE8-4B03-8BB4-3B354D86BB2B}"="{2C3346F8-EA75-4517-8733-411423BF6BED}"
    "{727E6292-F825-4DF7-879F-E807CE932575}"="{61DA3583-25A1-429C-914C-93530B3F7EEF}"
    "{0DA737FD-DFFE-49A6-950C-B28D34533459}"="{4A121F6F-1AD7-40EC-A762-2CED10A24158}"
    "{3E3A15C9-FB40-46A9-A862-5C39EBF85E30}"="{6D449ADF-58F0-4CAE-A12E-9982C9E52D36}"
    "{55AF7800-7B15-4779-9637-2F24FBE610C1}"="{6D449ADF-58F0-4CAE-A12E-9982C9E52D36}"
    "{05E6EBEF-967C-4F49-8AF8-7F36DE82D9E1}"="{35F89E31-B66B-43D5-8709-10EB06279C30}"
    "{AFA0D00A-FEF4-4DE1-B4B4-2D6505258AD4}"="{1016D81A-FCC8-4EF7-AA6C-E6FEEBA4CEFA}"
    "{1A5356DB-110E-4305-8AFE-5F686422C7CB}"="{1016D81A-FCC8-4EF7-AA6C-E6FEEBA4CEFA}"
    "{1950201E-9867-469B-ABD1-8092AE9264C3}"="{91EFC23D-E7D0-4F01-AD40-0B68F3577A15}"
    "{1CA71049-93F6-4B8D-BBFA-952FF97826E2}"="{0B77A563-29D2-4673-82A2-5ABF766C6D17}"
    "{8067C410-7309-408E-B89A-05C80C469654}"="{C9D7BCC9-677A-4EF2-85F4-C732163144F4}"
    "{F95394EC-9C4F-4EC9-A8B2-019880C1EEC4}"="{C9D7BCC9-677A-4EF2-85F4-C732163144F4}"
    "{3B8A0483-FD06-4FF1-91BE-1CEA23A83454}"="{6E773B2C-0034-4180-BE55-093C54B1A8B1}"
    "{FA83043C-D883-4C1F-90EA-3E8BC7200FD3}"="{36255248-033A-4E77-BD9C-5CD2BF752FBF}"
    "{BC7DD456-23E2-489A-B009-3582B1E62E9E}"="{36255248-033A-4E77-BD9C-5CD2BF752FBF}"
    "{9C7E5BA8-EED8-4F89-8B57-DCE1C53746D1}"="{3565A3B0-DF19-4068-83B8-A470AE84B8B2}"
    "{35D871C6-72E4-4899-BCDE-CAF71F24BA68}"="{6678E39D-9341-40C2-9CF4-5AEE52D0ED30}"
    "{46FEA3A8-074B-4B37-80C6-B93F63E5762C}"="{993F7581-5BC7-4946-87FD-B0CAFE3D6DB5}"
    "{33161DC9-759E-4CCE-8245-636B2FA0FA2D}"="{993F7581-5BC7-4946-87FD-B0CAFE3D6DB5}"
    "{E3CCA8D8-A468-4302-992D-8729B60AA89B}"="{10A3F5A1-1476-4DCB-AF91-7D32A28B8A4A}"
    "{FA0EDBF0-EC1F-4E36-B629-116AB63DBAD6}"="{10A3F5A1-1476-4DCB-AF91-7D32A28B8A4A}"
    "{24020F7C-A310-4482-9103-F7605723E48C}"="{8CDF5DFD-0278-40DF-81F2-4285AB9C30CA}"
    "{D5BFBE69-0A78-4833-AF07-CB73AEC7A505}"="{C54A2373-3C4C-44A6-A2F2-F2B7250275AA}"
    "{92459EEF-BC1B-4521-A45C-24D0B83EB973}"="{C54A2373-3C4C-44A6-A2F2-F2B7250275AA}"
    "{6D15ACCD-B150-4458-ABC2-BB01B4213BAA}"="{9C7B63FE-FE06-4ACA-916A-9037511CAD24}"
    "{D1AEE0EA-4D6E-4E05-A374-244BE55DBE4D}"="{D9C6CA28-0C0B-4D4F-AE88-AE017B1D0877}"
    "{62CA4714-4BDC-4400-A085-90511CC8D48D}"="{D9C6CA28-0C0B-4D4F-AE88-AE017B1D0877}"
    "{51C9BB50-DD7B-479D-B375-C07BC07173B4}"="{E67340AC-B1B5-47C9-B36F-73E2CA712CE6}"
    "{07CADD03-7B44-41E1-AB01-0AAFA253ACAC}"="{E67340AC-B1B5-47C9-B36F-73E2CA712CE6}"
    "{8AA0889C-304A-4CE6-9A60-7B067C615CDC}"="{60A330C8-2229-44F9-AE3A-1F5771A2BACA}"
    "{E5AC9915-7B2B-4B30-A874-EAE1C71D5ED6}"="{243BA644-1997-4D56-A69D-7CA162D6B514}"
    "{BA5E89D0-5C3A-430A-98ED-80C51A4F02DF}"="{243BA644-1997-4D56-A69D-7CA162D6B514}"
    "{66B22231-800A-4F98-A7F6-6D6F338843DF}"="{A812D63E-6EBC-4E93-8CA1-FF9462A5E400}"
    "{FC86BA91-12FB-4D20-B615-3B02D738AEE2}"="{5DD8D4F5-87A4-4D88-A67E-FBD70F6EB71A}"
    "{CF7A426A-43DD-40FD-9EA8-8B6AA5646A25}"="{DDB1B265-3757-47F6-8507-B39545F851ED}"
    "{B2E95801-8C59-4957-AD5D-EDDD11317F76}"="{DDB1B265-3757-47F6-8507-B39545F851ED}"
    "{C08C4B62-20B4-429B-A45E-8487A917C164}"="{D027963A-336C-479C-B747-8301BBF2B5DD}"
    "{C32C9B52-C2FD-4DC7-A788-E5C0E4D9F10E}"="{EA4F0F4D-5040-470C-B21F-799D79E6327A}"
    "{29C5A268-376A-431C-92B1-4C4B81363525}"="{90ECD25C-2204-4664-87A4-EF5050DD8D2B}"
    "{E2CE6939-04DA-4B90-9B15-D22F6DCB6E08}"="{8E133189-B015-4A5A-8F16-15F5F9124EB8}"
    "{9271455F-D9CE-4843-8123-AC0DDCF86B78}"="{B6F42D70-68BB-447A-B99D-2937324DA103}"
    "{6DB32BFB-D05F-4703-8607-872119C3502B}"="{B6F42D70-68BB-447A-B99D-2937324DA103}"
    "{BEFE4AEB-C8E0-44BE-827D-5F1E03289816}"="{CE368D82-2303-4985-A853-C561ABF81825}"
    "{996CEBBA-485C-49EB-A65D-2B9E06CC5A95}"="{F1F18CF8-542A-43D6-9F33-45B3FBCDC807}"
    "{F17493CA-56C5-4E26-8CBB-9036B4308640}"="{7216328A-2BCC-4AED-B718-957C0BDE9C42}"
    "{CD45CED7-7DC5-463F-915A-E4882FD37287}"="{7216328A-2BCC-4AED-B718-957C0BDE9C42}"
    "{E0B37171-CA63-4054-91DE-09A3B0B174DD}"="{74956129-42D3-4AE2-99B8-7B1E2C6CF64B}"
    "{CB77C531-A46F-4515-B631-2EAB87AF2762}"="{95349DD5-626D-48CA-BA21-DDD208EB4816}"
    "{25E399F5-9546-4357-9D81-AF1EE4C7C058}"="{95349DD5-626D-48CA-BA21-DDD208EB4816}"
    "{AA5A1050-41DD-4234-94E0-3245A15DAD54}"="{1A5FAF38-37DB-43DE-A37D-B70C68377854}"
    "{E3895AAA-7C29-4BD9-A93F-50199F6A3404}"="{297F17FC-D230-4F68-8FC0-939C23E1A938}"
    "{753BA65A-3487-442C-880E-8C4034B8C7F3}"="{3804A418-74C2-4E0E-B741-83A813342F46}"
    "{C3302FD5-211A-478C-A3D5-0CD59BAE8913}"="{297F17FC-D230-4F68-8FC0-939C23E1A938}"
    "{D516E3DD-472E-42D3-8C37-23018A84CF68}"="{57089B37-0B5E-4574-8446-57E13B1C305A}"
    "{DF4ABB50-E007-42E8-803C-E3C7F39C5AEE}"="{A9D7A5C8-4391-4712-94ED-D0E31B4E08E3}"
    "{50C0509C-630B-4BC8-831B-A6C8DAB0C2A8}"="{64D18C4A-B242-4E8E-8649-DC06DF5D90D4}"
    "{971971DF-68FF-4699-A4E2-2716C6B9261A}"="{64D18C4A-B242-4E8E-8649-DC06DF5D90D4}"
    "{1079B0DB-50E2-4F9C-847A-A4821C76502F}"="{8374CFBF-46D0-495B-8987-8F10BD4CAFD6}"
    "{68779547-A2D1-48CD-A21B-9FEC9EB744C9}"="{FDA4D4FC-4016-4B4A-8B62-C6F08AAB1C3E}"
    "{45917345-EA68-4A82-9F1E-1F21A7C5F48B}"="{9C1BDFCA-44E5-4403-8CAF-143B3C8E5910}"
    "{88756034-4D7A-4C95-B904-86E752EF2753}"="{9C1BDFCA-44E5-4403-8CAF-143B3C8E5910}"
    "{2C0050E6-F6E8-412B-B5EA-97BF02F59836}"="{964A3DD7-21F6-4F36-8047-CEBC9DA27991}"
    "{C5565C5C-CB3A-48CA-94DC-2004D09E18D1}"="{938AA879-0D49-465E-9814-AA951E4D1D08}"
    "{84238243-BFDA-4CAD-A3D7-B147AFD9938F}"="{02718068-DF33-4E94-8104-3EC3067474E8}"
    "{F82AFEB0-9332-4884-886E-AD52FDE74A13}"="{E96D42E5-4FD4-4274-B3ED-2745D687702A}"
    "{830E2EA9-2C90-41B1-81D8-C9BFD6E7511F}"="{E96D42E5-4FD4-4274-B3ED-2745D687702A}"
    "{8DD0123C-E161-4B3C-A263-9EDDC7D31F83}"="{946E64EB-A825-4277-A627-77652D0E42A9}"
    "{62259CD1-C29C-4D11-B89B-784E5A7379E6}"="{27587C71-7AD4-4092-BD4E-BB846F24ECAF}"
    "{A679CE89-4CA5-4D55-832B-2492F488EE42}"="{738F7FBF-38F4-4F96-BD9B-657B94E0B26D}"
    "{2A464B23-2A33-4146-A27B-BE39134BF62E}"="{738F7FBF-38F4-4F96-BD9B-657B94E0B26D}"
    "{2972A8E7-9166-451F-A62B-582702578A06}"="{B225B03E-48E0-41E1-8C98-916581EFC494}"
    "{F6F469F6-E91E-4CD4-B1B0-CC789F41A4D4}"="{E1EC27DB-43C0-4D62-91CA-34965CE09EB3}"
    "{20C77521-2E5D-4C2D-A144-F071A27784CE}"="{7B461608-8119-4AAE-AF04-73419FE2F8A8}"
    "{E29E762C-121D-4613-A789-B96B48E05CA3}"="{7B461608-8119-4AAE-AF04-73419FE2F8A8}"
    "{21F6C57E-FC2B-454C-861D-BA6A08CD5320}"="{3058AC4E-5F9B-4471-BC75-E6F0FC8D3DDF}"
    "{8D035583-08E0-4749-B2AB-CD1567C8FF77}"="{A121F465-7AEB-41DC-A3BA-324A80870ADA}"
    "{10F48FC9-070E-495E-8EDF-E4126013684F}"="{A121F465-7AEB-41DC-A3BA-324A80870ADA}"
    "{56440417-BBF7-4931-A0BA-F1B53478AA47}"="{C14FB996-0DBC-44E8-BB42-21D2C78CFAD3}"
    "{D72E9239-B509-42C6-AE0D-252A1142C8A7}"="{005B23DB-CFFA-4845-910B-534611D439E6}"
    "{C3DD9E00-C1CD-41FD-8C4E-A220509D503D}"="{005B23DB-CFFA-4845-910B-534611D439E6}"
    "{EC15EF19-1461-4ED8-A3F4-EB8E7C638119}"="{E4E76CC2-5E49-4344-B982-D700D09EE66A}"
    "{E305F173-03D1-4E0D-B7EC-4B086FF2150B}"="{7328CB1B-3BF8-45AB-8568-97EAC42112C0}"
    "{111F4ACC-3524-42CA-B761-BD43BDB5AC05}"="{7328CB1B-3BF8-45AB-8568-97EAC42112C0}"
    "{C7FDBD16-6718-47EB-B7CE-0F0C29AD04D4}"="{00A01DF3-BBB0-4F61-A7C7-610EC7B70ECC}"
    "{299367B4-EB6C-4F46-B230-08090ADD72CE}"="{5A196A3C-733C-410D-9853-FB38F36299B3}"
    "{0E5A1177-CFE4-463E-B2D4-47B4C9AD24C4}"="{5A196A3C-733C-410D-9853-FB38F36299B3}"
    "{0F1CAF32-8445-4029-A09A-BE59ED7D8D8B}"="{BE309617-4925-47C1-9F9D-AF9D6E907363}"
    "{0EDC81AC-556E-4C77-BB8F-4B4807ECEE51}"="{98E57AAD-3391-4C0B-82B1-D2BD17B8A277}"
    "{574863CB-DD9A-490B-BB34-63485B3E5AF9}"="{98E57AAD-3391-4C0B-82B1-D2BD17B8A277}"
    "{8C276026-1674-4909-A41C-9AA275F3213A}"="{ED0EC107-5E7E-4E60-A20E-D90C161A097F}"
    "{B1D53E45-C895-434D-A6D1-92A113607D58}"="{CD6A41AB-C04A-4D51-9E2E-3B03FC424E74}"
    "{6D026444-679E-4093-A002-E057CE974E4A}"="{CD6A41AB-C04A-4D51-9E2E-3B03FC424E74}"
    "{175C169D-9330-45DE-9415-561D53D01E96}"="{6FA61BE8-C644-4324-96FB-BE9909362DA4}"
    "{3D2655BC-1A51-4A86-90AB-6988D1F04F47}"="{AFAE354D-1A8C-4988-9444-EAB3A05F0C4B}"
    "{5AC81FED-2671-47EB-ADD0-D6F2AF14ED37}"="{C665734F-7D1D-446C-963E-236DB9BE7E42}"
    "{19A55220-467B-48F9-8894-D098FB45388C}"="{C665734F-7D1D-446C-963E-236DB9BE7E42}"
    "{B476BA53-7F74-4CEC-B1EB-059802250CB5}"="{19A6D82C-9969-491B-BEAD-AC8479A872A5}"
    "{A18E4D65-C71E-4C68-9179-D8726235C473}"="{CB2F6AC9-E4EE-4747-9B30-C88DB0BD4CE6}"
    "{F4AACF03-BE6A-4242-8876-4109CB89D51D}"="{182FBA13-4169-4E52-9929-552B6319B0FE}"
    "{5286CAA6-DDE1-4995-B071-3E31DD40BE59}"="{182FBA13-4169-4E52-9929-552B6319B0FE}"
    "{1B461E51-4179-4881-B57A-175AA55048E0}"="{2633DBAD-415E-4649-8027-986283666A9D}"
    "{2C579D59-8319-4425-A081-980D70C1C45A}"="{2633DBAD-415E-4649-8027-986283666A9D}"
    "{A7A3B4F0-7CAE-4A33-8750-BE9F42978967}"="{65B827CC-5E3B-4F65-AAF5-41E6E1145644}"
    "{9CE2377F-6F91-424F-9B77-140782C1D84E}"="{0B1E92EC-963E-4A32-A72D-E58FE1D5A289}"
    "{ADEB654E-BC71-4232-AC4D-9AFC74932036}"="{4265BD86-205A-420F-8730-082E20069E8B}"
    "{6D08D627-8603-4432-BDB1-282456CC8166}"="{7FD4BE33-6A1F-4AD1-8E43-CDF7B7E639BE}"
    "{E819E357-CF9F-4737-89EB-2430A4DA859E}"="{4265BD86-205A-420F-8730-082E20069E8B}"
    "{CE77DB29-1367-4CD9-AE14-8408350226EF}"="{0B1E92EC-963E-4A32-A72D-E58FE1D5A289}"
    "{D23992D4-A1EB-4CB5-9182-CA41979F466E}"="{8FA5771A-3C8F-4E8C-B7F1-EE8B2DE061B2}"
    "{473609D1-5415-4DA0-8EB5-838A7EDD8314}"="{8A7A95EF-E079-45B4-BCCA-E1DD6E419A47}"
    "{212E3036-D0E8-4551-9861-EF988B2F87AB}"="{8A7A95EF-E079-45B4-BCCA-E1DD6E419A47}"
    "{FD1EF1E2-F3DC-4332-A3B7-6F83116B1050}"="{2DECA091-16FA-4180-866D-74A666382B9E}"
    "{79FB0781-A4FA-4DC4-9D3C-A6A02FCF49D3}"="{62DF5DA8-6038-4281-95A4-1F28438ADF5C}"
    "{C35B5422-6D9E-4708-A790-AEB9AAD171B4}"="{62DF5DA8-6038-4281-95A4-1F28438ADF5C}"
    "{7F723B37-8A9A-49A9-8FB9-4445F720A3D0}"="{85192259-AFEF-4310-8B41-1EFF83FFB91A}"
    "{43D94F02-EEF8-45D5-B553-F36EACC717B2}"="{2D23FE71-A114-4B5F-9EB2-71E89C0AB005}"
    "{11D723A8-6B33-4F6F-A1E1-9F10923A04E7}"="{2D23FE71-A114-4B5F-9EB2-71E89C0AB005}"
    "{2E241A32-9EB4-4CA3-92B5-D1EDCB43792B}"="{F24E1394-3738-4EFF-9D74-CDC970E6E2D1}"
    "{F65ABF23-8048-4CE9-9DD1-DBAD0ED18424}"="{6DF101A7-FF61-4255-9C77-27A175EC8E15}"
    "{16C1F53D-161B-41A4-86EE-71BED1851AE0}"="{6DF101A7-FF61-4255-9C77-27A175EC8E15}"
    "{A0ABDEAB-4C90-414E-8C51-B99E4ECFC1A7}"="{1510F973-D671-411C-98F5-A9628A416A77}"
    "{8AFAD9E2-AA1B-4389-B499-EF4DA5118CBF}"="{1510F973-D671-411C-98F5-A9628A416A77}"
    "{8B0BD6A1-1169-43DF-812D-779B549EA51B}"="{E830CF16-EA23-414A-BA8E-A4F5F45B8A27}"
    "{66DCED2E-4EF8-4ABD-AE18-791E47A6735A}"="{9E39C0C1-788E-4CF7-B768-CC8A7F1CFB9F}"
    "{57E55B2D-E340-47A6-8907-BE604700E647}"="{9E39C0C1-788E-4CF7-B768-CC8A7F1CFB9F}"
    "{B513EC7C-62A0-46A3-9F6A-4F5472AE6A90}"="{4FC52FFC-1959-4D02-A487-033CD8B7D7BA}"
    "{8AA0333D-543D-4872-8CBE-97A0D7D9ED6C}"="{FF4DBF44-1EB4-4309-A281-E790E2F03AA6}"
    "{AB4571C0-F83F-4153-BD96-269CF1C9FF63}"="{FF4DBF44-1EB4-4309-A281-E790E2F03AA6}"
    "{C45B0CB9-8555-4F3C-9981-CBABB4B5A101}"="{F6E08A64-53BB-4515-98D5-344E90B65E7B}"
    "{75115133-D4C7-4626-A36A-3D952732B35F}"="{EF7141C1-1574-4DB2-9B86-28441203B203}"
    "{1617F6D9-0CC2-4F23-9178-45E014538663}"="{EF7141C1-1574-4DB2-9B86-28441203B203}"
    "{8C715E28-A787-469E-AC44-BE5D8954BBD8}"="{BAB357F6-AABF-4E0F-8941-3060DBD7AC10}"
    "{13A7E613-933E-448B-9625-93BEE135BFC7}"="{BAB357F6-AABF-4E0F-8941-3060DBD7AC10}"
    "{671F47F3-A03D-4A28-BE3E-A24A327B31A5}"="{4BB297F0-E9CB-484C-8877-EA986BA7A320}"
    "{B5EB40A7-5C8F-4DB3-B6F2-1E13FA8C5C3C}"="{4BB297F0-E9CB-484C-8877-EA986BA7A320}"
    "{31DE53B0-76F3-468D-A7BD-98AA58F0D69B}"="{28C2291D-77E3-4F1B-B8F1-2B014EE17371}"
    "{3883F52A-F3DC-46F5-8DCA-F2A5B6EBE620}"="{28C2291D-77E3-4F1B-B8F1-2B014EE17371}"
    "{BFB15ADF-B43F-4ECE-B65D-1A793F77BC9E}"="{B83E0A5E-2D16-4223-945D-47302CF13FD6}"
    "{A87AFF07-A579-430F-B966-433DE5788473}"="{710B1909-84CF-4610-AFC1-425064AC9B80}"
    "{DCFAF5FE-1519-4B62-9590-B22CD882951C}"="{710B1909-84CF-4610-AFC1-425064AC9B80}"
    "{7AAC1AFC-A56E-4476-86FF-7BAEBAACF142}"="{E311A3B9-5CD9-48F4-BB0D-055655EBA764}"
    "{3F51CF14-25F1-44A3-87F1-C1D290C2A67B}"="{FFD91E50-E154-4E33-97F9-47E66B84C6BB}"
    "{3C8E7CF7-DCC6-4C0E-A7AB-FA9994D92FE0}"="{FFD91E50-E154-4E33-97F9-47E66B84C6BB}"
    "{0E76B742-AE60-4914-8BAB-58227713278A}"="{B9CEE913-06CD-4AEB-91BC-4DED53E668D3}"
    "{240635E0-F5DE-44DA-A3DB-DE51C23B6B88}"="{C48578F2-C331-4ED0-8B7F-3D8233FC75AA}"
    "{9FF70A96-470B-4714-BF6D-FD6ED1CD1C33}"="{C48578F2-C331-4ED0-8B7F-3D8233FC75AA}"
    "{02C5C8EC-AB84-4229-84AD-302154AA652B}"="{38E62684-85DB-47E8-B0EC-3A45D5F8BE17}"
    "{EF424B59-2147-476E-9906-AC91BACC7097}"="{38E62684-85DB-47E8-B0EC-3A45D5F8BE17}"
    "{14E92BF3-1DF9-42E7-82D3-6BDDBF8892EA}"="{A6D591EA-19C9-4C74-B6EC-F350E88EF326}"
    "{4CD38B44-4ED8-47FE-879E-8F18F5DE010E}"="{A6D591EA-19C9-4C74-B6EC-F350E88EF326}"
    "{229D89F9-1F30-4334-AFCB-3735C29F23C3}"="{61323AB7-4366-4F19-B829-557EF95C9229}"
    "{91DDFD58-145E-4D10-BAE7-953B8DBE0F09}"="{61323AB7-4366-4F19-B829-557EF95C9229}"
    "{81BEA433-F192-4351-B98D-96B073762F2D}"="{0C8F87CD-B6EE-45A3-8BE2-65505D8709AF}"
    "{BE7DC417-E6FC-4C66-AE6C-6E39E9071074}"="{0C8F87CD-B6EE-45A3-8BE2-65505D8709AF}"
    "{176933C1-6CC4-4027-B453-5CE80642557B}"="{07641EAE-F577-44DA-83DA-6818978F0E38}"
    "{581D5D22-CF13-4DBF-B4C1-77A1E825FB14}"="{07641EAE-F577-44DA-83DA-6818978F0E38}"
    "{2D6CDFD0-3385-4A92-9E70-4C03486EDB07}"="{F0B7083F-5E57-4B91-9E49-0C43E0F23C79}"
    "{ECA4AD6D-E316-4FAC-9E8E-1897F5395481}"="{F0B7083F-5E57-4B91-9E49-0C43E0F23C79}"
    "{B471B540-7AF0-4DD6-9E71-12C1ED49DB11}"="{F0C588D8-7946-450E-9CF6-B7FD002D14BF}"
    "{BBC02470-A6DD-4537-B92F-116460D9A479}"="{94016C7E-1CB3-4D84-BADA-C1C8CF379781}"
    "{CC9C7897-31AA-4254-8FA3-133C07F9EBD3}"="{94016C7E-1CB3-4D84-BADA-C1C8CF379781}"
    "{D17195BF-A937-4C59-BC53-76CDE4FF345C}"="{0D72BC11-0D67-4124-88B9-150E93169DCF}"
    "{66AB13F1-D24B-48FC-843C-D587ABB70938}"="{7CCB68E9-D4B9-4112-828F-69E87B91C0BC}"
    "{9C6B8AEF-D4E9-4611-B7DB-5DFF851C3583}"="{7CCB68E9-D4B9-4112-828F-69E87B91C0BC}"
    "{EC57BE0A-0962-4BB3-966C-D60ADAF86262}"="{A0D2F04A-FD28-4090-A619-50202FACB06F}"
    "{9949DC2F-749D-4252-9CCB-A74FA9A8E352}"="{17CBABFC-C499-4206-9AF0-8AE3985B072C}"
    "{AE66E2F4-0ED2-43D5-A488-B347FD68ED67}"="{D2E677D8-F33A-453A-9B3E-E0D9A55B818B}"
    "{E96D7000-B5C0-46ED-9BC6-E85C71A0BE9E}"="{D2E677D8-F33A-453A-9B3E-E0D9A55B818B}"
    "{A78309F0-89DB-4411-A860-F910F2213945}"="{1EC53364-4DD6-42FD-9E82-11998828FB7C}"
    "{06096970-E62A-43FE-8FD9-EF6A7A5CB59B}"="{E68EA312-16EF-4BF9-A06D-53C683A4E23C}"
    "{CE559A56-5F0C-4D22-A793-34EAE77E6343}"="{E68EA312-16EF-4BF9-A06D-53C683A4E23C}"
    "{4D6584B2-E382-4C8A-BEB9-5EBAE28FBFE2}"="{413BF8D2-396A-4FB4-B89D-F4FA83A97613}"
    "{F061E9B2-428A-40C3-9131-78BAB04DFE8C}"="{413BF8D2-396A-4FB4-B89D-F4FA83A97613}"
    "{DB24E637-C51F-42C7-B7D9-0478FB2F48DA}"="{3129248D-396C-49BF-AF57-BE3C92DAA180}"
    "{A63892B5-F926-43F8-8203-228A5DD4529E}"="{D3D997F1-C9C3-49EB-BC6A-2A5469DA57B3}"
    "{855A8D5E-77B7-4D6D-B4A3-962B83B2755E}"="{D3D997F1-C9C3-49EB-BC6A-2A5469DA57B3}"
    "{B9B55215-AEEC-4C9A-ACE3-3CA1BFF60C95}"="{F71D31E0-A961-432A-91D6-22EF2D643748}"
    "{3619C465-3105-4910-BE66-A9C77432FBBD}"="{E86072E8-BB78-4D30-9EBB-D5A41C837820}"
    "{58AE3862-F054-435F-9FAA-541FFADABE96}"="{6DE8DB59-266C-41C6-95FB-1F5AC6AC6B93}"
    "{0BF7F0A6-A5BE-42AA-A167-ADBDB9F68B9A}"="{E86072E8-BB78-4D30-9EBB-D5A41C837820}"
    "{C6A4CE3C-70D9-4E46-B37B-436C52211E6A}"="{561E3E77-E900-4F24-B6D4-52087DA81B13}"
    "{F3DF742D-2A1C-4BDA-8F98-98F442BEC616}"="{BD911DF5-983E-45B2-9DEF-8C2F313E13FB}"
    "{7AECB9D6-D795-4857-AE86-A3D8003D3DA0}"="{BD911DF5-983E-45B2-9DEF-8C2F313E13FB}"
    "{B3C3F0CD-68EC-4C05-9D51-B9984310B009}"="{E6CA8E6F-99AC-41EB-BE6F-106289989986}"
    "{5266BA4C-9301-4299-BE13-19836075F234}"="{7A872822-EA7A-456D-93FB-C4E6B7BEF0DC}"
    "{CCBD77F6-BD21-4920-8CA3-DEAD32DD5CA9}"="{7A872822-EA7A-456D-93FB-C4E6B7BEF0DC}"
    "{A8491567-D169-4789-9A8C-2655D99AF2FC}"="{3A46B192-3C60-4644-9115-C98C7A764DC7}"
    "{34641162-4FA9-4B99-A827-7E02365FE411}"="{D8B94211-4A07-4686-A198-86808247F93F}"
    "{267DB875-A104-4874-A24D-A435DBBAAFBB}"="{D8B94211-4A07-4686-A198-86808247F93F}"
    "{8AE085ED-636A-443E-89D2-BE61FFB937F7}"="{4E4D0E60-E053-4DF0-ADA0-475B062A3138}"
    "{4F49D4DB-D656-4D92-A6D9-6A6C82B3F6E4}"="{4E4D0E60-E053-4DF0-ADA0-475B062A3138}"
    "{F8DE7F62-BDE5-41C3-A978-718036EBF957}"="{20D7D45A-4287-4964-BF07-A7D6AE45750C}"
    "{1B5E9299-534C-43F1-A90F-7991A4D84E4C}"="{32B4EDD7-215C-4E96-A15E-8470D2C27ED1}"
    "{39BF7783-19DC-4018-93C0-6AD08BA46CC1}"="{BA84F2F9-275C-4A85-BAD2-343BE8516DF4}"
    "{7D3CB09F-35D8-44EF-8F19-94BB4AAB2DB1}"="{BA84F2F9-275C-4A85-BAD2-343BE8516DF4}"
    "{E219D7A4-D889-4CB2-B5D7-7983320F0AA5}"="{32B4EDD7-215C-4E96-A15E-8470D2C27ED1}"
    "{74830C4A-DE85-490C-AF0B-6A43141927FC}"="{9117F612-735E-49A9-BEAE-FE32C6C66F6B}"
    "{32D72F71-705E-493F-811E-3A02804F3811}"="{9117F612-735E-49A9-BEAE-FE32C6C66F6B}"
    "{618F0B79-6A53-4779-94E3-A80324D4B72C}"="{9B2C5251-1011-4AA9-BF17-4D8B10269801}"
    "{0FE285DD-0D2B-423E-AA8C-B0117F599ACF}"="{9B2C5251-1011-4AA9-BF17-4D8B10269801}"
    "{C33A2647-EE04-4B5F-AD29-C637AF48F6D1}"="{4DBABA6C-9CA9-4A4E-BF78-C9718195D689}"
    "{08ED0D8E-7607-42EB-9792-304ABCE94615}"="{4DBABA6C-9CA9-4A4E-BF78-C9718195D689}"
    "{29A4BF99-2492-4671-B7D7-728C4F8799C9}"="{2DF8BD57-2E43-48FA-B1FF-0157958C1F2B}"
    "{FAD4271A-BF0E-405C-A4CE-079617603073}"="{2DF8BD57-2E43-48FA-B1FF-0157958C1F2B}"
    "{0FDE8F92-CAD8-485F-98A0-17EFACBD3C33}"="{9EF9719B-89A5-4FC1-977E-13337E5BA8CD}"
    "{53ECAC0E-3D11-41CC-AFB4-236AE4C4ABE5}"="{5E937DA7-C0E1-41CB-93B2-D3B4C05574E8}"
    "{3FDF17EF-4AE5-433E-B75B-D3B39CEF9B0D}"="{97DD878E-B861-4FA1-BFD8-87A266AF5509}"
    "{0B5E58DD-974B-40DA-AE21-E25BABE5D674}"="{97DD878E-B861-4FA1-BFD8-87A266AF5509}"
    "{077AD046-39E5-4DAB-9932-D6ED1A974035}"="{2B90FD8A-3078-4B57-9476-9613B79B34C2}"
    "{48C8715B-AFC4-4699-B81E-BA7D4D87846C}"="{E24E72D7-9D5A-42D1-9237-CA24E08520E6}"
    "{1FA0A2B4-4AEA-484D-84F7-9FDD702DA6F7}"="{E24E72D7-9D5A-42D1-9237-CA24E08520E6}"
    "{392EC68B-956E-4C46-B81B-A67C63C47E33}"="{2B90FD8A-3078-4B57-9476-9613B79B34C2}"
    "{E890F6FD-9082-4836-A1BA-ECC9925C2C83}"="{D70EEF20-0133-4F43-B653-B0B7561F02C8}"
    "{6678C914-EF41-4788-9BDB-4B663761207E}"="{2ED81F9F-CE69-4AE0-B32D-2451A08FF896}"
    "{1E907950-B3A8-4157-830F-EE66E4C01FF9}"="{2ED81F9F-CE69-4AE0-B32D-2451A08FF896}"
    "{C37F49F0-CE85-483A-B83D-105A6DD79028}"="{D13BBA41-57F2-4754-A9FC-C9E051BA6D00}"
    "{EA62404C-8573-4DF4-8B13-3A71E22FE4B3}"="{D13BBA41-57F2-4754-A9FC-C9E051BA6D00}"
    "{6CE814AA-477D-43FD-B6A7-8D0DA49E35F4}"="{5D641F5D-B133-4AE3-9E28-1A6CA4B8AA92}"
    "{45EC257B-F62D-40C5-BA84-3956C1C24316}"="{AB0FA501-6646-40BA-B74E-99D92BC33FA7}"
    "{3DCABE81-00E5-4AB9-A9CA-B1015DF7C29B}"="{5D641F5D-B133-4AE3-9E28-1A6CA4B8AA92}"
    "ccSvcHst_ccSetMgr"="{6781EB29-863C-49AE-B40D-4B9420EE7467}"
    "SNDServiceRequestChannel"="{6781EB29-863C-49AE-B40D-4B9420EE7467}"
    "SNDLocationChannel"="{6781EB29-863C-49AE-B40D-4B9420EE7467}"
    "ccSettingsService"="{6781EB29-863C-49AE-B40D-4B9420EE7467}"
    "ccSvcHst_ccEvtMgr"="{6781EB29-863C-49AE-B40D-4B9420EE7467}"
    "ccEvtCli"="{6781EB29-863C-49AE-B40D-4B9420EE7467}"
    "{DD5A4547-2B2A-4D06-A6A8-C321AE004EEC}"="{6781EB29-863C-49AE-B40D-4B9420EE7467}"
    "{95E662B6-BC35-4D6D-9634-4D37D5EDD42C}"="{DFA76C39-A369-44FD-A8B9-2F4AFF4F3FD5}"
    "{13031466-D711-40E5-A640-CD27DE178E0D}"="{5CF26F43-BB5D-4D0F-90B9-33D59C6F58AB}"
    "{881DEB9F-FF02-45F8-A34F-C831F89B4566}"="{DFA76C39-A369-44FD-A8B9-2F4AFF4F3FD5}"
    "{5B5C3F1D-D0E7-4292-BB4C-89F95F6CA32D}"="{5CF26F43-BB5D-4D0F-90B9-33D59C6F58AB}"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-03 10:57:39
    ComboFix-quarantined-files.txt 2011-01-03 15:57

    Pre-Run: 111,188,090,880 bytes free
    Post-Run: 112,869,961,728 bytes free

    - - End Of File - - 4610E7EB6A2C3E58E5B293E2AAE0E676
  25. crunchie

    crunchie Malware Helper Posts: 761

    Has Combofix been run before my request for you to run it? Reason I ask is because the log says it has been run twice.
    There should be a combofix.txt file in C:\qoobox if you can post it.

    How is the PC now?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.