GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Having issues after removing ThinkPoint, Still infected?

View previous topic View next topic Go down

Having issues after removing ThinkPoint, Still infected?

Post by Mikura on Thu Oct 28, 2010 12:56 am

Hello. I had the thinkpoint virus a few days ago and managed to fix it by following a guide that DoctorInferno posted somewhere (may have been on another forum or site). My computer is now acting strange and it still seems like something is wrong. For example it isn't reading flash drives and it will not open them, IE won't open, Firefox tries to take me to a fake google, etc. Smaller things like this that aren't hindering me from using the PC, but are annoying and make me fear that I am still infected with something. Please help me out if you can, Malwarebytes isn't picking up any infections and Avast isn't picking up any infections either. I ran OTL and have got the logfiles here:
---------

OTL logfile created on: 10/27/2010 12:48:31 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = J:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 143.68 Gb Free Space | 49.88% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.93% Space Free | Partition Type: NTFS
Drive J: | 490.11 Mb Total Space | 45.45 Mb Free Space | 9.27% Space Free | Partition Type: FAT

Computer Name: DELL-PC | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 19:50:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- J:\OTL.com
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/07/16 13:17:48 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 13:17:12 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 13:17:11 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/14 16:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 16:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 16:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/14 15:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 15:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 03:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/14 22:14:52 | 000,352,256 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/14 22:14:24 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/16 11:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/12 19:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/12/25 21:40:18 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/16 02:07:52 | 000,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/17 08:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 19:50:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- J:\OTL.com
MOD - [2010/07/16 13:17:48 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/22 21:32:59 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/16 13:17:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/02 13:12:00 | 003,623,304 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/14 16:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/07 03:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 22:14:24 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/16 11:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/03 21:15:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/14 08:49:44 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/03/12 19:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/07/10 22:58:30 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/26 15:19:46 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/02/16 02:07:52 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/16 13:17:49 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 13:17:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 21:27:34 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S7500(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 03:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/15 00:22:48 | 005,068,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/07/15 00:22:48 | 005,068,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/29 08:58:00 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/22 02:02:26 | 000,225,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/05/22 02:00:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/05/22 01:45:58 | 001,220,120 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/04/02 17:00:12 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/02 17:00:08 | 000,052,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/02 17:00:00 | 000,142,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/02/26 13:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/02/13 14:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/11 06:10:45 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/07/11 06:10:45 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/07/11 06:10:45 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/02/16 02:07:54 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/02/05 22:21:25 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/01/24 12:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/19 01:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/26 06:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 14:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 14:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:2.7.1.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.8
FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20100701
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/10/26 09:44:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/27 00:36:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/27 00:36:21 | 000,000,000 | ---D | M]

[2010/05/01 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\DELL\AppData\Roaming\mozilla\Extensions
[2010/05/01 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\DELL\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/10/27 00:38:11 | 000,000,000 | ---D | M] -- C:\Users\DELL\AppData\Roaming\mozilla\Firefox\Profiles\5b3wtfjc.default\extensions
[2010/07/04 13:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DELL\AppData\Roaming\mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2010/10/26 09:43:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DELL\AppData\Roaming\mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/26 09:44:00 | 000,000,000 | ---D | M] (IMVU Inc Toolbar) -- C:\Users\DELL\AppData\Roaming\mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2010/10/26 09:43:50 | 000,000,000 | ---D | M] (Vivox Voice Plugin) -- C:\Users\DELL\AppData\Roaming\mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\{ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07}
[2010/10/26 09:43:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DELL\AppData\Roaming\mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/27 00:38:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\DELL\AppData\Roaming\mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/26 09:43:48 | 000,000,000 | ---D | M] -- C:\Users\DELL\AppData\Roaming\mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\snaplinks@snaplinks.mozdev.org
[2010/10/27 00:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/08 17:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/10/07 12:06:22 | 000,002,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\DELL\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\DELL\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a95022c7-a862-11de-b2a3-001d099ca375}\Shell\AutoRun\command - "" = J:\WDSetup.exe -- File not found
O33 - MountPoints2\{b86348de-f19c-11de-9ed5-001d099ca375}\Shell - "" = AutoRun
O33 - MountPoints2\{b86348de-f19c-11de-9ed5-001d099ca375}\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{d175b0fc-ddae-11dd-b3e1-001d099ca375}\Shell\AutoRun\command - "" = K:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{d175b53c-ddae-11dd-b3e1-001d099ca375}\Shell - "" = AutoRun
O33 - MountPoints2\{d175b53c-ddae-11dd-b3e1-001d099ca375}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d175b637-ddae-11dd-b3e1-001d099ca375}\Shell - "" = AutoRun
O33 - MountPoints2\{d175b637-ddae-11dd-b3e1-001d099ca375}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: atashost - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {13F6737B-BADA-2F98-AA5F-E131AEF6435B} - Microsoft Windows Media Player
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {335D8655-BAFA-8EE2-2BE1-C92F24FF214F} - Microsoft Windows Media Player 11.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96324354-6A09-49B3-2F1D-DA7E76F30A7A} - Browser Customizations
ActiveX: {BB865EA9-5D7E-6E15-4078-7832B5F777CD} - Internet Explorer
ActiveX: {C1B237F1-DDAE-3100-F8E5-52996B02F386} - Internet Explorer
ActiveX: {C4C710CC-E55D-3FB6-8B4C-9C6061A533CE} - Microsoft Windows Media Player 11.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CD4756F0-F99B-A551-0FF9-EBC428C6E8A2} - Browser Customizations
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D6C5F8E5-15B6-DAAF-732B-10C3A0A1AD2C} - Microsoft Windows Media Player 11.0
ActiveX: {D8C9870A-413B-2638-D1E2-9D422CC5E489} - Viewpoint Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F7164FD6-DFF0-07E4-3897-28E9CCB584FB} - Viewpoint Media Player
ActiveX: {FBA5A7A9-2F08-7BCF-3DC1-78B831EE773B} - Microsoft Windows Media Player 11.0
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll ([You must be registered and logged in to see this link.]
Drivers32: VIDC.MFZ0 - C:\Windows\System32\MyFlashZip0.ax (Moyea Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/26 21:09:07 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/10/26 21:09:06 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/10/26 21:09:06 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/10/26 21:09:05 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/10/26 21:09:03 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/10/26 21:08:34 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/10/26 21:08:33 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/10/26 21:05:22 | 004,290,744 | ---- | C] (AVG Technologies) -- C:\Users\DELL\Desktop\avg_free_stb_all_2011_1136_cnet.exe
[2010/10/26 05:55:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/26 05:55:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/26 05:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 20:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/10/19 20:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/17 14:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/17 00:03:57 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Malwarebytes
[2010/10/17 00:03:44 | 000,000,000 | ---D | C] -- C:\Users\DELL\Desktop\Malwarebytes' Anti-Malware
[2010/10/17 00:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/16 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Qaywt
[2010/10/16 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Cemoc
[2010/10/16 21:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/10/16 21:18:54 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/10/13 23:55:52 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\Animation Portfolio Review
[2010/10/06 23:22:32 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\fe6
[2010/10/04 14:56:12 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\Pokemon
[2010/09/28 15:23:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2010/10/27 00:36:23 | 000,645,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/27 00:36:23 | 000,123,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/27 00:36:23 | 000,001,713 | ---- | M] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/27 00:36:23 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/26 23:58:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/26 23:58:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/26 23:46:18 | 000,162,304 | ---- | M] () -- C:\Users\DELL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 23:35:52 | 000,006,299 | ---- | M] () -- C:\Users\DELL\Documents\AngelWhisperSongs.png
[2010/10/26 21:09:07 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/26 21:09:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/26 20:56:04 | 004,290,744 | ---- | M] (AVG Technologies) -- C:\Users\DELL\Desktop\avg_free_stb_all_2011_1136_cnet.exe
[2010/10/26 19:58:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/26 19:58:04 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/26 19:56:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010/10/26 05:55:55 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 23:31:30 | 000,000,006 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\start
[2010/10/16 21:20:48 | 000,000,010 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\install
[2010/10/14 01:01:15 | 000,042,580 | ---- | M] () -- C:\Users\DELL\Documents\PfC.pdf
[2010/10/13 22:51:07 | 066,261,925 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/10/10 00:07:06 | 001,196,718 | ---- | M] () -- C:\Users\DELL\Documents\AlexisCabezas_DiplomaRequest.jpg
[2010/10/07 13:44:46 | 000,001,783 | ---- | M] () -- C:\Users\DELL\Desktop\IMVU.lnk
[2010/10/05 17:47:21 | 000,036,771 | ---- | M] () -- C:\Users\DELL\Documents\GraduationApplication_DiplomaOrderForm.pdf
[2010/10/04 14:05:16 | 000,000,000 | -H-- | M] () -- C:\Users\DELL\Documents\~cp_prj_untitled_demo2.cptx_lock
[2010/10/03 22:26:20 | 490,064,036 | ---- | M] () -- C:\Users\DELL\Documents\DemoReelForWeb.avi
[2010/10/03 22:03:33 | 490,066,600 | ---- | M] () -- C:\Users\DELL\Documents\AlexisCabezas_DemoReel.avi
[2010/10/01 19:27:52 | 006,123,266 | ---- | M] () -- C:\Users\DELL\Documents\AlexisCabezas_wk9_Project2Final.mov
[2010/10/01 14:13:20 | 003,979,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/30 14:14:22 | 000,001,180 | ---- | M] () -- C:\Users\DELL\Desktop\Adobe Captivate 5.lnk

========== Files Created - No Company Name ==========

[2010/10/27 00:36:23 | 000,001,713 | ---- | C] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/27 00:36:23 | 000,001,689 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/26 23:35:52 | 000,006,299 | ---- | C] () -- C:\Users\DELL\Documents\AngelWhisperSongs.png
[2010/10/26 21:09:07 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/10/26 05:55:55 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 23:04:50 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/16 22:14:11 | 000,000,006 | ---- | C] () -- C:\Users\DELL\AppData\Roaming\start
[2010/10/16 21:20:48 | 000,000,010 | ---- | C] () -- C:\Users\DELL\AppData\Roaming\install
[2010/10/14 01:01:14 | 000,042,580 | ---- | C] () -- C:\Users\DELL\Documents\PfC.pdf
[2010/10/10 00:07:04 | 001,196,718 | ---- | C] () -- C:\Users\DELL\Documents\AlexisCabezas_DiplomaRequest.jpg
[2010/10/05 17:47:17 | 000,036,771 | ---- | C] () -- C:\Users\DELL\Documents\GraduationApplication_DiplomaOrderForm.pdf
[2010/10/04 14:05:16 | 000,000,000 | -H-- | C] () -- C:\Users\DELL\Documents\~cp_prj_untitled_demo2.cptx_lock
[2010/10/03 22:21:02 | 490,064,036 | ---- | C] () -- C:\Users\DELL\Documents\DemoReelForWeb.avi
[2010/10/03 21:58:34 | 490,066,600 | ---- | C] () -- C:\Users\DELL\Documents\AlexisCabezas_DemoReel.avi
[2010/10/01 19:27:06 | 006,123,266 | ---- | C] () -- C:\Users\DELL\Documents\AlexisCabezas_wk9_Project2Final.mov
[2010/09/30 14:14:22 | 000,001,180 | ---- | C] () -- C:\Users\DELL\Desktop\Adobe Captivate 5.lnk
[2010/08/14 18:54:15 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2010/08/14 18:54:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/14 17:00:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/08/14 16:28:41 | 001,887,937 | ---- | C] () -- C:\Users\DELL\AppData\Roaming\swf2video.bin
[2010/08/14 16:28:30 | 000,132,672 | ---- | C] () -- C:\Users\DELL\AppData\Roaming\moyea_swf_dia.log
[2010/08/04 16:46:18 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/10/14 17:26:30 | 000,000,231 | ---- | C] () -- C:\Windows\System32\3dsmax.ini
[2009/10/14 17:26:30 | 000,000,043 | ---- | C] () -- C:\Windows\System32\InstallSettings.ini
[2009/10/07 03:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 03:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/02 13:24:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/01/21 16:26:31 | 000,000,474 | ---- | C] () -- C:\Users\DELL\AppData\Roaming\wklnhst.dat
[2008/10/14 11:36:47 | 000,000,552 | ---- | C] () -- C:\Users\DELL\AppData\Local\d3d8caps.dat
[2008/10/14 11:32:31 | 000,162,304 | ---- | C] () -- C:\Users\DELL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/14 11:29:02 | 000,000,680 | ---- | C] () -- C:\Users\DELL\AppData\Local\d3d9caps.dat
[2008/07/11 06:18:59 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/11 06:18:59 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/11 06:18:59 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/11 06:18:59 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/11 06:18:55 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/10/12 03:42:51 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXARICO.DLL
[2001/10/12 03:42:49 | 000,000,643 | ---- | C] () -- C:\Windows\LEXSTAT.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 03:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 03:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2008/01/19 03:42:58 | 000,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/06/21 09:18:15 | 002,036,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2009/07/14 21:11:08 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2009/10/07 03:23:08 | 000,013,584 | ---- | M] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2006/08/04 20:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2009/02/21 17:13:47 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 03:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2010/09/19 16:48:53 | 000,000,000 | ---- | M] () -- C:\CaptivateLog.log
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/11 06:19:11 | 000,005,025 | RH-- | M] () -- C:\dell.sdr
[2010/10/26 19:58:04 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/28 00:02:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/31 14:49:12 | 000,001,104 | -H-- | M] () -- C:\IPH.PH
[2008/12/28 00:02:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/05 05:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2010/10/26 19:58:01 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys
[2009/07/07 20:15:21 | 000,000,012 | -H-- | M] () -- C:\reachd.cz
[2010/10/27 00:46:17 | 000,000,387 | ---- | M] () -- C:\rkill.log
[2009/12/30 16:49:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/01/03 01:11:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/01/03 15:26:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/01/04 15:16:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/01/05 15:18:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/01/06 14:58:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/01/08 02:41:35 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/01/08 18:51:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/01/09 14:22:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/01/10 14:03:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/01/11 14:05:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/01/14 23:31:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/01/15 14:13:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/16 14:39:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/01/17 13:27:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/12/25 18:23:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/12/26 17:02:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/12/27 17:54:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/12/28 14:13:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/12/29 17:07:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/12/30 16:49:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/01/03 01:11:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/01/03 15:26:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/01/04 15:16:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/01/05 15:18:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/01/06 14:58:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/01/08 02:41:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/01/08 18:51:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/01/09 14:22:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/01/10 14:03:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/01/11 14:05:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/01/14 23:31:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/01/15 14:13:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/16 14:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/01/17 13:27:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/12/25 18:23:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/12/26 17:02:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/12/27 17:54:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/12/28 14:13:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/12/29 17:07:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %PROGRAMFILES%\*. >
[2010/10/04 17:56:58 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/06/03 21:28:12 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2009/08/12 01:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2008/12/27 19:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2010/10/26 09:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2010/10/19 20:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/08/14 16:56:19 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft Flash to Video Converter
[2010/08/29 16:18:01 | 000,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2008/12/27 19:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2009/02/23 17:15:12 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/09/09 16:53:28 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2008/07/10 22:48:29 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/02/02 00:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/11/19 19:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/10/26 09:42:09 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/08/14 17:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2010/08/15 15:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2008/12/27 19:40:49 | 000,000,000 | ---D | M] -- C:\Program Files\AWS
[2008/12/28 22:58:06 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/06/06 22:28:34 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/06/06 22:20:46 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/08/16 13:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2008/07/10 22:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/09/30 14:19:04 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/07/10 22:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/07/10 23:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/07/10 22:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/07/10 22:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2009/02/17 03:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\Easy GIF Animator
[2009/03/09 22:13:19 | 000,000,000 | ---D | M] -- C:\Program Files\Flash-SWF to AVI-GIF
[2010/03/16 20:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\FrostWire
[2009/07/07 20:16:49 | 000,000,000 | ---D | M] -- C:\Program Files\Furcadia
[2008/12/25 20:48:20 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/08/13 20:35:58 | 000,000,000 | ---D | M] -- C:\Program Files\Gpotato
[2009/02/24 18:07:19 | 000,000,000 | ---D | M] -- C:\Program Files\Incomplete
[2010/03/01 16:55:00 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/09/02 13:23:55 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/12 17:01:00 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/09/08 00:09:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/01/21 20:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/08/25 00:59:52 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2009/09/09 00:25:21 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/01/06 17:14:45 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/10/26 05:56:07 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

Mikura
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2010-10-17
Gender : Female
OS : Windows Vista
Points : 22551
# Likes : 0

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Mikura on Thu Oct 28, 2010 12:59 am

((OTL.txt continued))
-----------------------------


[2010/08/05 17:33:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/08/19 22:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/01/30 22:41:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/09/29 14:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/01/30 22:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Small Business
[2010/02/03 15:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/01/07 19:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/08/12 12:44:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/10/14 17:35:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/01/30 22:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/10/03 14:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2008/07/10 22:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/08/12 17:00:58 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/26 09:43:58 | 000,000,000 | ---D | M] -- C:\Program Files\Moyea
[2010/10/27 00:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/17 13:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/10 22:49:24 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/01/21 20:26:01 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice
[2009/01/21 20:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/08/13 20:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/03/01 16:53:39 | 000,000,000 | ---D | M] -- C:\Program Files\Pixologic
[2010/08/04 16:47:58 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2009/02/23 17:16:43 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/07/10 22:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/07/02 21:35:42 | 000,000,000 | ---D | M] -- C:\Program Files\StepMania
[2010/08/14 16:56:11 | 000,000,000 | ---D | M] -- C:\Program Files\SWF to Video Pro
[2010/10/26 09:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/10/26 09:42:50 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/09 17:02:39 | 000,000,000 | ---D | M] -- C:\Program Files\Unreal Tournament 3
[2008/12/25 16:01:59 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/08/31 14:48:32 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/12/25 19:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2010/10/26 09:44:24 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/03/30 21:11:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/03/30 21:11:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/03/30 21:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/03/30 21:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/08/05 17:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/08/05 17:33:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/12 13:06:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/26 09:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/30 21:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/03/30 21:11:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/12/25 12:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/12/25 21:24:26 | 000,000,000 | ---D | M] -- C:\Program Files\Xilisoft
[2009/12/29 23:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2010/10/16 21:20:48 | 000,000,010 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\install
[2010/08/15 19:57:02 | 000,132,672 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\moyea_swf_dia.log
[2010/10/16 23:31:30 | 000,000,006 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\start
[2010/08/15 19:58:07 | 001,887,937 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\swf2video.bin
[2010/08/11 20:57:34 | 000,000,474 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/07/11 05:56:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/07/11 05:56:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/07/11 05:56:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/07/11 05:56:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/07/11 05:57:06 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/07/11 06:18:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/07/11 06:18:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/07/11 06:18:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/07/11 06:18:28 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/07/11 05:56:31 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/07/11 05:56:31 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/07/11 05:57:06 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/07/11 05:57:06 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/07/11 06:10:45 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/07/11 06:10:45 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/07/11 06:10:45 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/07/11 06:10:45 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/04/26 06:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 06:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 06:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 06:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/07/11 06:09:55 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2008/07/11 06:09:55 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2008/07/11 06:09:55 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 00:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-08 18:05:07

< End of report >

--------------------------------
((Extras.txt))
--------------------------------

OTL Extras logfile created on: 10/27/2010 12:48:31 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = J:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 143.68 Gb Free Space | 49.88% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.93% Space Free | Partition Type: NTFS
Drive J: | 490.11 Mb Total Space | 45.45 Mb Free Space | 9.27% Space Free | Partition Type: FAT

Computer Name: DELL-PC | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Flash Professional\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DC6A075-11DB-43A1-9415-1E621D6CD011}" = lport=2869 | protocol=6 | dir=in | app=system |
"{19612B76-E365-4BCD-8A2E-0712A06766E0}" = lport=51868 | protocol=6 | dir=in | name=akamai netsession interface |
"{4A700FBE-40BC-4057-A6B1-5F85FC35A4A1}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{54DA33EC-30B6-48C1-AD9D-05DA92E6C9DE}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{93A85C6A-F60B-4ED0-8FF7-217E9965D75C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9FBFDD01-7121-4ED4-AB24-1D83DA2FA774}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A855F5A2-DEB1-48CB-AD12-D2DD1392CF45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C7D1473E-8254-4256-9AF9-EC2C2DB0B9A3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CCE64DA4-AA97-4B0B-B6E1-FDF1897E0799}" = lport=49206 | protocol=6 | dir=in | name=akamai netsession interface |
"{E47C2913-935E-4C25-83FB-37E2915C47D9}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0820E01E-920E-4DBB-A599-D04FD987D8F8}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{0F6C679C-EA81-424C-8975-79169673487C}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{1714EF01-3CC7-4F16-AD34-51F38E800879}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{17BE7835-C491-4D6E-B3F8-D73BB2AB5266}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{216AADCC-C10A-4748-B5FB-EB534BF3D245}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{25EC3966-C99B-42B6-ABB2-AA82EFA7B336}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{27DA7246-61BA-4B59-84BB-5452E569C45A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2C51A039-F3CB-491C-AF00-A29AE815DC82}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3016D3BF-5877-40CD-A02C-B907CEC0E3EF}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{30A0D2F7-4E26-4BF5-A501-A5F4350A99D4}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{33CCE97C-F92A-4C94-893A-CC9B0DB33B31}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{3B7ECA2A-084E-4ED9-BD2B-F5C25D8AA6F6}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{3B80E7CD-05B0-406E-9FD4-28111FF5E942}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{4043C98C-BF2E-4FD3-ADF6-44E6849FF065}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{44D52198-9F8E-4304-8B00-4A1E155258EC}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{491A823B-0EE2-4011-9471-F5132DD802D5}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{4AF612C1-1DCE-40A9-92D8-4F5BF4DA1307}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{4F2E537C-1A5E-41AC-B962-186D72829015}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5801C9D7-A6E2-4113-8A27-7BC852F5B08A}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{5C9E94C9-7C60-4C0C-B84C-025D94C283F7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{60E609BB-63B9-4A97-B9ED-BC5202A2D77F}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{63B5BA9D-04CA-424A-86E7-21B6A493F57E}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{77732C92-5D8F-49F4-B620-1ED4ABD9E05D}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{78FE640D-E643-4564-BB09-72780F727936}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{833AC007-261F-415A-B353-5F2BBDC4A066}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{996D6FCC-BFCA-49BB-9EC8-7BCA62F4140F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9D744255-C367-41C2-83CE-C3C66F616312}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A80349AD-4422-4349-9266-29D9931F923F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A874CD67-3474-4F33-A519-9A557D54E8B3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A9CE46BF-825F-4175-B0CE-BF100E6E02C9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AF911B04-7879-4223-AB58-72BC4B3CE72D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B2132639-5EF6-4FA8-9AAF-FF63A70A12BD}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{CA798E03-0FEC-40FD-A6E6-C26253ACC927}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CC1FDB31-EA48-48B7-A7C6-2D635DF90C46}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{CF6E75F6-8B31-4A88-A0E4-8A684F6C881C}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{D0DDFF40-8E42-4098-90F3-5B1BCF17936B}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{E98F5A0B-4204-4435-B577-5679A679A116}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{EAFC8E31-180B-4260-A3C8-BBB7D1D2C248}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{EB39F5C9-3246-46E9-B233-66F5757913A5}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{FD1F3422-E1BB-41D8-93B5-9004A82067EB}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{FD2F7E96-4FA7-4948-A617-F6FEF949EF17}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{08B3F6CF-BBC4-4409-9682-160F9179BC17}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{1FC1A485-3242-4232-A587-B9E90E84F5A8}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{24E28084-1540-4927-9AA6-5B3D11C8286E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{2B33090B-B571-4534-8098-CFFD910B1D76}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{31476866-306E-4654-9CEF-3946FB884B4B}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{34372EEE-31B0-47F2-A415-DE18AA82841D}C:\users\dell\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{4F086AE0-42CF-4C97-8DB7-7939F0BE1223}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{67299BA6-BD38-4CF3-9A06-131864F2A9E0}C:\users\dell\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{70D9FDE0-2ED0-4AA5-9317-C3E9D3DC1E8E}C:\users\dell\appdata\roaming\mozilla\firefox\profiles\5b3wtfjc.default\extensions\{abad4342-3fda-4ccf-80ac-b6d0eecaca07}\plugins\vivoxvoicemanager.exe" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\mozilla\firefox\profiles\5b3wtfjc.default\extensions\{abad4342-3fda-4ccf-80ac-b6d0eecaca07}\plugins\vivoxvoicemanager.exe |
"TCP Query User{8D602D7B-D6A1-457C-98BB-68A569A63087}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe |
"TCP Query User{902ADCA4-6EF0-4E74-A625-967E90B6170A}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{CC25AE26-2D9A-4F5C-8C98-E12807EADFC6}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{D1372120-1B3B-4579-8160-EB4007881549}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe |
"TCP Query User{D6CBDBF8-02F8-46E6-8DFB-7F032C05B0AF}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{01E270F0-1E02-4249-B01B-2113590CB569}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe |
"UDP Query User{155A5575-6202-41E9-B320-1A0DA60C14D8}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{305B0FA8-357F-4442-AE8B-D7DA93FCD9C4}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{4639EBAD-5EB4-4455-B0D5-B29BB7284B80}C:\users\dell\appdata\roaming\mozilla\firefox\profiles\5b3wtfjc.default\extensions\{abad4342-3fda-4ccf-80ac-b6d0eecaca07}\plugins\vivoxvoicemanager.exe" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\mozilla\firefox\profiles\5b3wtfjc.default\extensions\{abad4342-3fda-4ccf-80ac-b6d0eecaca07}\plugins\vivoxvoicemanager.exe |
"UDP Query User{5CFFE489-7901-42E3-9B3D-7F3458CD5AE5}C:\users\dell\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{8F34DAE6-87CF-4794-B4DA-E4B4BE285EBD}C:\users\dell\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{954BE60E-A4B9-4A54-9B12-C315C6D0BE5D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{A1A25142-3372-4BBB-A1E8-3A7F49528BAC}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe |
"UDP Query User{AD6B777A-ABC3-4ABE-AFC8-38148E30FDF4}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{AE745990-37A8-49D4-BDF2-7FF9CFB19E8D}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{D7F185D3-A4FB-4F86-8758-B120F6A7201C}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{E960FB01-6F8E-489A-B1CF-A7B85BD958EF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F62AAB72-91AF-4F86-88C4-37E209E2C2EE}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{FC3E46F7-FC83-4CCB-A975-C0B6417A9BA7}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04B66E37-AD9A-4E7C-6AFE-3365DC1C6147}" = Catalyst Control Center Localization Japanese
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B031784-8A94-5531-8C60-343607CAD7F9}" = CCC Help Italian
"{0B232420-6BC9-F6B1-4AEB-95CFA30BF0A1}" = Catalyst Control Center Localization French
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{12D9828A-4DC8-013E-524E-F6362F1D9664}" = Catalyst Control Center Localization Chinese Traditional
"{1511C73D-0F45-8C5D-B69F-1BABA56E448B}" = CCC Help Thai
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E64834-4AD7-2DD8-5D73-E8DC71A862E9}" = CCC Help Japanese
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{16EEFA60-7BA9-E33B-4375-677D5F6C4D81}" = Catalyst Control Center Localization Korean
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BCB0F0-BCCE-93D9-2AB3-05DD4D3B68FA}" = CCC Help Hungarian
"{1BFF0EA4-DFD8-8E28-90D4-8E435C7E0AAB}" = Catalyst Control Center InstallProxy
"{1D9A3AAB-EE6A-5F08-6D23-AFF10D5C0EC9}" = Catalyst Control Center Localization Turkish
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2EDC86B3-E984-2F11-0C2F-8D6DA0353ED7}" = CCC Help English
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{324355BF-83BD-8F8B-0F29-89DB5B4E215F}" = CCC Help Polish
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{336652F7-6D09-47F8-9C6D-9FFFD673543C}" = CCC Help Chinese Traditional
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7C8786-F407-1AF2-510E-63804A814C32}" = Catalyst Control Center Graphics Full New
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4237FDD2-5E55-47DA-B849-1982496D9288}" = Catalyst Control Center Localization Thai
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47F8EE35-905B-9429-FC0E-6B989C0812E6}" = Catalyst Control Center Core Implementation
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4AE196EC-ABA1-9BFC-74EC-B32FCA64373E}" = Catalyst Control Center Localization German
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4DBD094A-1D35-61D5-F3A0-4458DCAD37C2}" = Catalyst Control Center Graphics Previews Common
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FEF2C49-9133-0BB1-A5E5-111D6FF88504}" = ccc-utility
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{62779ED4-16E5-EEE7-28C8-AF2199DD0273}" = CCC Help Portuguese
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{640B596F-A338-8B00-B7B9-C372B68F4C9F}" = ccc-core-static
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69A13D2F-A08F-619A-1D42-94CB96F3635A}" = ATI Catalyst Install Manager
"{69B6B9E1-A5DF-3177-2B1D-3B672F29EF86}" = Adobe Captivate Quiz Results Analyzer
"{69CAB146-08E3-64A4-F9C6-FC3D0A962E37}" = Catalyst Control Center Graphics Light
"{6B32A311-93B5-31DF-E366-7455CD2EB70E}" = CCC Help Turkish
"{6B6CA344-96B5-6532-A087-BFDA6F4D5B45}" = Catalyst Control Center Localization Portuguese
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{715A7636-C48B-181A-D221-C8C4D942A0C0}" = Catalyst Control Center Graphics Full New
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7307702E-FE78-159E-E049-70AF0BEFE10E}" = CCC Help Korean
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8432FFD1-6F4D-F9B8-D641-5932E60359A2}" = Adobe Captivate Reviewer
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE51E45-F0B9-3BE4-4946-1B6D41D16A4A}" = CCC Help English
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E0B96CD-28A2-6D67-F629-372B81751C92}" = Catalyst Control Center Core Implementation
"{8E355243-1A34-4EE8-A743-C166E68CF5C0}" = Adobe Captivate 5
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{941E8028-CD3E-B877-5AE9-8107FEF652BC}" = CCC Help French
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99F4AE76-1ACC-DB7A-70C5-EF487D2268F5}" = Catalyst Control Center Localization Chinese Standard
"{99F66DCA-1A0C-7D84-6832-5F986D151BBF}" = Catalyst Control Center Localization Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9A7F4358-8BD4-AB2C-313C-10BB5CB23796}" = CCC Help Chinese Standard
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9B9DB42C-02E9-C357-0078-8C0071A0A4D9}" = Catalyst Control Center Graphics Previews Vista
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D680A7E-371C-45A8-6A68-C1782387B296}" = Catalyst Control Center Localization Polish
"{9F66304B-4C08-ACB8-4244-10E0E101C05B}" = Catalyst Control Center Localization Italian
"{A14CB363-D717-2EBB-9D84-1DAE75764181}" = Catalyst Control Center HydraVision Full
"{A154BBC7-5211-63EE-54F1-DDE3FF25BD0A}" = Catalyst Control Center Graphics Light
"{A2436E51-CBA9-41C2-10E1-63B32E1529C4}" = CCC Help German
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8406091-51A7-FCAF-9F51-86FE36BD346E}" = Catalyst Control Center Graphics Full Existing
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC363598-9D70-0357-8DA4-9598A05B48EA}" = Catalyst Control Center Graphics Full Existing
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B527A17B-A113-CD79-D502-8057991E2CFF}" = Catalyst Control Center Localization Spanish
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C1A628C2-92CC-BC23-BA13-18C6CFD2222E}" = ccc-utility
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DD305273-BA53-7F8F-88BC-066697820188}" = CCC Help Spanish
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E596BCF1-93C9-F90B-B01E-EBCF4231F2C7}" = Skins
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7861D15-407C-3328-E2F7-CFE5C04A32F4}" = Catalyst Control Center Graphics Previews Vista
"{EBBCBC9A-1281-D33E-4AD2-C3E8A36D9E1F}" = Catalyst Control Center Graphics Previews Common
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCF3DFF4-CB33-4343-9878-DEEC6D131DF8}" = Autodesk Design Review 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_ffcb3f2dd758cc9933975d08d2cd477" = Adobe Premiere Pro CS4
"AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Reviewer
"AIM_6" = AIM 6
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.0.7
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity_is1" = Audacity 1.2.6
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Canon MP190 series User Registration" = Canon MP190 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy GIF Animator_is1" = Easy GIF Animator 4.0
"FBX Plugin 2006.11.1 for Max 2008" = FBX Plugin 2006.11.1 for Max 2008
"FrostWire" = FrostWire 4.20.3
"Furcadia" = Furcadia
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Network MagicUninstall" = Network Magic
"PRJSTDR" = Microsoft Office Project Standard 2007
"PROR" = Microsoft Office Professional 2007
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Quiz Results Analyzer
"StepMania" = StepMania (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TVWiz" = Intel(R) TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3

Mikura
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2010-10-17
Gender : Female
OS : Windows Vista
Points : 22551
# Likes : 0

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Mikura on Thu Oct 28, 2010 12:59 am

((Extras.txt continued))
--------------------------


========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2010 12:55:14 AM | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Faulting application ImporterProcessServer.exe, version 0.0.0.0, time
stamp 0x48c70e51, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000005, fault offset 0x000c4780, process id 0x1128,
application start time 0x01cb5608a02b56d7.

Error - 9/20/2010 5:31:47 PM | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Faulting application mspaint.exe, version 6.0.6001.18000, time stamp
0x47918ead, faulting module mspaint.exe, version 6.0.6001.18000, time stamp 0x47918ead,
exception code 0xc0000005, fault offset 0x000169ce, process id 0x15e8, application
start time 0x01cb590ad0423a74.

Error - 9/23/2010 1:04:53 PM | Computer Name = DELL-PC | Source = VSS | ID = 8194
Description =

Error - 9/23/2010 1:06:20 PM | Computer Name = DELL-PC | Source = VSS | ID = 8194
Description =

Error - 9/29/2010 8:17:11 PM | Computer Name = DELL-PC | Source = Application Hang | ID = 1002
Description = The program VideoConverter.exe version 3.0.7.1 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 14b0 Start Time: 01cb6034a2ffa8dd Termination Time: 6

Error - 10/3/2010 8:38:26 PM | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Faulting application Adobe Premiere Pro.exe, version 4.0.0.0, time
stamp 0x48c70e71, faulting module ole32.dll, version 6.0.6001.18000, time stamp
0x4791a74c, exception code 0xc0000005, fault offset 0x00038925, process id 0xfa0,
application start time 0x01cb6351e67d3b92.

Error - 10/4/2010 1:29:51 PM | Computer Name = DELL-PC | Source = VSS | ID = 8194
Description =

Error - 10/4/2010 2:05:20 PM | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Faulting application AdobeCaptivate.exe, version 5.0.0.596, time stamp
0x4bf6ea66, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xb0d00000, process id 0x858, application start time
0x01cb63eea224c863.

Error - 10/16/2010 9:20:41 PM | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x0004311f, process id 0x784, application
start time 0x01cb6d5ce5c2b04b.

Error - 10/16/2010 9:20:44 PM | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module maindll.dll, version 0.0.0.0, time stamp 0x4cb8553b,
exception code 0xc0000005, fault offset 0x000011fb, process id 0x784, application
start time 0x01cb6d5ce5c2b04b.

[ Media Center Events ]
Error - 12/26/2008 3:42:23 AM | Computer Name = DELL-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/29/2009 3:53:02 PM | Computer Name = DELL-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/17/2010 8:31:52 PM | Computer Name = DELL-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/19/2010 7:59:55 PM | Computer Name = DELL-PC | Source = HTTP | ID = 15016
Description =

Error - 10/19/2010 8:06:32 PM | Computer Name = DELL-PC | Source = HTTP | ID = 15016
Description =

Error - 10/19/2010 8:20:34 PM | Computer Name = DELL-PC | Source = HTTP | ID = 15016
Description =

Error - 10/19/2010 8:20:59 PM | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 10/26/2010 5:47:21 AM | Computer Name = DELL-PC | Source = HTTP | ID = 15016
Description =

Error - 10/26/2010 5:47:46 AM | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 10/26/2010 6:10:49 AM | Computer Name = DELL-PC | Source = HTTP | ID = 15016
Description =

Error - 10/26/2010 6:11:14 AM | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 10/26/2010 7:58:10 PM | Computer Name = DELL-PC | Source = HTTP | ID = 15016
Description =

Error - 10/26/2010 7:58:35 PM | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7024
Description =


< End of report >

Mikura
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2010-10-17
Gender : Female
OS : Windows Vista
Points : 22551
# Likes : 0

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Belahzur on Fri Oct 29, 2010 1:08 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Mikura on Fri Oct 29, 2010 6:28 am

I have actually already updated and ran Malwarebytes and Avast multiple times, and they never find anything. Yet my computer is obviously not running properly so I am really stumped..

I ran Malwarebytes again, here is the logfile:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4979

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

10/29/2010 2:24:31 AM
mbam-log-2010-10-29 (02-24-31).txt

Scan type: Quick scan
Objects scanned: 142319
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Mikura
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2010-10-17
Gender : Female
OS : Windows Vista
Points : 22551
# Likes : 0

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Belahzur on Fri Oct 29, 2010 5:13 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Mikura on Fri Oct 29, 2010 9:10 pm

Here is my combofix log:

ComboFix 10-10-28.09 - DELL 10/29/2010 16:27:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1900 [GMT -4:00]
Running from: c:\users\DELL\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Trend Micro AntiVirus *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\spool\prtprocs\w32x86\LXARPP.DLL
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-29 20:40 . 2010-10-29 20:44 -------- d-----w- c:\users\DELL\AppData\Local\temp
2010-10-29 20:40 . 2010-10-29 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-28 20:27 . 2010-10-28 20:27 61832 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll
2010-10-27 01:09 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-27 01:09 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-27 01:09 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-27 01:09 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-27 01:09 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-27 01:08 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-27 01:08 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-26 09:55 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 09:55 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 09:54 . 2010-10-26 09:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 00:31 . 2010-10-20 00:31 -------- d-----w- c:\programdata\Alwil Software
2010-10-20 00:31 . 2010-10-20 00:31 -------- d-----w- c:\program files\Alwil Software
2010-10-17 18:58 . 2010-10-27 01:06 -------- d-----w- c:\programdata\MFAData
2010-10-17 04:03 . 2010-10-17 04:03 -------- d-----w- c:\users\DELL\AppData\Roaming\Malwarebytes
2010-10-17 04:03 . 2010-10-17 04:03 -------- d-----w- c:\programdata\Malwarebytes
2010-10-17 01:19 . 2010-10-20 00:17 -------- d-----w- c:\users\DELL\AppData\Roaming\Qaywt
2010-10-17 01:19 . 2010-10-17 01:21 -------- d-----w- c:\users\DELL\AppData\Roaming\Cemoc
2010-10-17 01:19 . 2010-10-20 00:17 -------- d-----w- c:\programdata\Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 20:28 . 2010-08-04 20:47 104328 ----a-w- c:\windows\system32\atsckernel.exe
2010-10-28 20:28 . 2010-08-04 20:47 43912 ----a-w- c:\windows\system32\atashost.exe
2010-08-17 13:32 . 2010-09-15 16:26 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 23:58 . 2010-08-14 20:28 1887937 ----a-w- c:\users\DELL\AppData\Roaming\swf2video.bin
2010-08-04 20:46 . 2010-08-04 20:46 8892928 ----a-w- c:\programdata\atscie.msi
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-19 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-10 50688]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-11 02:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-02 3623304]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 172032]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-10-28 43912]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2009-04-02 52624]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\5b3wtfjc.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\FFExternalAlert.dll
FF - component: c:\users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\DELL\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\DELL\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\5b3wtfjc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKCU-Run-AdobeBridge - (no file)
AddRemove-FBX Plugin 2006.11.1 for Max 2008 - c:\program files\Autodesk\FBX\FbxPlugins\2006.11.1\Max2008\Uninstall.exe
AddRemove-{718D791F-F4E8-4aa7-98A6-15FDED17BDD0} - c:\program files\Trend Micro\Internet Security\remove.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-29 16:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, [You must be registered and logged in to see this link.]
Windows 6.0.6001 Disk: SAMSUNG_HD321KJ rev.CP100-13 -> \Device\Ide\IdePort0

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x858D2446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x858d8504]; MOV EAX, [0x858d8580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x822CC05F] -> \Device\Harddisk0\DR0[0x858AD298]
3 CLASSPNP[0x8A7AA745] -> ntkrnlpa!IofCallDriver[0x822CC05F] -> [0x84D76F08]
5 acpi[0x828956A0] -> ntkrnlpa!IofCallDriver[0x822CC05F] -> [0x857478A8]
\Driver\atapi[0x858B1F38] -> IRP_MJ_CREATE -> 0x858D2446
kernel: MBR read successfully
detected hooks:
\Device\Ide\IdeDeviceP0T0L0-1 -> \??\IDE#DiskSAMSUNG_HD321KJ_________________________CP100-13#5&163e592b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\atapi DriverStartIo -> 0x858D2292
user != kernel MBR !!!
sectors 625142446 (+223): user != kernel
Warning: possible TDL4 rootkit infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2980)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\LEXBCES.EXE
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-10-29 17:00:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-29 21:00

Pre-Run: 153,862,262,784 bytes free
Post-Run: 155,603,566,592 bytes free

- - End Of File - - 0E83593FD67FC717650D132D5C521A47

Mikura
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2010-10-17
Gender : Female
OS : Windows Vista
Points : 22551
# Likes : 0

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Belahzur on Fri Oct 29, 2010 11:49 pm

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Mikura on Sat Oct 30, 2010 7:52 pm

2010/10/30 15:45:01.0422 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/30 15:45:01.0422 ================================================================================
2010/10/30 15:45:01.0422 SystemInfo:
2010/10/30 15:45:01.0423
2010/10/30 15:45:01.0423 OS Version: 6.0.6001 ServicePack: 1.0
2010/10/30 15:45:01.0423 Product type: Workstation
2010/10/30 15:45:01.0423 ComputerName: DELL-PC
2010/10/30 15:45:01.0423 UserName: DELL
2010/10/30 15:45:01.0423 Windows directory: C:\Windows
2010/10/30 15:45:01.0423 System windows directory: C:\Windows
2010/10/30 15:45:01.0423 Processor architecture: Intel x86
2010/10/30 15:45:01.0423 Number of processors: 2
2010/10/30 15:45:01.0423 Page size: 0x1000
2010/10/30 15:45:01.0423 Boot type: Normal boot
2010/10/30 15:45:01.0423 ================================================================================
2010/10/30 15:45:01.0911 Initialize success
2010/10/30 15:45:05.0754 ================================================================================
2010/10/30 15:45:05.0754 Scan started
2010/10/30 15:45:05.0754 Mode: Manual;
2010/10/30 15:45:05.0754 ================================================================================
2010/10/30 15:45:06.0488 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/10/30 15:45:06.0550 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/10/30 15:45:06.0612 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/30 15:45:06.0659 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/30 15:45:06.0690 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/30 15:45:06.0722 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/30 15:45:06.0815 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/10/30 15:45:06.0878 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/10/30 15:45:06.0924 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/30 15:45:07.0018 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
2010/10/30 15:45:07.0096 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/10/30 15:45:07.0127 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
2010/10/30 15:45:07.0174 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/30 15:45:07.0205 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/10/30 15:45:07.0283 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/30 15:45:07.0314 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/30 15:45:07.0377 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/10/30 15:45:07.0439 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/10/30 15:45:07.0470 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/10/30 15:45:07.0517 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/10/30 15:45:07.0564 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/10/30 15:45:07.0611 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/30 15:45:07.0658 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/10/30 15:45:07.0736 AtiHdmiService (627a938ac02e8f1b348875242968fea8) C:\Windows\system32\drivers\AtiHdmi.sys
2010/10/30 15:45:07.0907 atikmdag (af1ea1ac528e796d242b0cac522291a8) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/30 15:45:08.0110 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2010/10/30 15:45:08.0157 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/10/30 15:45:08.0204 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/10/30 15:45:08.0282 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/30 15:45:08.0375 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/30 15:45:08.0453 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/30 15:45:08.0500 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/30 15:45:08.0547 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/30 15:45:08.0578 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/30 15:45:08.0625 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/30 15:45:08.0656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/30 15:45:08.0687 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/30 15:45:08.0828 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/30 15:45:08.0874 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/30 15:45:08.0921 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/30 15:45:08.0984 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/10/30 15:45:09.0030 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
2010/10/30 15:45:09.0062 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2010/10/30 15:45:09.0093 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/30 15:45:09.0124 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/30 15:45:09.0202 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/10/30 15:45:09.0264 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/10/30 15:45:09.0327 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/30 15:45:09.0374 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/30 15:45:09.0420 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/10/30 15:45:09.0483 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/30 15:45:09.0545 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/10/30 15:45:09.0623 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/30 15:45:09.0686 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/10/30 15:45:09.0748 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/10/30 15:45:09.0795 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/30 15:45:09.0842 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/30 15:45:09.0888 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/30 15:45:09.0935 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/30 15:45:09.0998 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/10/30 15:45:10.0029 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/30 15:45:10.0060 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/30 15:45:10.0122 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/10/30 15:45:10.0169 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/30 15:45:10.0200 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/30 15:45:10.0232 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/30 15:45:10.0294 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/30 15:45:10.0341 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/30 15:45:10.0419 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/10/30 15:45:10.0450 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2010/10/30 15:45:10.0559 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/10/30 15:45:10.0606 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/30 15:45:10.0668 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/30 15:45:10.0746 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2010/10/30 15:45:10.0824 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/30 15:45:10.0980 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/30 15:45:11.0074 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/30 15:45:11.0246 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2010/10/30 15:45:11.0308 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/30 15:45:11.0339 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/30 15:45:11.0402 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/30 15:45:11.0464 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/30 15:45:11.0526 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/30 15:45:11.0604 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/30 15:45:11.0636 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/10/30 15:45:11.0682 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/30 15:45:11.0714 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/30 15:45:11.0729 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/30 15:45:11.0760 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/30 15:45:11.0807 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/30 15:45:11.0870 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/30 15:45:11.0979 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/30 15:45:12.0041 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/30 15:45:12.0057 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/30 15:45:12.0135 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/30 15:45:12.0182 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/30 15:45:12.0244 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\Drivers\LVPr2Mon.sys
2010/10/30 15:45:12.0353 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
2010/10/30 15:45:12.0416 LVUSBSta (8b79a50360fc31df6b7b979b686b4aa2) C:\Windows\system32\drivers\LVUSBSta.sys
2010/10/30 15:45:12.0603 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
2010/10/30 15:45:12.0743 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/10/30 15:45:12.0806 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/30 15:45:12.0884 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/30 15:45:12.0930 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/30 15:45:12.0977 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/30 15:45:12.0993 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/30 15:45:13.0040 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/30 15:45:13.0086 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/30 15:45:13.0133 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/30 15:45:13.0164 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/30 15:45:13.0211 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/10/30 15:45:13.0274 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/30 15:45:13.0320 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/30 15:45:13.0336 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/30 15:45:13.0383 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
2010/10/30 15:45:13.0414 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/30 15:45:13.0461 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/30 15:45:13.0508 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/30 15:45:13.0554 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/30 15:45:13.0632 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/30 15:45:13.0648 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/30 15:45:13.0695 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/10/30 15:45:13.0726 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/30 15:45:13.0773 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/30 15:45:13.0788 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/10/30 15:45:13.0882 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/30 15:45:13.0929 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2010/10/30 15:45:13.0960 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/30 15:45:14.0007 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/30 15:45:14.0038 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/30 15:45:14.0085 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/30 15:45:14.0116 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/30 15:45:14.0147 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/30 15:45:14.0210 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/30 15:45:14.0256 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/10/30 15:45:14.0303 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/30 15:45:14.0366 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/10/30 15:45:14.0412 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/30 15:45:14.0459 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/30 15:45:14.0490 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/30 15:45:14.0522 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/30 15:45:14.0553 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/10/30 15:45:14.0662 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/10/30 15:45:14.0709 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/30 15:45:14.0756 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/10/30 15:45:14.0802 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/30 15:45:14.0865 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/10/30 15:45:14.0927 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/10/30 15:45:14.0958 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/30 15:45:15.0021 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/30 15:45:15.0114 pnarp (3de33bce4a930edf57bd1f742823bcd8) C:\Windows\system32\DRIVERS\pnarp.sys
2010/10/30 15:45:15.0192 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/30 15:45:15.0224 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/30 15:45:15.0302 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/30 15:45:15.0333 purendis (53efa6066e7ffaa1ad91c7fb40ffd2ec) C:\Windows\system32\DRIVERS\purendis.sys
2010/10/30 15:45:15.0395 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/30 15:45:15.0551 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/30 15:45:15.0614 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/30 15:45:15.0692 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/30 15:45:15.0832 R300 (af1ea1ac528e796d242b0cac522291a8) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/30 15:45:15.0910 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/30 15:45:15.0957 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/30 15:45:16.0004 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/30 15:45:16.0050 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/30 15:45:16.0082 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/30 15:45:16.0128 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/30 15:45:16.0175 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/10/30 15:45:16.0206 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/30 15:45:16.0238 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/10/30 15:45:16.0300 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/30 15:45:16.0331 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/30 15:45:16.0409 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/30 15:45:16.0425 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/30 15:45:16.0472 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/30 15:45:16.0534 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/30 15:45:16.0565 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2010/10/30 15:45:16.0596 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/30 15:45:16.0612 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/30 15:45:16.0628 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/30 15:45:16.0674 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/10/30 15:45:16.0706 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/30 15:45:16.0721 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/30 15:45:16.0784 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/10/30 15:45:16.0830 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/30 15:45:16.0908 srv (9a0163e7fbe59da0591bb1ad77d92e63) C:\Windows\system32\DRIVERS\srv.sys
2010/10/30 15:45:16.0940 srv2 (c7da26d2c7d480b1dd38ca19cc90b821) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/30 15:45:16.0971 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/30 15:45:17.0049 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/30 15:45:17.0111 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/30 15:45:17.0127 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/30 15:45:17.0158 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/30 15:45:17.0267 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/10/30 15:45:17.0298 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/30 15:45:17.0330 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/30 15:45:17.0376 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/30 15:45:17.0408 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/30 15:45:17.0454 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/30 15:45:17.0486 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/30 15:45:17.0532 tmactmon (01725decc55e65258297f4d703e14c58) C:\Windows\system32\DRIVERS\tmactmon.sys
2010/10/30 15:45:17.0579 tmcomm (1f6bb0d481b6907587350009cf958ed6) C:\Windows\system32\DRIVERS\tmcomm.sys
2010/10/30 15:45:17.0595 tmevtmgr (141a25dceec66c5286eedc4faae8bb11) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2010/10/30 15:45:17.0626 tmpreflt (1615eb81a09c3c36ba8b4a1b1d525d8f) C:\Windows\system32\DRIVERS\tmpreflt.sys
2010/10/30 15:45:17.0673 tmtdi (c9b16b4f9f063b527cddbb76fb946dfd) C:\Windows\system32\DRIVERS\tmtdi.sys
2010/10/30 15:45:17.0735 tmxpflt (44b4a683b8de31b709d1e5fc5d01dcc6) C:\Windows\system32\DRIVERS\tmxpflt.sys
2010/10/30 15:45:17.0782 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/30 15:45:17.0829 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/30 15:45:17.0891 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/30 15:45:17.0938 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/30 15:45:17.0985 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/30 15:45:18.0032 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/30 15:45:18.0047 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/30 15:45:18.0078 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/30 15:45:18.0094 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/30 15:45:18.0156 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/30 15:45:18.0203 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2010/10/30 15:45:18.0234 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/30 15:45:18.0266 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/30 15:45:18.0328 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/30 15:45:18.0375 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/30 15:45:18.0406 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/30 15:45:18.0437 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/30 15:45:18.0484 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/30 15:45:18.0531 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/30 15:45:18.0546 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/30 15:45:18.0593 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/30 15:45:18.0640 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/30 15:45:18.0671 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/10/30 15:45:18.0702 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/30 15:45:18.0765 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
2010/10/30 15:45:18.0812 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/30 15:45:18.0858 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/10/30 15:45:18.0874 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/10/30 15:45:18.0952 vsapint (84b4bfc6808adfdeb0716af857dd9519) C:\Windows\system32\DRIVERS\vsapint.sys
2010/10/30 15:45:18.0999 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/30 15:45:19.0046 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/30 15:45:19.0092 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/30 15:45:19.0108 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/30 15:45:19.0155 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/30 15:45:19.0217 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2010/10/30 15:45:19.0280 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/30 15:45:19.0389 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/10/30 15:45:19.0467 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2010/10/30 15:45:19.0545 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/30 15:45:19.0607 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/30 15:45:19.0685 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/30 15:45:19.0732 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/10/30 15:45:19.0763 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/30 15:45:19.0779 ================================================================================
2010/10/30 15:45:19.0779 Scan finished
2010/10/30 15:45:19.0779 ================================================================================
2010/10/30 15:45:19.0794 Detected object count: 1
2010/10/30 15:47:12.0161 \HardDisk0\MBR - will be cured after reboot
2010/10/30 15:47:12.0161 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

Mikura
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2010-10-17
Gender : Female
OS : Windows Vista
Points : 22551
# Likes : 0

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Belahzur on Sat Oct 30, 2010 11:07 pm

Hello.

I see that you are running FrostWire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

You are also running two antivirus', I see from the uninstall list you have Avast installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove AVG to avoid conflict and other future problems.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.3.3
    AVG Free 9.0
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) 6 Update 15
    FrostWire 4.20.3
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Mikura on Sun Oct 31, 2010 10:03 pm

I have tried and my computer will not let me uninstall AVG... it gives me this pop up:


Here is the ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=069141416f485d4cb9564b3c612095ef
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-31 09:26:31
# local_time=2010-10-31 05:26:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=514 16776573 100 93 76370 124229199 0 0
# compatibility_mode=768 16777215 100 0 94997 94997 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 18865927 125158835 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=435237
# found=2
# cleaned=2
# scan_time=9087
C:\Users\DELL\Desktop\Adobe After Effects CS4\ACS4MC- Keygen\Extra keygen\ACS4MC-Keygen.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Mikura
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2010-10-17
Gender : Female
OS : Windows Vista
Points : 22551
# Likes : 0

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Belahzur on Mon Nov 01, 2010 1:00 am

Figure.... AVG sucks. Don't worry, we'll remove it with another tool soon.

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Mikura on Mon Nov 01, 2010 2:38 am

Alright. Thank you so much for helping me through all of this, by the way. =)

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\gpotato\flyff\model\texture\crack.dds
c:\program files\gpotato\flyff\model\texture\obj_ominous_crack.dds
c:\program files\gpotato\flyff\model\texturelow\crack.dds
c:\program files\gpotato\flyff\model\texturelow\obj_ominous_crack.dds
c:\program files\gpotato\flyff\model\texturemid\crack.dds
c:\program files\gpotato\flyff\model\texturemid\obj_ominous_crack.dds
c:\program files\gpotato\flyff\sfx\sfx_sklassknuburstcrack01.sfx
c:\program files\gpotato\flyff\sfx\sfx_taiwancracker01.sfx
c:\program files\gpotato\flyff\sfx\sfx_taiwancracker02.sfx
c:\program files\gpotato\flyff\sfx\texture\sfx_taiwancracker01.dds
c:\program files\gpotato\flyff\sfx\texture\sfx_taiwancracker02.dds
----- EOF -----

Mikura
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2010-10-17
Gender : Female
OS : Windows Vista
Points : 22551
# Likes : 0

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Belahzur on Tue Nov 02, 2010 12:40 am

Hello.

Completely Uninstall AVG software

Download and run avgremover.exe

For 32-Bit, Download: [You must be registered and logged in to see this link.]

Please run that and then let me know how the computer is running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Mikura on Tue Nov 02, 2010 4:51 am

Wow, everything seems to be running smoothly! All of the issues that I was having before are gone and it doesn't seem like anything odd is going on anymore. Thank you SO much!

Is there anything else I should check, anything else I should do now?

Mikura
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2010-10-17
Gender : Female
OS : Windows Vista
Points : 22551
# Likes : 0

View user profile

Back to top Go down

Re: Having issues after removing ThinkPoint, Still infected?

Post by Belahzur on Wed Nov 03, 2010 1:22 am

Hello.
Just 3 more things, software updates for the machine.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

Download and install [You must be registered and logged in to see this link.]
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

That should do it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum