AV Security Suite

View previous topic View next topic Go down

AV Security Suite

Post by rand444 on Thu 01 Jul 2010, 3:18 am

I followed Sneakyone's advice on how to get rid of the AV Security Suite. This is my posting of the second log file:

OTL Extras logfile created on: 6/28/2010 11:39:55 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Linda PC\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.87 Gb Total Space | 53.29 Gb Free Space | 24.13% Space Free | Partition Type: NTFS
Drive D: | 12.01 Gb Total Space | 1.90 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDAPC-LAPTOP
Current User Name: Linda PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{875EE0DB-DA70-4EF8-8B27-236F83B6921B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B1EEFB5A-2DF1-4B97-ABD2-57326FFA4E9B}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024EC2AC-121D-42C7-B3BF-433BBDDF1748}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{0760FF42-46DA-40F9-AE5C-9E800B5B5746}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{07C29E3D-9F0C-4717-8C00-F05A58E59D99}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{18B66ED2-50CA-452B-ABFD-3DA536D352FE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1BD5A84C-66D5-4609-8630-A846E77F71FC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{2220A22C-B16C-48F6-8F18-88614AF6029A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2D18FA08-1813-41C1-9B18-085C7239D46B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2F0B59EF-3F40-4E82-A252-B15F4BDC08DD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{334D7D46-1D66-4022-9908-87E1DE0A7302}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{391B6388-EF39-4888-80F0-848D80BEDBAC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{39A25577-4CC4-4D01-A0DF-E820DDC82985}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4FE95DF4-7CFD-4351-9804-70877ACB0599}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{522B0B66-8341-486B-8583-92D1D9BEC408}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{547192FF-6A40-4864-9D00-AFECDB174310}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5918BC2A-36CB-4934-B80E-A916ED8B2B92}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{60F01F20-C142-4AA7-BD61-4ECAFE8F83D8}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{63D7A124-2123-4442-A7B1-3F4D77E3F503}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6B013093-DA3B-41D4-8B10-F18008EDECA3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{81FB8A91-72C7-4374-9FFD-5A53EC33A452}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{99530C9A-9EBD-4997-94E1-5ECB4F8A43F1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A82D8CBB-6409-4E89-BB85-45554940CC68}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{A881FC4A-D74A-41BC-A56E-9E0C908676A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{ABA23F05-695E-4F37-837C-785CE7F4B8A4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BB94DB1A-C77D-4DCA-92AD-54C57CE00BEE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CC09BC48-E439-40BB-9C15-814147947799}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{CCB93195-AC28-47C9-A5B5-B87726C848D0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD8299E3-2D93-4144-BE70-410768A5A99C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D9E07937-1647-4B25-B0BC-816B50862623}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F5625E00-6884-4572-A563-B831E5121779}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{FCAB4BFF-95EF-4801-85F6-8AB3B36A759D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{393DA089-C37D-498D-A8AB-940E52343D18}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3FF74DFB-9DC4-46DD-A557-2C2CB53DBFF0}C:\program files\dell\dell laser mfp 1815\networkscan\dnscst.exe" = protocol=6 | dir=in | app=c:\program files\dell\dell laser mfp 1815\networkscan\dnscst.exe |
"TCP Query User{43479274-1114-4481-98BE-BBB8507165CB}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{63D184C7-DAA4-45BD-BC40-38E0E2CE7381}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{73F0BBFA-535F-4499-8A3E-B544AE792A43}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{EE1130B8-90FC-461E-A1A9-5DB8AFA0FE0C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{836DF72D-0B20-4E01-A129-9E6F04C026D9}C:\program files\dell\dell laser mfp 1815\networkscan\dnscst.exe" = protocol=17 | dir=in | app=c:\program files\dell\dell laser mfp 1815\networkscan\dnscst.exe |
"UDP Query User{858ED099-59A9-4F1F-9A63-DD1AE71009A5}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{965B7045-20FD-4045-AD0A-1F8453A568A9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C8BBF0CF-8125-45C6-B509-D1159FCE5DF6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E5371AB8-B615-43B0-B659-278BF79E896E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FAD2F844-E056-4E53-BCC8-261A6E81F3D7}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0A48F047-5D01-463F-A732-DE75D224034B}" = Point
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{11A80E40-621F-489C-A626-58886B60FEAC}" = Uninstall Dell PC Fax
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F1674DE-03DD-441D-8E81-E745C3698552}" = Video Poker for Winners
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959B7040-8448-4705-B951-BDB603CF69A0}_is1" = PDF Converter 2.0
"{96F28051-0D57-4B5C-BD17-0C42F03A8AD0}" = SCR33xx USB Smartcard Reader
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A772A7BF-8385-445C-AFC4-AC57825B666C}" = Network Scan
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AD7F7C-7EB5-4E54-99C8-6C490EF5C537}_is1" = Concert Vault Download Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD68AE74-98BA-4ABE-B11E-30F39206ECE8}" = Point 7.2
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2E0640D-BEB8-4E14-8C97-71D5C7A29844}" = Point
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"avast!" = avast! Antivirus
"AWicons Pro" = AWicons Pro
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell Laser MFP 1815" = Dell Laser MFP 1815 Software Uninstall
"GoToAssist" = GoToAssist 8.0.0.514
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Icon Commander_is1" = Icon Commander 1.10
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"MeridianLink Site Security Certificate" = MeridianLink Site Security Certificate
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Sentrilock Card Utility" = Sentrilock Card Utility
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SwiftView" = SwiftView Viewer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WINForms Desktop" = WINForms Desktop
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wondershare QuizCreator 3.0 For GOTD_is1" = QuizCreator
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 4.2.0.56)
"zipForm6" = zipForm6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"GoToMeeting" = GoToMeeting 4.5.0.452

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/1/2009 7:31:25 PM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\2008 Linda Pics HP VISTA Laptop\Dec 2008 Hanukkah Zach Friends and Cindy\IMG_9102.JPG:Roxio
EMC Stream failed, 000003E6.

Error - 7/1/2009 7:31:26 PM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\2008 Linda Pics HP VISTA Laptop\Dec 2008 Hanukkah Zach Friends and Cindy\IMG_9101.JPG:Roxio
EMC Stream failed, 000003E6.

Error - 7/1/2009 7:31:26 PM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\2008 Linda Pics HP VISTA Laptop\Dec 2008 Hanukkah Zach Friends and Cindy\IMG_9100.JPG:Roxio
EMC Stream failed, 000003E6.

Error - 7/1/2009 7:31:27 PM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\2008 Linda Pics HP VISTA Laptop\Dec 2008 Hanukkah Zach Friends and Cindy\IMG_9099.JPG:Roxio
EMC Stream failed, 000003E6.

Error - 7/1/2009 7:31:27 PM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\2008 Linda Pics HP VISTA Laptop\Dec 2008 Hanukkah Zach Friends and Cindy\IMG_9098.JPG:Roxio
EMC Stream failed, 000003E6.

Error - 7/1/2009 7:31:28 PM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\2008 Linda Pics HP VISTA Laptop\Dec 2008 Hanukkah Zach Friends and Cindy\IMG_9097.JPG:Roxio
EMC Stream failed, 000003E6.

Error - 7/1/2009 7:31:28 PM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\2008 Linda Pics HP VISTA Laptop\Dec 2008 Hanukkah Zach Friends and Cindy\IMG_9096.JPG:Roxio
EMC Stream failed, 000003E6.

Error - 7/1/2009 7:31:29 PM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\2008 Linda Pics HP VISTA Laptop\Dec 2008 Hanukkah Zach Friends and Cindy\IMG_9095.JPG:Roxio
EMC Stream failed, 000003E6.

Error - 7/1/2009 7:31:29 PM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\2008 Linda Pics HP VISTA Laptop\Dec 2008 Hanukkah Zach Friends and Cindy\IMG_9061.JPG:Roxio
EMC Stream failed, 000003E6.

Error - 6/29/2010 1:37:56 AM | Computer Name = LindaPC-Laptop | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Microsoft Office\Office12\WWLIB.DLL failed, 00000005.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


rand444

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2010-06-29
Operating System : windows vista

View user profile

Back to top Go down

AV Security Suite

Post by rand444 on Thu 01 Jul 2010, 3:21 am

I followed Sneakyone's advice on eliminating the AV Security Suite. This is my posting of the first log file. This is part 1 of 2 posts (due to length - sorry Sneakyone!)

OTL logfile created on: 6/28/2010 11:39:55 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Linda PC\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.87 Gb Total Space | 53.29 Gb Free Space | 24.13% Space Free | Partition Type: NTFS
Drive D: | 12.01 Gb Total Space | 1.90 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDAPC-LAPTOP
Current User Name: Linda PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/28 23:36:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Linda PC\Downloads\OTL.exe
PRC - [2010/04/02 12:30:16 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/22 20:16:38 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/11/24 16:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/09/10 13:08:51 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 20:01:30 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/22 14:54:28 | 001,310,720 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/08/18 18:01:04 | 000,259,312 | ---- | M] () -- C:\Program Files\DELL\Dell Laser MFP 1815\PSU\Scan2Pc.exe
PRC - [2008/08/14 14:48:30 | 000,222,448 | ---- | M] () -- C:\Program Files\DELL\Dell Laser MFP 1815\LocalSM\jbDetect.exe
PRC - [2007/12/13 12:07:20 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2007/09/15 01:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
PRC - [2007/08/24 15:52:42 | 000,240,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
PRC - [2007/08/24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
PRC - [2007/08/24 15:52:02 | 000,018,928 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
PRC - [2007/08/14 03:44:38 | 000,113,136 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
PRC - [2007/03/09 18:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/17 06:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/11/27 16:54:00 | 004,728,420 | ---- | M] (SentriLock LLC) -- C:\Program Files\SentrilockCardUtility\SentrilockCardUtility.exe


========== Modules (SafeList) ==========

MOD - [2010/06/28 23:36:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Linda PC\Downloads\OTL.exe
MOD - [2009/04/10 23:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:36:24 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 02:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/12 11:36:06 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/13 12:07:20 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/08/24 15:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 15:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 15:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/19 13:35:00 | 009,787,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/21 08:30:00 | 000,057,984 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/07/16 11:30:52 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/25 00:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/18 22:49:30 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/08/18 03:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/12 20:29:46 | 001,747,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/17 06:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/09 10:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/11/07 23:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 00:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 00:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 00:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/18 19:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2004/04/06 04:24:00 | 000,064,088 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR33X2K.sys -- (SCR33X USB Smart Card Reader)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.60
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/25 19:27:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 12:30:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/13 12:33:49 | 000,000,000 | ---D | M]

[2009/08/03 16:58:13 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\Mozilla\Extensions
[2010/06/28 08:42:02 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\Mozilla\Firefox\Profiles\8ta1l0kl.default\extensions
[2009/08/17 08:13:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Linda PC\AppData\Roaming\Mozilla\Firefox\Profiles\8ta1l0kl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/19 09:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/10/17 17:15:18 | 000,721,608 | ---- | M] (SwiftView, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npsview.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell Laser MFP 1815 SM_JB] C:\Program Files\DELL\Dell Laser MFP 1815\LocalSM\jbDetect.exe ()
O4 - HKLM..\Run: [DellNSCST_GRNCH] C:\Program Files\Dell\Dell Laser MFP 1815\NetworkScan\DNSCST.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MFP1815_S2P] C:\Program Files\DELL\Dell Laser MFP 1815\PSU\Scan2Pc.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [tgcdsjla] C:\Users\Linda PC\AppData\Local\tleelgnxl\flfonfotssd.exe ()
O4 - HKLM..\RunOnceEx: [] File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: flagstar.com ([wholesale] https in Trusted sites)
O15 - HKCU\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F127} [You must be registered and logged in to see this link.] (Sview Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} [You must be registered and logged in to see this link.] (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} [You must be registered and logged in to see this link.] (ActiveFormX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/25 21:52:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{1aaf01fc-cd3b-11dc-ba65-001b24d5e8b3}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{34bed1b7-dd3b-11dd-abae-001b24d5e8b3}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\{3568055f-4b1f-11de-bf7a-001b24d5e8b3}\Shell\AutoRun\command - "" = F:\RECYCLE\D-0-060-0000000000-1111111-2222222\Huxor.exe -- File not found
O33 - MountPoints2\{3568055f-4b1f-11de-bf7a-001b24d5e8b3}\Shell\open\command - "" = F:\RECYCLE\D-0-060-0000000000-1111111-2222222\Huxor.exe -- File not found
O33 - MountPoints2\{35680564-4b1f-11de-bf7a-001b24d5e8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{35680564-4b1f-11de-bf7a-001b24d5e8b3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{62e4f722-031f-11dd-9e0e-001b24d5e8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{62e4f722-031f-11dd-9e0e-001b24d5e8b3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a20e77c3-c83d-11dd-b8da-001b24d5e8b3}\Shell\AutoRun\command - "" = G:\Launch.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/14 15:36:41 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9CF3D698-D432-8BF1-B6C2-B17B576E65C9} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/28 22:04:50 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\AppData\Local\tleelgnxl
[2010/06/28 09:25:19 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\Desktop\Delores Leaks
[2010/06/10 12:04:52 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\Desktop\David Janisch
[2010/06/05 19:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Action Gaming, Inc
[2010/06/01 22:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\4qsXatqkEcVccUBjW
[2010/05/24 20:35:39 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\Desktop\Cleveland Soriano
[2010/05/24 10:05:41 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\Desktop\Steve Jansen
[2010/05/13 12:02:18 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\Desktop\Brenda Taylor
[2010/05/04 10:45:25 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\Desktop\Employment stuff
[2010/04/30 14:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\CV Download Manager
[2010/04/30 14:50:58 | 001,083,384 | ---- | C] (Bill Graham Archives, LLC ) -- C:\Users\Linda PC\Desktop\CVDownloadMgrWin.exe
[2010/04/22 16:13:04 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\Documents\My Kindle Content
[2010/04/22 16:13:04 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\AppData\Roaming\Amazon
[2010/04/22 16:12:59 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\AppData\Local\Amazon
[2010/04/22 09:16:27 | 000,000,000 | ---D | C] -- C:\Users\Linda PC\Desktop\Point Mtg
[2010/04/13 12:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\SwiftView
[6 C:\Users\Linda PC\Documents\*.tmp files -> C:\Users\Linda PC\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/28 23:43:48 | 007,077,888 | -HS- | M] () -- C:\Users\Linda PC\NTUSER.DAT
[2010/06/28 23:38:47 | 000,010,317 | ---- | M] () -- C:\Users\Linda PC\Documents\rkill log 6-28-10.docx
[2010/06/28 23:34:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/28 23:17:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 23:17:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 21:16:56 | 000,001,555 | ---- | M] () -- C:\Windows\winpoint.ini
[2010/06/28 21:16:50 | 000,026,185 | ---- | M] () -- C:\Users\Linda PC\Desktop\mark garber 1003(Letter).PDF
[2010/06/28 20:54:39 | 004,227,949 | ---- | M] () -- C:\Users\Linda PC\Documents\Settlement Booklet December 15 REVISED.pdf
[2010/06/28 20:54:05 | 000,267,310 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/06/28 20:54:04 | 000,267,310 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/06/28 20:53:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/28 08:34:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/28 08:18:19 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37C83D42-A42F-47A7-AE33-266E5FE51E1D}.job
[2010/06/26 11:23:39 | 000,011,126 | ---- | M] () -- C:\Users\Linda PC\Documents\Wayne Strong Housing Motivation Letter.docx
[2010/06/24 09:13:00 | 000,020,037 | ---- | M] () -- C:\Users\Linda PC\Documents\Wells Fargo Short Sale Fax Cleveland 2nd fax.docx
[2010/06/24 08:53:38 | 000,032,256 | ---- | M] () -- C:\Users\Linda PC\Documents\Jmac Settlement Service Provider List word 97-2003.doc
[2010/06/24 08:52:09 | 000,215,552 | ---- | M] () -- C:\Users\Linda PC\Documents\CA study guide SAFE test.doc
[2010/06/24 08:45:51 | 000,014,495 | ---- | M] () -- C:\Users\Linda PC\Documents\Jmac Settlement Service Provider List.docx
[2010/06/24 08:22:36 | 000,222,369 | ---- | M] () -- C:\Users\Linda PC\Desktop\WF 6-24-10 opening imp.pdf
[2010/06/23 10:37:12 | 000,005,408 | ---- | M] () -- C:\Users\Linda PC\Documents\POINT.FNM
[2010/06/22 22:04:03 | 000,013,566 | ---- | M] () -- C:\Users\Linda PC\Documents\Signature line.docx
[2010/06/16 17:04:46 | 000,020,269 | ---- | M] () -- C:\Users\Linda PC\Documents\Wells Fargo Short Sale Fax.docx
[2010/06/16 17:04:12 | 000,020,275 | ---- | M] () -- C:\Users\Linda PC\Documents\fax.fax.docx
[2010/06/14 14:11:54 | 000,023,194 | ---- | M] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev June 14 2010.docx
[2010/06/11 16:53:42 | 000,012,268 | ---- | M] () -- C:\Users\Linda PC\Documents\Haffar need item list.docx
[2010/06/10 12:16:39 | 000,018,808 | ---- | M] () -- C:\Users\Linda PC\Documents\Cleveland Soriano Budget Worksheet.xlsx
[2010/06/10 12:16:24 | 000,018,804 | ---- | M] () -- C:\Users\Linda PC\Documents\Budget Worksheet.xlsx
[2010/06/10 11:08:03 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/06/10 11:08:03 | 000,001,854 | ---- | M] () -- C:\Users\Linda PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/06 09:34:35 | 000,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

rand444

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2010-06-29
Operating System : windows vista

View user profile

Back to top Go down

AV Security Suite

Post by rand444 on Thu 01 Jul 2010, 3:24 am

Following Sneakyone's advice, this is my posting of the first log file. This is part 2 of 2, as the log file was too long to put in one post. (Sorry again, Sneakyone.)

[2010/06/06 09:34:35 | 000,604,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/06 09:34:35 | 000,105,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/06 09:21:11 | 000,032,256 | ---- | M] () -- C:\Users\Linda PC\Documents\Financial Worksheet.xls
[2010/06/06 02:57:40 | 000,375,503 | ---- | M] () -- C:\Users\Linda PC\Desktop\leads.PDF
[2010/06/05 19:51:42 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\VPW.lnk
[2010/06/05 11:51:53 | 000,024,576 | ---- | M] () -- C:\Users\Linda PC\Documents\JoB99.doc
[2010/06/02 21:41:02 | 000,010,422 | ---- | M] () -- C:\Users\Linda PC\Documents\Brilliant opportunity to own the best location in Summerwind.docx
[2010/06/02 20:17:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/02 20:17:10 | 000,438,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/02 20:16:02 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/02 20:14:42 | 000,524,288 | -HS- | M] () -- C:\Users\Linda PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/02 20:14:42 | 000,065,536 | -HS- | M] () -- C:\Users\Linda PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/02 20:14:11 | 003,604,404 | -H-- | M] () -- C:\Users\Linda PC\AppData\Local\IconCache.db
[2010/06/01 08:50:59 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/05/24 21:06:18 | 000,012,530 | ---- | M] () -- C:\Users\Linda PC\Documents\Elena Kagan - sentences for zach on 5-24-10.docx
[2010/05/23 06:14:14 | 000,045,479 | ---- | M] () -- C:\Users\Linda PC\Desktop\Broker Change Form.PDF
[2010/05/20 14:43:35 | 000,109,678 | ---- | M] () -- C:\Users\Linda PC\Desktop\1236 H Street public record.pdf
[2010/05/17 16:15:33 | 000,022,412 | ---- | M] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev May 17 2010.docx
[2010/05/15 14:26:05 | 000,278,832 | ---- | M] () -- C:\Users\Linda PC\Documents\Business Plan Goal Planning Template.docx
[2010/05/13 11:39:58 | 000,022,338 | ---- | M] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev May 12 2010.docx
[2010/05/12 13:06:37 | 000,368,796 | ---- | M] () -- C:\Users\Linda PC\Documents\Home Mortgage Calculator.xlsx
[2010/05/12 09:43:57 | 000,016,505 | ---- | M] () -- C:\Users\Linda PC\Documents\Alex Nordstrom history essay.docx
[2010/05/12 09:43:20 | 000,016,049 | ---- | M] () -- C:\Users\Linda PC\Documents\Alex RAC essay.docx
[2010/05/06 11:57:19 | 000,022,854 | ---- | M] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev May 06 2010.docx
[2010/05/06 11:16:29 | 000,019,589 | ---- | M] () -- C:\Users\Linda PC\Documents\Specifications Linda's new camera.docx
[2010/05/06 10:27:18 | 000,017,080 | ---- | M] () -- C:\Users\Linda PC\Documents\Nordstrom statement.docx
[2010/05/06 09:59:06 | 000,013,370 | ---- | M] () -- C:\Users\Linda PC\Documents\Cindy's Jambalaya.docx
[2010/05/05 16:42:01 | 000,011,918 | ---- | M] () -- C:\Users\Linda PC\Documents\Zach Fablehaven.docx
[2010/05/01 12:40:32 | 000,009,829 | ---- | M] () -- C:\Users\Linda PC\Documents\James Greenspan Business Plan.docx
[2010/05/01 12:40:08 | 000,012,403 | ---- | M] () -- C:\Users\Linda PC\Documents\ESSENTIAL DUTIES AND RESPONSIBILITIES.docx
[2010/04/30 14:52:22 | 000,000,306 | ---- | M] () -- C:\Users\Linda PC\cvdm.dat
[2010/04/30 14:51:07 | 001,083,384 | ---- | M] (Bill Graham Archives, LLC ) -- C:\Users\Linda PC\Desktop\CVDownloadMgrWin.exe
[2010/04/29 16:57:12 | 000,013,568 | ---- | M] () -- C:\Users\Linda PC\Documents\GIFTS TO CHARITY 2009.docx
[2010/04/29 15:49:01 | 000,034,430 | ---- | M] () -- C:\Users\Linda PC\Documents\STRATEGIC ACCOUNT BUSINESS PLAN.docx
[2010/04/29 15:41:33 | 000,061,840 | ---- | M] () -- C:\Users\Linda PC\Documents\Business Plan Marketing Plan.docx
[2010/04/29 15:39:52 | 000,038,612 | ---- | M] () -- C:\Users\Linda PC\Documents\Business Plan Company Name.docx
[2010/04/29 15:38:57 | 000,049,075 | ---- | M] () -- C:\Users\Linda PC\Documents\Business Plan for a Startup Business.docx
[2010/04/29 14:14:04 | 000,145,064 | ---- | M] () -- C:\Users\Linda PC\Documents\Job Tracking.xlsx
[2010/04/29 09:53:57 | 000,022,396 | ---- | M] () -- C:\Users\Linda PC\Documents\Point Mtg Doc order form Randy Skinner.docx
[2010/04/29 09:37:27 | 000,022,352 | ---- | M] () -- C:\Users\Linda PC\Documents\Point Mtg Doc order form.docx
[2010/04/26 14:40:35 | 000,247,296 | ---- | M] () -- C:\Users\Linda PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/26 13:04:44 | 000,037,852 | ---- | M] () -- C:\Users\Linda PC\Desktop\WVIP membership.pdf
[2010/04/22 20:07:46 | 000,010,572 | ---- | M] () -- C:\Users\Linda PC\Documents\LOE 2 year work history.docx
[2010/04/22 16:13:00 | 000,002,123 | ---- | M] () -- C:\Users\Linda PC\Desktop\Kindle For PC.lnk
[2010/04/22 13:20:00 | 000,038,169 | ---- | M] () -- C:\Users\Linda PC\Documents\Wells Fargo VA overlays.docx
[2010/04/22 12:16:33 | 000,029,409 | ---- | M] () -- C:\Users\Linda PC\Desktop\VA 2010_county_loan_limits.pdf
[2010/04/21 17:32:04 | 000,026,112 | ---- | M] () -- C:\Users\Linda PC\Documents\LOE.doc
[2010/04/21 17:31:56 | 000,010,166 | ---- | M] () -- C:\Users\Linda PC\Documents\LOE.docx
[2010/04/20 10:56:18 | 000,022,624 | ---- | M] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev April 20 2010.docx
[2010/04/20 10:05:35 | 000,225,357 | ---- | M] () -- C:\Users\Linda PC\Desktop\POINT.PCF
[2010/04/16 14:21:32 | 000,000,938 | ---- | M] () -- C:\Users\Linda PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/04/16 10:32:24 | 000,124,576 | ---- | M] () -- C:\Users\Linda PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/16 08:39:15 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/04/15 16:33:49 | 000,010,074 | ---- | M] () -- C:\Users\Linda PC\Documents\Labels4.docx
[2010/04/15 16:31:09 | 000,107,328 | ---- | M] () -- C:\Users\Linda PC\Documents\Refer us a Short Sale.docx
[2010/04/15 16:27:32 | 000,019,424 | ---- | M] () -- C:\Users\Linda PC\Documents\Amwest Capital fax.fax.docx
[2010/04/15 16:27:18 | 000,022,678 | ---- | M] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev April 14 2010.docx
[2010/04/14 19:51:16 | 000,026,455 | ---- | M] () -- C:\Users\Linda PC\Documents\FICO simple explanation.pdf
[2010/04/14 19:51:04 | 000,010,455 | ---- | M] () -- C:\Users\Linda PC\Documents\FICO simple explanation.docx
[2010/04/13 16:11:41 | 000,021,849 | ---- | M] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev April 5 2010.docx
[2010/04/13 14:47:51 | 000,019,155 | ---- | M] () -- C:\Users\Linda PC\Documents\J Greenspan resume 04-10.docx
[2010/04/13 14:04:30 | 000,000,162 | -H-- | M] () -- C:\Users\Linda PC\Documents\~$gnature line.docx
[2010/04/13 14:00:53 | 000,000,114 | ---- | M] () -- C:\Users\Linda PC\AppData\Roaming\sview.ini
[2010/04/13 12:05:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\srfvdo.dat
[2010/04/13 10:01:54 | 003,522,183 | ---- | M] () -- C:\Users\Linda PC\Desktop\Manualk Sony CFDS33 clock radio.pdf
[2010/04/12 10:42:51 | 003,586,531 | ---- | M] () -- C:\Users\Linda PC\Desktop\New_MILE_HIGH_CLUB.wmv
[2010/04/12 08:55:04 | 000,306,411 | ---- | M] () -- C:\Users\Linda PC\Desktop\2001 listing.PDF
[2010/04/05 15:26:17 | 000,080,068 | ---- | M] () -- C:\Users\Linda PC\Desktop\2006 de7.pdf
[2010/04/05 14:45:29 | 000,021,700 | ---- | M] () -- C:\Users\Linda PC\Documents\UC Irvine info.docx
[2010/04/05 09:59:08 | 000,041,310 | ---- | M] () -- C:\Users\Linda PC\Desktop\Article_ShortSales03_2010.pdf
[2010/04/02 13:20:41 | 000,058,409 | ---- | M] () -- C:\Users\Linda PC\Documents\Plaza Submission check list.docx
[2010/04/01 14:48:25 | 000,195,326 | ---- | M] () -- C:\Users\Linda PC\Desktop\Google - Topeka.pdf
[2010/04/01 11:25:31 | 000,175,830 | ---- | M] () -- C:\Users\Linda PC\Desktop\HP forum 3-31-10.pdf
[2010/04/01 10:32:13 | 000,212,248 | ---- | M] () -- C:\Users\Linda PC\Desktop\E&O forms.zip
[6 C:\Users\Linda PC\Documents\*.tmp files -> C:\Users\Linda PC\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/28 23:38:46 | 000,010,317 | ---- | C] () -- C:\Users\Linda PC\Documents\rkill log 6-28-10.docx
[2010/06/28 21:16:48 | 000,026,185 | ---- | C] () -- C:\Users\Linda PC\Desktop\mark garber 1003(Letter).PDF
[2010/06/28 20:54:34 | 004,227,949 | ---- | C] () -- C:\Users\Linda PC\Documents\Settlement Booklet December 15 REVISED.pdf
[2010/06/26 11:23:38 | 000,011,126 | ---- | C] () -- C:\Users\Linda PC\Documents\Wayne Strong Housing Motivation Letter.docx
[2010/06/24 09:12:59 | 000,020,037 | ---- | C] () -- C:\Users\Linda PC\Documents\Wells Fargo Short Sale Fax Cleveland 2nd fax.docx
[2010/06/24 08:53:37 | 000,032,256 | ---- | C] () -- C:\Users\Linda PC\Documents\Jmac Settlement Service Provider List word 97-2003.doc
[2010/06/24 08:52:08 | 000,215,552 | ---- | C] () -- C:\Users\Linda PC\Documents\CA study guide SAFE test.doc
[2010/06/24 08:22:32 | 000,222,369 | ---- | C] () -- C:\Users\Linda PC\Desktop\WF 6-24-10 opening imp.pdf
[2010/06/16 17:04:23 | 000,020,269 | ---- | C] () -- C:\Users\Linda PC\Documents\Wells Fargo Short Sale Fax.docx
[2010/06/14 13:43:52 | 000,023,194 | ---- | C] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev June 14 2010.docx
[2010/06/11 16:53:42 | 000,012,268 | ---- | C] () -- C:\Users\Linda PC\Documents\Haffar need item list.docx
[2010/06/10 12:16:38 | 000,018,808 | ---- | C] () -- C:\Users\Linda PC\Documents\Cleveland Soriano Budget Worksheet.xlsx
[2010/06/10 12:16:24 | 000,018,804 | ---- | C] () -- C:\Users\Linda PC\Documents\Budget Worksheet.xlsx
[2010/06/06 09:49:21 | 000,375,503 | ---- | C] () -- C:\Users\Linda PC\Desktop\leads.PDF
[2010/06/06 09:21:11 | 000,032,256 | ---- | C] () -- C:\Users\Linda PC\Documents\Financial Worksheet.xls
[2010/06/05 19:51:42 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\VPW.lnk
[2010/06/05 11:51:53 | 000,024,576 | ---- | C] () -- C:\Users\Linda PC\Documents\JoB99.doc
[2010/06/02 21:41:02 | 000,010,422 | ---- | C] () -- C:\Users\Linda PC\Documents\Brilliant opportunity to own the best location in Summerwind.docx
[2010/06/01 20:19:41 | 000,014,495 | ---- | C] () -- C:\Users\Linda PC\Documents\Jmac Settlement Service Provider List.docx
[2010/05/24 20:12:52 | 000,012,530 | ---- | C] () -- C:\Users\Linda PC\Documents\Elena Kagan - sentences for zach on 5-24-10.docx
[2010/05/24 16:10:03 | 000,045,479 | ---- | C] () -- C:\Users\Linda PC\Desktop\Broker Change Form.PDF
[2010/05/20 14:43:52 | 000,109,678 | ---- | C] () -- C:\Users\Linda PC\Desktop\1236 H Street public record.pdf
[2010/05/17 15:38:45 | 000,022,412 | ---- | C] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev May 17 2010.docx
[2010/05/12 13:06:34 | 000,368,796 | ---- | C] () -- C:\Users\Linda PC\Documents\Home Mortgage Calculator.xlsx
[2010/05/12 11:10:19 | 000,022,338 | ---- | C] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev May 12 2010.docx
[2010/05/12 09:43:56 | 000,016,505 | ---- | C] () -- C:\Users\Linda PC\Documents\Alex Nordstrom history essay.docx
[2010/05/12 09:30:02 | 000,016,049 | ---- | C] () -- C:\Users\Linda PC\Documents\Alex RAC essay.docx
[2010/05/06 11:19:25 | 000,022,854 | ---- | C] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev May 06 2010.docx
[2010/05/06 11:16:28 | 000,019,589 | ---- | C] () -- C:\Users\Linda PC\Documents\Specifications Linda's new camera.docx
[2010/05/06 10:19:02 | 000,017,080 | ---- | C] () -- C:\Users\Linda PC\Documents\Nordstrom statement.docx
[2010/05/06 09:57:56 | 000,013,370 | ---- | C] () -- C:\Users\Linda PC\Documents\Cindy's Jambalaya.docx
[2010/05/05 16:20:34 | 000,011,918 | ---- | C] () -- C:\Users\Linda PC\Documents\Zach Fablehaven.docx
[2010/05/01 12:40:32 | 000,009,829 | ---- | C] () -- C:\Users\Linda PC\Documents\James Greenspan Business Plan.docx
[2010/05/01 12:40:06 | 000,012,403 | ---- | C] () -- C:\Users\Linda PC\Documents\ESSENTIAL DUTIES AND RESPONSIBILITIES.docx
[2010/04/30 14:52:20 | 000,000,306 | ---- | C] () -- C:\Users\Linda PC\cvdm.dat
[2010/04/29 16:39:31 | 000,013,568 | ---- | C] () -- C:\Users\Linda PC\Documents\GIFTS TO CHARITY 2009.docx
[2010/04/29 15:48:59 | 000,034,430 | ---- | C] () -- C:\Users\Linda PC\Documents\STRATEGIC ACCOUNT BUSINESS PLAN.docx
[2010/04/29 15:42:19 | 000,278,832 | ---- | C] () -- C:\Users\Linda PC\Documents\Business Plan Goal Planning Template.docx
[2010/04/29 15:41:30 | 000,061,840 | ---- | C] () -- C:\Users\Linda PC\Documents\Business Plan Marketing Plan.docx
[2010/04/29 15:39:45 | 000,038,612 | ---- | C] () -- C:\Users\Linda PC\Documents\Business Plan Company Name.docx
[2010/04/29 15:38:55 | 000,049,075 | ---- | C] () -- C:\Users\Linda PC\Documents\Business Plan for a Startup Business.docx
[2010/04/29 09:43:04 | 000,022,396 | ---- | C] () -- C:\Users\Linda PC\Documents\Point Mtg Doc order form Randy Skinner.docx
[2010/04/29 09:37:23 | 000,022,352 | ---- | C] () -- C:\Users\Linda PC\Documents\Point Mtg Doc order form.docx
[2010/04/26 13:04:56 | 000,037,852 | ---- | C] () -- C:\Users\Linda PC\Desktop\WVIP membership.pdf
[2010/04/22 20:07:46 | 000,010,572 | ---- | C] () -- C:\Users\Linda PC\Documents\LOE 2 year work history.docx
[2010/04/22 16:13:00 | 000,002,123 | ---- | C] () -- C:\Users\Linda PC\Desktop\Kindle For PC.lnk
[2010/04/22 13:19:56 | 000,038,169 | ---- | C] () -- C:\Users\Linda PC\Documents\Wells Fargo VA overlays.docx
[2010/04/22 12:16:33 | 000,029,409 | ---- | C] () -- C:\Users\Linda PC\Desktop\VA 2010_county_loan_limits.pdf
[2010/04/21 17:32:03 | 000,026,112 | ---- | C] () -- C:\Users\Linda PC\Documents\LOE.doc
[2010/04/21 17:31:55 | 000,010,166 | ---- | C] () -- C:\Users\Linda PC\Documents\LOE.docx
[2010/04/20 10:56:17 | 000,022,624 | ---- | C] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev April 20 2010.docx
[2010/04/20 10:05:34 | 000,225,357 | ---- | C] () -- C:\Users\Linda PC\Desktop\POINT.PCF
[2010/04/15 16:33:48 | 000,010,074 | ---- | C] () -- C:\Users\Linda PC\Documents\Labels4.docx
[2010/04/15 16:31:05 | 000,107,328 | ---- | C] () -- C:\Users\Linda PC\Documents\Refer us a Short Sale.docx
[2010/04/15 11:20:21 | 000,019,424 | ---- | C] () -- C:\Users\Linda PC\Documents\Amwest Capital fax.fax.docx
[2010/04/14 19:52:07 | 000,026,455 | ---- | C] () -- C:\Users\Linda PC\Documents\FICO simple explanation.pdf
[2010/04/14 19:51:03 | 000,010,455 | ---- | C] () -- C:\Users\Linda PC\Documents\FICO simple explanation.docx
[2010/04/14 09:52:24 | 000,022,678 | ---- | C] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev April 14 2010.docx
[2010/04/13 15:46:52 | 000,306,411 | ---- | C] () -- C:\Users\Linda PC\Desktop\2001 listing.PDF
[2010/04/13 14:47:36 | 000,019,155 | ---- | C] () -- C:\Users\Linda PC\Documents\J Greenspan resume 04-10.docx
[2010/04/13 14:04:30 | 000,000,162 | -H-- | C] () -- C:\Users\Linda PC\Documents\~$gnature line.docx
[2010/04/13 12:34:05 | 000,131,072 | -H-- | C] () -- C:\Users\Linda PC\AppData\Roaming\svfiles.log
[2010/04/13 12:06:10 | 000,000,114 | ---- | C] () -- C:\Users\Linda PC\AppData\Roaming\sview.ini
[2010/04/13 12:05:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\srfvdo.dat
[2010/04/13 10:01:53 | 003,522,183 | ---- | C] () -- C:\Users\Linda PC\Desktop\Manualk Sony CFDS33 clock radio.pdf
[2010/04/12 10:42:47 | 003,586,531 | ---- | C] () -- C:\Users\Linda PC\Desktop\New_MILE_HIGH_CLUB.wmv
[2010/04/05 15:26:24 | 000,080,068 | ---- | C] () -- C:\Users\Linda PC\Desktop\2006 de7.pdf
[2010/04/05 14:45:28 | 000,021,700 | ---- | C] () -- C:\Users\Linda PC\Documents\UC Irvine info.docx
[2010/04/05 13:29:56 | 000,021,849 | ---- | C] () -- C:\Users\Linda PC\Documents\Bills For Month of __ rev April 5 2010.docx
[2010/04/05 09:59:08 | 000,041,310 | ---- | C] () -- C:\Users\Linda PC\Desktop\Article_ShortSales03_2010.pdf
[2010/04/02 13:17:36 | 000,058,409 | ---- | C] () -- C:\Users\Linda PC\Documents\Plaza Submission check list.docx
[2010/04/01 14:48:37 | 000,195,326 | ---- | C] () -- C:\Users\Linda PC\Desktop\Google - Topeka.pdf
[2010/04/01 11:29:05 | 000,175,830 | ---- | C] () -- C:\Users\Linda PC\Desktop\HP forum 3-31-10.pdf
[2010/04/01 10:32:12 | 000,212,248 | ---- | C] () -- C:\Users\Linda PC\Desktop\E&O forms.zip
[2009/10/07 20:30:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\Zlib.dll
[2009/10/07 20:30:41 | 000,041,984 | ---- | C] () -- C:\Windows\System32\ZFExt.dll
[2009/09/23 21:54:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/24 16:18:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/20 11:24:04 | 000,000,058 | ---- | C] () -- C:\Windows\mchguid.ini
[2009/07/20 08:46:46 | 000,000,454 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009/07/08 08:57:09 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/07/06 11:53:22 | 000,003,679 | ---- | C] () -- C:\Windows\GrAddrBk.ini
[2009/07/06 11:53:22 | 000,000,995 | ---- | C] () -- C:\Windows\GRACE.INI
[2009/07/06 11:53:22 | 000,000,053 | ---- | C] () -- C:\Windows\PRSRVDLL.INI
[2009/07/06 11:53:18 | 000,010,875 | ---- | C] () -- C:\Windows\ESOA.INI
[2009/07/06 11:51:51 | 000,001,555 | ---- | C] () -- C:\Windows\winpoint.ini
[2009/07/01 10:28:25 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009/07/01 10:28:24 | 000,094,208 | ---- | C] () -- C:\Windows\System32\DellFaxPort_x86.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/25 06:02:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\DELG1L3.DLL
[2008/08/22 07:32:18 | 000,217,088 | ---- | C] () -- C:\Windows\System32\ssminidriver.dll
[2008/08/22 07:32:18 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2008/08/22 07:32:18 | 000,011,264 | ---- | C] () -- C:\Windows\System32\sssegfilter.dll
[2008/08/22 07:32:18 | 000,010,752 | ---- | C] () -- C:\Windows\System32\sserrhandler.dll
[2008/05/17 17:26:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/10 20:01:04 | 000,012,800 | ---- | C] () -- C:\Windows\System32\EKDeviceServices.dll
[2007/10/26 21:00:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\Windows\System32\missouri.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\System32\unicows.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/02/03 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\acccore
[2010/04/22 16:13:04 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\Amazon
[2009/07/20 11:24:04 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\Calyx Software
[2009/07/29 11:55:51 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\Calyx_Software
[2008/12/21 13:25:37 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\CVS
[2009/07/20 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\SentriLock
[2009/08/14 15:12:26 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\Template
[2009/04/27 09:55:41 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\Walgreens
[2008/01/22 09:08:26 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\WildTangent
[2008/08/30 12:15:35 | 000,000,000 | ---D | M] -- C:\Users\Linda PC\AppData\Roaming\YesVideo
[2010/06/01 08:50:59 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2010/06/02 20:14:54 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/28 08:18:19 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{37C83D42-A42F-47A7-AE33-266E5FE51E1D}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2008/09/17 18:24:00 | 007,746,312 | ---- | M] () -- c:\$RECYCLE.BIN\ADAPT_Installer.exe
[2009/03/14 18:54:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3018490400-3965928206-2562087735-1000\$IDNTFG0.jpg
[2010/06/28 23:33:56 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3018490400-3965928206-2562087735-1000\$IPKDUO4.pdf
[2010/05/24 08:40:45 | 000,051,171 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3018490400-3965928206-2562087735-1000\$RPKDUO4.pdf
[2008/01/22 05:29:31 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3018490400-3965928206-2562087735-1000\desktop.ini
[2007/12/09 15:54:09 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3018490400-3965928206-2562087735-500\desktop.ini
[2007/11/25 20:16:59 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3941799431-3655476644-333612531-500\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-15 20:32:32


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/11/25 22:26:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/11/25 22:26:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/11/25 22:26:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 04:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 04:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 04:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/10 23:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/10 23:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/19 00:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006/11/02 02:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: BEEP.SYS >
[2008/01/18 22:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/18 22:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006/11/02 01:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/22 10:49:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/22 10:49:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 00:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/07/12 21:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\SWSETUP\Drivers\ITM\Winall\Driver\iastor.sys
[2007/07/12 21:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2008/12/04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\iastor.sys
[2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iastor.sys
[2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\drivers\iaStor.sys
[2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_38fdd39d\iaStor.sys
[2007/07/12 21:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\SWSETUP\Drivers\ITM\Winall\Driver64\iastor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: IMM32.DLL >
[2008/01/19 00:34:33 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=EC17194A193CD8E90D27CFB93DFA9A2E -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
[2006/11/02 02:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) MD5=EE12864398F1C3BF5BEE91F6AF9842E1 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\imm32.dll
[2009/04/10 23:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\imm32.dll
[2009/04/10 23:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/02/13 01:21:09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2006/11/02 02:46:05 | 000,874,496 | ---- | M] (Microsoft Corporation) MD5=1E36AE445E4DA83B82D51FEB2D4F8772 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[2009/02/13 00:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/02/13 00:13:01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009/02/13 01:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008/01/19 00:34:36 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2009/04/10 23:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2009/04/10 23:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2006/11/02 02:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/19 00:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/04/10 23:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/10 23:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006/11/02 02:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 00:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/01/22 10:45:03 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=2620822A21B76375F5FD6E0986407CD1 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys
[2007/12/16 15:50:41 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=37430AA7A66D7A63407ADC2C0D05E9F6 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
[2006/11/02 02:51:47 | 001,056,360 | ---- | M] (Microsoft Corporation) MD5=3F379380A4A2637F559444E338CF1B51 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16386_none_a43a67c1200088bf\ntfs.sys
[2009/04/10 23:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2009/04/10 23:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008/01/19 00:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
[2008/01/22 10:45:03 | 001,061,432 | ---- | M] (Microsoft Corporation) MD5=B5BE45B1F554DF9E1976CBC855365E60 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys
[2007/12/16 15:52:59 | 001,061,944 | ---- | M] (Microsoft Corporation) MD5=F08824715CA6076F5E73E005AB83B9C8 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2006/11/02 05:36:25 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=957CC0F372BB5D79C477363952276859 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6000.16386_none_0c076ff411279f33\ntmssvc.dll
[2008/01/19 00:35:58 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 02:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 02:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2008/01/19 00:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 02:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2007/11/25 21:08:21 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2007/11/25 21:08:21 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2009/04/10 23:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\System32\spoolsv.exe
[2009/04/10 23:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008/01/19 00:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2006/11/02 02:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 02:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 00:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2010/06/28 22:04:38 | 000,286,464 | ---- | M] () MD5=4F252B5EE30989E70F4328E8E4719AA1 -- C:\Users\Linda PC\AppData\Local\Temp\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/10 23:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\System32\termsrv.dll
[2009/04/10 23:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[2008/01/19 00:36:39 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2006/11/02 02:46:13 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=FAD71C1E8E4047B154E899AE31EB8CAA -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 00:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 02:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WS2_32.DLL >
[2006/11/02 02:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) MD5=D99A071C1018BB3D4ABAAD4B62048AC2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[2008/01/19 00:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008/01/19 00:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 02:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2010/02/22 23:34:49 | 000,594,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msfeeds.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Linda PC\Documents\Slideshow.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Linda PC\Documents\Slideshow.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Linda PC\Documents\Phil 50th Bash.dmsd:Roxio EMC Stream
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:4F0FFA06
< End of report >

rand444

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2010-06-29
Operating System : windows vista

View user profile

Back to top Go down

Re: AV Security Suite

Post by Belahzur on Thu 01 Jul 2010, 3:39 am

Hello.

  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AV Security Suite

Post by rand444 on Sun 04 Jul 2010, 10:06 am

ComboFix 10-07-03.01 - Linda PC 07/03/2010 15:48:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1639 [GMT -7:00]
Running from: c:\users\Linda PC\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081120-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081120-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Linda PC\g2mdlhlpx.exe
c:\users\Linda PC\GoToAssistDownloadHelper.exe
c:\windows\system32\KBL.LOG
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-03 22:58 . 2010-07-03 22:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-29 05:04 . 2010-07-02 15:51 -------- d-----w- c:\users\Linda PC\AppData\Local\tleelgnxl
2010-06-28 15:21 . 2010-06-28 15:21 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9C1B.tmp.exe
2010-06-26 17:52 . 2010-06-26 17:52 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3F23.tmp.exe
2010-06-25 15:17 . 2010-06-25 15:17 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3A16.tmp.exe
2010-06-24 15:21 . 2010-06-24 15:21 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7E4B.tmp.exe
2010-06-23 05:29 . 2010-06-23 05:29 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCD4E.tmp.exe
2010-06-10 18:05 . 2010-06-10 18:05 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-06 02:51 . 2010-06-06 02:51 -------- d-----w- c:\program files\Action Gaming, Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 22:00 . 2007-12-09 22:36 -------- d-----w- c:\program files\Realtek
2010-07-03 22:00 . 2007-11-26 03:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-03 22:00 . 2007-12-09 22:36 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-03 21:56 . 2008-12-21 03:02 267310 ----a-w- c:\programdata\nvModes.dat
2010-06-29 05:38 . 2009-07-07 18:16 -------- d-----w- c:\program files\Icon Commander
2010-06-10 18:08 . 2008-03-22 03:20 -------- d-----w- c:\program files\Safari
2010-06-02 05:54 . 2010-06-02 05:54 -------- d-----w- c:\programdata\4qsXatqkEcVccUBjW
2010-05-26 22:24 . 2010-04-21 22:41 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-21 21:14 . 2009-10-02 20:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-17 17:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-30 21:52 . 2010-04-30 21:52 306 ----a-w- c:\users\Linda PC\cvdm.dat
2010-04-16 17:32 . 2008-01-22 12:29 124576 ----a-w- c:\users\Linda PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-16 01:49 . 2010-03-04 16:50 1335048 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-04-13 19:05 . 2010-04-13 19:05 0 ----a-w- c:\windows\system32\srfvdo.dat
2010-04-09 20:48 . 2010-04-09 20:48 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-08 23:48 . 2010-03-17 22:23 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-04-07 00:52 . 2010-04-21 22:41 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_Launch.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"DellNSCST_GRNCH"="c:\program files\Dell\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" [2007-11-30 281640]
"Dell Laser MFP 1815 SM_JB"="c:\program files\DELL\Dell Laser MFP 1815\LocalSM\jbDetect.exe" [2008-08-14 222448]
"MFP1815_S2P"="c:\program files\DELL\DELL LASER MFP 1815\PSU\Scan2Pc.exe" [2008-08-19 259312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-10 122368]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-1 813584]
SentriLockCardUtility.lnk - c:\program files\SentrilockCardUtility\SentrilockCardUtility.exe [2009-7-20 4728420]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):68,37,f1,66,9e,43,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 135664]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
R2 SessionLauncher;SessionLauncher;c:\users\LINDAP~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
R3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [2004-04-06 64088]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\printer\center\KodakSvc.exe [2007-12-13 18944]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-07-16 5120]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2009-05-21 57984]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 19:31]

2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 19:31]

2008-03-19 c:\windows\Tasks\HPCeeScheduleForLinda PC.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-26 19:58]

2010-07-03 c:\windows\Tasks\User_Feed_Synchronization-{37C83D42-A42F-47A7-AE33-266E5FE51E1D}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: flagstar.com\wholesale
Trusted Zone: swiftview.com\www
DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F127} - [You must be registered and logged in to see this link.]
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - [You must be registered and logged in to see this link.]
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Linda PC\AppData\Roaming\Mozilla\Firefox\Profiles\8ta1l0kl.default\
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsview.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-hpqSRMon - (no file)
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-03 15:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-07-03 16:02:35
ComboFix-quarantined-files.txt 2010-07-03 23:02

Pre-Run: 58,031,869,952 bytes free
Post-Run: 58,766,061,568 bytes free

- - End Of File - - 3DB6DBD94C291CECCF64F2F10E623B62

rand444

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2010-06-29
Operating System : windows vista

View user profile

Back to top Go down

Re: AV Security Suite

Post by Belahzur on Mon 05 Jul 2010, 11:09 am

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Folder::
    c:\users\Linda PC\AppData\Local\tleelgnxl

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:5577

    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: AV Security Suite

Post by Sponsored content Today at 4:13 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum