# c;program' dll module could not be found.



## wakss3 (Sep 11, 2010)

Hi, pls am a new user, there is this error message that pop up at every start up that dll mole coul not be found, how do i solve it?


----------



## Frank4d (Sep 10, 2006)

It is usually caused by a startup entry leftover after malware removal, but not always. What is the name of the dll?


----------



## wakss3 (Sep 11, 2010)

this is the error message that usually showedeach time i start computer 'error loading C:users/AppData/Roaming/tginsxs.dll' the specific module could not be found. 
pls i need to fix this ,any solution? thanks.


----------



## Phantom010 (Mar 9, 2009)

Your computer is most likely infected. Please click on *Report* and kindly ask to be moved to the *Virus & Other Malware Removal *forum. Be sure to provide the appropriate reports in that forum after reading *THIS*. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!


----------



## wakss3 (Sep 11, 2010)

can i go to virus forum myself? i have send the report to be moved to it. do i need to pu my username in d report or they know who is repoting? thanks.


----------



## Phantom010 (Mar 9, 2009)

You're there now.


----------



## wakss3 (Sep 11, 2010)

when i got to virus forum, they have closed my thread saying its a duplicate thread, pls my problem is not solved yet, am a new user. i was refered to virus forum by the report attender pls.


----------



## Phantom010 (Mar 9, 2009)

You are in the right place now, in the *Virus & Other Malware Removal *forum. Wait here for a malware removal expert's instructions. Please be patient, they are very busy.


----------



## wakss3 (Sep 11, 2010)

phantom010,
the fact is that my thread at the virus forum is closed, u cant post or repply it, & my post cant be resolved without been unclosed. can u do something so it opened?


----------



## Phantom010 (Mar 9, 2009)

Can't you see that you are in the right forum now? Where do you see the word "Close"? You had created another identical thread and it was closed, as it was against this forum's rules to post duplicates.

Don't worry, your thread, this one, is open and alive. Otherwise, you wouldn't even be able to reply in it. Neither would I. You just need to wait for assistance from a malware removal expert, *here*.


----------



## CatByte (Feb 24, 2009)

Hi

Please do the following:

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press *N* then press *Enter* twice.
If nothing unusual is found just press *Enter*
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop. 
Please post the contents of that file.

*
NEXT*

Please download *DDS* from either of these links

*LINK 1* 
*LINK 2*

and save it to your *desktop.*

Disable any script blocking protection
 Double click *dds.pif* to run the tool. 
When done, two *DDS.txt's* will open. 
Save both reports to your *desktop.*
---------------------------------------------------
*Please include the contents of the following in your next reply:*

*DDS.txt*
*Attach.txt*.

*NEXT*

Download *GMER Rootkit Scanner *from *here**http://www.gmer.net/download.php*http://www.gmer.net/download.php to your desktop. It will be a randomly named executable.

 Double click the exe file.
 If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*, then use the following settings for a more complete scan.


_Click the image to enlarge it_

 In the right panel, you will see several boxes that have been checked. Ensure the following are *unchecked*
 IAT/EAT
 Drives/Partition other than Systemdrive (typically C:\) 
 Show All (don't miss this one)

 Then click the Scan button & wait for it to finish. 
 Once done click on the *[Save..]* button, and in the File name area, type in *"Gmer.txt"* or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in reply.

_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries _


----------



## wakss3 (Sep 11, 2010)

Hi, this is the attachment and the post;
1)
DDS (Ver_10-03-17.01) - NTFSx86 
Run by WALEX at 11:13:11.27 on Thu 09/16/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista Business 6.0.6002.2.1252.1.1033.18.1975.753 [GMT 1:00]
AV: Total Protection *On-access scanning disabled* (Outdated) {8C354827-2F54-4E28-90DC-AD391E77808C}
SP: Avira AntiVir PersonalEdition *disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Total Protection *disabled* (Outdated) {DEBE977C-6A5A-49CC-937A-9E8BB3202260}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Total Protection *disabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}
============== Running Processes ===============
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\Explorer.EXE
C:\windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\ProgramData\DatacardService\DataCardMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\system32\wuauclt.exe
C:\Users\WALEX\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
mURLSearchHooks: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\tbBrot.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6173\SiteAdv.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - MediaBar
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\program files\bearshare applications\mediabar\datamngr\IEBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\tbBrot.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6173\SiteAdv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\tbBrot.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - 
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [fsm] 
uRun: [L08AXLRD_119591676] "c:\program files\microsoft student\microsoft student with encarta premium 2008 dvd\EDICT.EXE" -m
uRun: [vjhax] rundll32.exe "c:\users\walex\appdata\roaming\tginsxs.dll",metmdds
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [MVS Splash] c:\program files\mcafee\managed virusscan\agent\Splash.exe
mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\agent\StartMyAgtTry.Exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6173\SiteAdv.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [DataMngr] c:\progra~1\bearshare applications\mediabar\datamngr\DataMngrUI.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
StartupFolder: c:\users\walex\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\walex\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: {03E77AB5-B34E-4C13-8BC3-4AB0BF388C9C} = 196.3.60.5 196.3.60.7
TCP: {04D3B108-82E9-400C-B4CB-C5C9AA869804} = 196.3.60.5 196.3.60.7
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\myRmProt4.9.0.295.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6173\SiteAdv.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: APSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - 
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-14 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-14 12928]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-3 165584]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-18 205608]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-14 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-3 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-3 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-3 40384]
R2 DCSHost.exe;DCSHost.exe;c:\programdata\datacardservice\DCSHOST.exe [2010-8-22 110592]
R2 EngineServer;EngineServer;c:\progra~1\mcafee\manage~1\vscan\ENGINE~1.EXE [2008-6-18 13632]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-14 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-6-18 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 26168]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2008-6-18 540776]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-6-18 202048]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-8-29 28762]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-6-18 576024]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-3 40384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-18 193840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2008-6-18 144704]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2008-6-18 79560]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2008-6-18 35240]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-6-18 34088]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-12-18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-12-18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-12-18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-12-18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-12-18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-12-18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-12-18 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================

==================== Find3M ====================

============= FINISH: 11:21:56.63 ===============

2)rookitmalware scan;
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-16 13:14:15
Windows 6.0.6002 Service Pack 2
Running: zoi54glp.exe; Driver: C:\Users\OLAWALE\AppData\Local\Temp\uglcqpow.sys

---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x92D26BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x92D269D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x92D26B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8377DDF0 7 Bytes JMP 92D26B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 837E928F 5 Bytes JMP 92D225D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 83842063 5 Bytes JMP 92D23FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 83843905 7 Bytes JMP 92D269D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 838A390A 7 Bytes JMP 92D26BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\windows\System32\Drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1912] kernel32.dll!SetUnhandledExceptionFilter 75FAA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186d8eb9d 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e515ae0 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x5A 0x59 0x8A 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xD0 0xAC 0x5A 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xCF 0x8B 0xF5 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x7C 0x47 0x27 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002186d8eb9d (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e515ae0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x5A 0x59 0x8A 0xDD ...
Reg  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x25 0x8B 0x51 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186d8eb9d (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e515ae0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0x5A 0x59 0x8A 0xDD ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0x25 0x8B 0x51 0x8D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002186d8eb9d (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00247e515ae0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\[email protected] 0x5A 0x59 0x8A 0xDD ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\[email protected] 0x25 0x8B 0x51 0x8D ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002186d8eb9d (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00247e515ae0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\[email protected] 0x5A 0x59 0x8A 0xDD ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\[email protected] 0x25 0x8B 0x51 0x8D ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002186d8eb9d (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00247e515ae0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\[email protected] 0x5A 0x59 0x8A 0xDD ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\[email protected] 0x25 0x8B 0x51 0x8D ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002186d8eb9d (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00247e515ae0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\[email protected]  0x5A 0x59 0x8A 0xDD ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\[email protected] 0x25 0x8B 0x51 0x8D ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\002186d8eb9d (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00247e515ae0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\[email protected] 0x5A 0x59 0x8A 0xDD ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\[email protected] 0xD0 0xAC 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\[email protected] 0xCF 0x8B 0xF5 0x2B ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\002186d8eb9d (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00247e515ae0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\[email protected] 0x5A 0x59 0x8A 0xDD ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\[email protected] 0xD0 0xAC 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\[email protected] 0xCF 0x8B 0xF5 0x2B ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\002186d8eb9d (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\00247e515ae0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\[email protected] 0x5A 0x59 0x8A 0xDD ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\[email protected] 0x53 0x7B 0x4F 0xC0 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\[email protected] 0x2D 0xAA 0x44 0x73 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\[email protected] 0xD0 0xAC 0x5A 0x43 ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\[email protected] 0xCF 0x8B 0xF5 0x2B ...
Reg HKLM\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\[email protected] 0x7C 0x47 0x27 0x8C ...
---- EOF - GMER 1.0.15 ----

NB; wen i 1st scan it the log was much and my battery went off but wen i rescan it was not that much. the error is still showing.
thak u as u help people, God bless u.


----------



## CatByte (Feb 24, 2009)

Hi

Please do the following:

Download *Combofix* from either of the links below, and save it to your desktop.

*Link 1* 
*Link 2*

**Note: It is important that it is saved directly to your desktop**

-------------------------------------------------------------------- 
IMPORTANT - *Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here 
--------------------------------------------------------------------

Double click on *ComboFix.exe* & follow the prompts. 
When finished, it will produce a report for you. 
Please post the *C:\ComboFix.txt * for further review.


----------



## wakss3 (Sep 11, 2010)

Thank u,
I disabled my protection and i double click on combofix but each time i do that (run combofix) my computer shuts down just the way it shuts down when i use incompatible hardware like some modem, it will just show that its running that it will take about 10 minutes but may double when fixing some problems and it will stop/hang/shutdown and the computer will show this error ''a problem has been detected and windows has been shut down to prevent damage to your computer''
But what i think is may be combofix is not compatible with this vista or somthing?.
thank u as i look forward to ur response.


----------



## CatByte (Feb 24, 2009)

Please delete the copy of ComboFix that you have on your desktop, download a fresh copy and rename it to Combo.com before saving it to your desktop

If it still wont run, then tap into safe mode and run CombooFix in safe mode

(Upon reboot > tap F8 repeatedly until an advanced menu appears > arrow up to safe mode)


----------



## wakss3 (Sep 11, 2010)

ok , i will do just dat and give u feedback later.
thanks to catbyte.


----------



## CatByte (Feb 24, 2009)

Do you still need help with your machine?

If so please post the logs


----------



## wakss3 (Sep 11, 2010)

CatByte, thank you, i have been away for somedays now, sorry for late response.
I tried to run combo again and its scanned for a long time but i thought the scan log will show on the scan window but i didnt see any log and when its not going further i closed it. When i restart computer the dll error is still showing, but i see some strange combo folder and files in C: HDD which i dont know if the log cud be there.
I still wish my machine error cud be resolved.
one more question, 'if at the end d combo cudnt fix the error, can i delete all d combo file and folder in C: ?
I appreciate U.
Later.


----------



## CatByte (Feb 24, 2009)

Try running ComboFix in safe mode

Please let it continue until it has completed, this can take a while

It will create a log automatically

If it needs to reboot, be sure to go back into safe mode so it will create a log


----------



## wakss3 (Sep 11, 2010)

Thanks, i will retry that again and give u feedback.


----------



## CatByte (Feb 24, 2009)

I would rather you post the log it produces, then I can help you more


----------



## wakss3 (Sep 11, 2010)

Hi,
>These are the important things i could gather for you to be able to diagnose the problem;
>Combofix version 10-09-17-04
>Current data is 2010-09-25 , combofix has expired, click yes to run in reduced functionality mode , click no to exit.
>PEV cfxxe is requesting ; the instruction 0x7711b457 , ref memory at 0x00000000 the memory could not be written.
>The file or directory C:/windows/assembly/GAC/Microsoft.Direct x is corrupt and unreadable, pls run the chkdsk utility 
>PEV.exe- corrupt file
> Combofix window displays this too Administrator; combofix find 3M
>Could not find C:/combo11478C/create.cmd.
Just read these and see if you can deduce something from it to know the next step to take.
As a result of the above error ,the combo log could not be generated.
Thank you as I await ur reply.


----------



## CatByte (Feb 24, 2009)

Please delete the copy of combofix that you have on your desktop

download a fresh copy from the link below, but rename it to *Combo.com* before saving it.

Now tap into safe mode with networking >

reboot > tap F8 repeatedly until an options menu appears > arrow up to safe mode with networking

run ComboFix

make sure you boot back into safe mode if ComboFix reboots itself so that it can produce a log.

(please be patient - it may take a while)

*Link 1*


----------



## wakss3 (Sep 11, 2010)

ok, thanks i will do dat but bear wit me if it take some days, i have limited access to internet this days pls.
take care catbyte.


----------



## wakss3 (Sep 11, 2010)

Pls refer to my previous message, u did not say anything about it for example one that say something is unreadable & corrupt etc. so its stopping combo from completing its task.
thank u, though i av downloaded it again but i want ur rewsponse to this first. 
bye.


----------



## CatByte (Feb 24, 2009)

Hi,

I suspect the infection is interfering with ComboFix, hence my instructions to delete the copy you had, download and re-name it.

Try running it in safe mode if it will not run in normal mode.

Please try and run this program and post the log produced


----------



## wakss3 (Sep 11, 2010)

Hi,
I have tried what u just post in a save mode, is like something is missing from the system, from the previous messages, there is a place where it said something can not be wrritten, it might be as a result of the missing component, even when i backed up all my file and run hp recovery manager from start up, it said ''error, a critical support file needed 2 run d hp recovery manager is missing from ur system. unable to continue (E:/system.sav/util/diskutil.exe.).
my aim was to restore the system to factory setting then but it did not work.
this info might help; i remember when i first instal my avast antivirus and i scanned my system so all the malware, virus other things that the avast detected were moved to virus chest, i dont know if u this info can help. catbyte thanks so much for responding to me. also i think most of the error always refers to something ''util/diskutil.exe, where can i find it on the system may be it can be run?
or any suggestion.
take care.


----------



## CatByte (Feb 24, 2009)

Hi,

Please do the following:


Go to *Start* and type in *cmd*
*Right-click* on the *cmd icon* above, and click *Run As Administrator*
At the command prompt, type *sfc /scannow*, and then press *ENTER.*
Note This command may take several minutes to finish. You may be prompted to provide Windows installation source files when you run the *sfc /scannow* command.
At the command prompt, type *exit*, and then press *ENTER* to close the command prompt.

Let me know what it found


----------



## wakss3 (Sep 11, 2010)

Hi,
This is the cmd scan post,
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\windows\system32>sfc/scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
C:\windows\system32>
tk cr.


----------



## CatByte (Feb 24, 2009)

Download OTL to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in

*netsvcs
drivers32 
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs*


Click the *Quick Scan *button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt *and *Extras.Txt*. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply


----------



## wakss3 (Sep 11, 2010)

Hi, 
These are d OTL scan log;
OTL;
OTL logfile created on: 10/12/2010 12:03:08 PM - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\WALEX\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 29.32 Gb Free Space | 21.08% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.42 Gb Free Space | 15.74% Space Free | Partition Type: NTFS
Drive F: | 1020.00 Mb Total Space | 1019.75 Mb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: WALEX-PC | User Name: OLAWALE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 07:30:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WALEX\Desktop\OTL.exe
PRC - [2010/10/06 18:45:15 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/06/07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/06/06 16:38:28 | 000,796,600 | ---- | M] () -- C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
PRC - [2010/05/14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/05/11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/09/24 14:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/08/13 05:04:28 | 000,435,496 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/05/08 11:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/23 15:11:26 | 000,110,592 | ---- | M] () -- C:\ProgramData\DatacardService\DCSHOST.exe
PRC - [2009/04/23 15:07:42 | 000,258,048 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DataCardMonitor.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/18 17:09:57 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2008/05/21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/05/14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/05/08 01:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008/05/05 11:34:00 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008/05/05 11:33:54 | 000,271,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
PRC - [2008/05/02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008/05/02 21:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008/04/29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2008/04/18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/04 16:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/03/31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008/03/25 12:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008/01/21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/08/28 21:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
PRC - [2007/05/23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/05/21 12:00:22 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
PRC - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/02/13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/12 07:30:50 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WALEX\Desktop\OTL.exe
MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/05/21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008/01/21 03:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/13 05:04:28 | 000,435,496 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/07/16 10:20:06 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/04/23 15:11:26 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCSHOST.exe -- (DCSHost.exe)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/18 17:09:57 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2008/05/21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/05/05 11:34:00 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2008/05/02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/04/29 00:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2008/04/29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008/04/18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/02/13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\OLAWALE\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/16 15:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 15:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/06/04 02:18:58 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/11/17 15:48:22 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netnnusb.sys -- (UGOIad)
DRV - [2009/09/10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/16 10:20:26 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/03/27 06:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/01 17:40:16 | 000,039,680 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_mdm.sys -- (sit_mdm)
DRV - [2008/07/01 17:40:16 | 000,038,656 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_prt.sys -- (sit_prt)
DRV - [2008/07/01 17:40:16 | 000,022,144 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_bus.sys -- (sit_bus)
DRV - [2008/07/01 17:40:16 | 000,004,352 | ---- | M] (SUNGIL Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_flt.sys -- (sit_flt)
DRV - [2008/05/21 15:07:48 | 002,369,536 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/05/16 21:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 21:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 21:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 21:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 21:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 21:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 21:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/05/14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/07 07:09:20 | 000,125,200 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/04/29 00:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/29 00:23:22 | 000,034,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeRKDK.sys -- (MfeRKDK)
DRV - [2008/04/29 00:22:44 | 000,205,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/04/29 00:22:18 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeBOPK.sys -- (MfeBOPK)
DRV - [2008/04/29 00:22:10 | 000,079,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeAVFK.sys -- (MfeAVFK)
DRV - [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/04/14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/03/21 19:35:24 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/03/10 18:25:10 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2008/01/21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/17 22:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/03 21:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 21:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 21:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 21:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 21:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 21:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 21:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/02 22:17:34 | 000,120,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ytie"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ytie"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://wap.ng.zain.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p="
FF - prefs.js..network.proxy.autoconfig_url: "http://hidedaddy.com/"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "local host"
FF - prefs.js..network.proxy.backup.socks_port: 1080
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "10.199.212.2"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "10.199.212.2"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "10.199.212.2"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.199.212.2"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "10.199.212.2"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/19 08:05:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/28 19:14:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/06 18:22:29 | 000,000,000 | ---D | M]

[2010/05/01 13:21:25 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Mozilla\Extensions
[2010/05/01 13:21:25 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/27 12:55:50 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Mozilla\Firefox\Profiles\2t91urta.default\extensions
[2010/08/20 12:56:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\WALEX\AppData\Roaming\Mozilla\Firefox\Profiles\2t91urta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 00:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\WALEX\AppData\Roaming\Mozilla\Firefox\Profiles\2t91urta.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/02 01:52:11 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\WALEX\AppData\Roaming\Mozilla\Firefox\Profiles\2t91urta.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010/04/28 19:14:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/09/25 07:55:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - Reg Error: Value error. File not found
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [vjhax] C:\Users\OLAWALE\AppData\Roaming\tginsxs.DLL File not found
O4 - Startup: C:\Users\OLAWALE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.295.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/07 15:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/10/07 14:49:44 | 000,000,000 | ---D | C] -- C:\windows\System32\WindowsPowerShell
[2010/10/07 14:46:40 | 000,000,000 | ---D | C] -- C:\ceeb6f727d28c00f65f2e96f3d160c
[2010/10/06 18:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/06 18:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/06 16:49:57 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB470.dll
[2010/10/06 16:49:40 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\windows\System32\drivers\seehcri.sys
[2010/10/06 16:31:55 | 000,000,000 | ---D | C] -- C:\Users\OLAWALE\Desktop\_hiddenPbk
[2010/10/05 17:40:28 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Roaming\GetRightToGo
[2010/09/29 11:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Aatrix Software
[2010/09/29 11:08:03 | 003,833,856 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\windows\System32\cdintf300.dll
[2010/09/29 11:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2010/09/29 11:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pervasive Software
[2010/09/29 11:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pervasive Software
[2010/09/28 17:25:37 | 000,000,000 | ---D | C] -- C:\windows\System32\directx
[2010/09/25 12:12:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/25 12:08:52 | 000,000,000 | -HSD | C] -- C:\found.002
[2010/09/25 08:31:26 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/09/25 08:26:47 | 000,000,000 | ---D | C] -- C:\Combo11478C
[2010/09/25 08:26:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/09/25 08:26:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/24 09:29:26 | 000,000,000 | ---D | C] -- C:\windows\PeachInst
[2010/09/24 09:28:28 | 000,000,000 | ---D | C] -- C:\Sage
[2010/09/22 11:44:36 | 000,000,000 | ---D | C] -- C:\Nokia
[2010/09/18 21:51:39 | 000,000,000 | ---D | C] -- C:\Combo4690C
[2010/09/18 18:31:39 | 000,000,000 | ---D | C] -- C:\Combo
[2010/09/18 18:30:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/18 05:11:42 | 000,000,000 | ---D | C] -- C:\Users\OLAWALE\.limewire
[2010/09/18 04:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Road Rash
[2010/09/18 01:01:16 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Roaming\LimeWire
[2010/09/17 09:59:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010/09/17 09:59:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010/09/17 09:59:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010/09/17 09:59:16 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/09/16 12:09:34 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2010/09/16 12:09:28 | 000,000,000 | -HSD | C] -- C:\Users\OLAWALE\Desktop\%APPDATA%
[2010/09/15 10:52:19 | 000,000,000 | ---D | C] -- C:\Users\OLAWALE\Documents\VirtualDJ
[2010/09/14 13:40:24 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Roaming\IObit
[2010/09/13 01:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/09/13 00:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/09/02 01:51:27 | 000,000,000 | ---D | C] -- C:\Users\OLAWALE\Documents\My Received Files
[2010/09/02 01:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2010/09/02 01:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/09/02 00:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG
[2010/09/01 23:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/08/31 01:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/08/30 00:53:54 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}
[2010/08/30 00:53:30 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Local\PackageAware
[2010/08/29 08:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/08/29 08:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/08/25 01:55:13 | 000,000,000 | ---D | C] -- C:\windows\System32\eu-ES
[2010/08/25 01:55:13 | 000,000,000 | ---D | C] -- C:\windows\System32\ca-ES
[2010/08/25 01:55:12 | 000,000,000 | ---D | C] -- C:\windows\System32\vi-VN
[2010/08/25 01:45:00 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2010/08/25 01:13:08 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2010/08/25 00:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\OxigenInstall
[2010/08/22 20:45:39 | 000,000,000 | R--D | C] -- C:\Users\OLAWALE\Documents\Scanned Documents
[2010/08/22 20:45:38 | 000,000,000 | ---D | C] -- C:\Users\OLAWALE\Documents\Fax
[2010/08/22 00:46:01 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2010/08/22 00:46:01 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2010/08/22 00:46:01 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbdev.sys
[2010/08/22 00:46:01 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2010/08/21 11:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/08/21 11:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/08/21 11:16:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/08/21 11:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/08/19 08:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/08/19 08:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/08/14 15:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/08/09 22:17:58 | 000,000,000 | ---D | C] -- C:\Users\OLAWALE\{b5e40026-e2cd-4fa9-a8ed-0eca48bf1869}
[2010/08/09 22:16:06 | 000,018,816 | ---- | C] (Nokia) -- C:\windows\System32\drivers\pccsmcfd.sys
[2010/08/09 22:14:26 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2010/08/09 22:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/08/08 01:35:56 | 000,000,000 | ---D | C] -- C:\Users\OLAWALE\Phone Browser
[2010/08/07 22:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite(133)
[2010/08/07 15:30:11 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Local\Yahoo
[2010/08/07 10:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\MyPlayCity.com
[2010/08/07 03:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2010/08/02 22:21:39 | 000,000,000 | ---D | C] -- C:\Doc
[2009/07/18 01:46:08 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/03/27 06:47:16 | 000,195,120 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/12 12:08:00 | 000,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{2F85BEFE-BDE6-4CA5-BAC8-D9BA862113ED}.job
[2010/10/12 12:06:00 | 000,000,418 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{3F5B8360-F01D-4008-92ED-F1EDDAEC565F}.job
[2010/10/12 12:00:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/10/12 12:00:16 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/12 12:00:16 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/12 07:22:13 | 000,000,374 | ---- | M] () -- C:\windows\tasks\AWC Startup.job
[2010/10/12 07:21:35 | 2072,264,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/12 00:02:24 | 000,011,717 | ---- | M] () -- C:\windows\System32\Config.MPF
[2010/10/12 00:02:21 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010/10/11 23:31:42 | 000,643,842 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/10/11 23:31:42 | 000,120,598 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/10/07 15:44:39 | 000,000,776 | ---- | M] () -- C:\Users\OLAWALE\Desktop\Virtual DJ.lnk
[2010/10/07 15:03:31 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/10/07 14:52:34 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/07 09:42:15 | 000,001,662 | ---- | M] () -- C:\Users\OLAWALE\Desktop\LimeWire 5.5.16.lnk
[2010/10/06 18:22:30 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:49:59 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/10/06 16:49:57 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpeB470.dll
[2010/09/30 00:26:59 | 000,456,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/09/29 11:10:36 | 000,047,925 | ---- | M] () -- C:\windows\PeachWLog.XML
[2010/09/29 11:08:58 | 000,001,796 | ---- | M] () -- C:\windows\PCW170.ini
[2010/09/29 11:08:28 | 000,001,733 | ---- | M] () -- C:\Users\OLAWALE\Application Data\Microsoft\Internet Explorer\Quick Launch\Peachtree Complete Accounting 2010.lnk
[2010/09/29 11:08:28 | 000,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Peachtree Complete Accounting 2010.lnk
[2010/09/29 11:01:19 | 000,000,649 | ---- | M] () -- C:\windows\ODBCINST.INI
[2010/09/29 10:43:08 | 000,007,358 | ---- | M] () -- C:\windows\support.ICO
[2010/09/29 10:43:08 | 000,007,358 | ---- | M] () -- C:\windows\forms.ICO
[2010/09/29 10:43:08 | 000,005,222 | ---- | M] () -- C:\windows\ADOBE.ICO
[2010/09/29 10:43:08 | 000,000,766 | ---- | M] () -- C:\windows\ACTGPR2.ICO
[2010/09/25 07:55:51 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/09/18 18:45:13 | 000,002,032 | ---- | M] () -- C:\Users\WALEX\AppData\Local\d3d9caps.dat
[2010/09/18 04:19:02 | 000,000,809 | ---- | M] () -- C:\Users\OLAWALE\Desktop\Road Rash.lnk
[2010/09/18 01:10:57 | 000,103,936 | ---- | M] () -- C:\Users\WALEX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/13 01:10:46 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/13 01:10:22 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/09/08 00:35:53 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2010/09/07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2010/09/07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2010/09/04 21:47:52 | 000,000,746 | ---- | M] () -- C:\Users\OLAWALE\Desktop\Total Video Player.lnk
[2010/09/04 21:47:52 | 000,000,746 | ---- | M] () -- C:\Users\OLAWALE\Desktop\Total Video Converter.lnk
[2010/09/02 00:45:56 | 000,001,010 | ---- | M] () -- C:\Users\OLAWALE\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/09/02 00:00:24 | 000,000,746 | ---- | M] () -- C:\Users\OLAWALE\Desktop\Free Download Manager.lnk
[2010/08/31 00:59:00 | 000,000,300 | ---- | M] () -- C:\windows\tasks\BearShareNAG.job
[2010/08/23 16:22:13 | 000,000,898 | ---- | M] () -- C:\Users\OLAWALE\Desktop\Windows Media Player.lnk
[2010/08/22 00:46:10 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\MTN [email protected]
[2010/08/21 11:24:33 | 000,127,880 | ---- | M] () -- C:\windows\hpoins44.dat
[2010/08/20 08:04:10 | 000,000,510 | ---- | M] () -- C:\Users\OLAWALE\.ems.cfg
[2010/08/20 07:42:45 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Your Freedom.lnk
[2010/08/19 08:05:25 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/08/10 13:51:42 | 000,196,608 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2010/08/10 00:07:43 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010/08/09 23:47:21 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/08/09 23:47:19 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/07/31 09:04:21 | 342,136,429 | ---- | M] () -- C:\windows\MEMORY.DMP
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/07 15:44:39 | 000,000,776 | ---- | C] () -- C:\Users\OLAWALE\Desktop\Virtual DJ.lnk
[2010/10/07 15:03:31 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/10/07 14:52:34 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/07 14:47:15 | 000,201,184 | ---- | C] () -- C:\windows\System32\winrm.vbs
[2010/10/07 14:47:15 | 000,004,675 | ---- | C] () -- C:\windows\System32\wsmanconfig_schema.xml
[2010/10/07 14:47:15 | 000,002,426 | ---- | C] () -- C:\windows\System32\WsmTxt.xsl
[2010/10/07 09:42:15 | 000,001,662 | ---- | C] () -- C:\Users\OLAWALE\Desktop\LimeWire 5.5.16.lnk
[2010/10/06 18:22:30 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:49:59 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/09/29 11:08:28 | 000,001,733 | ---- | C] () -- C:\Users\OLAWALE\Application Data\Microsoft\Internet Explorer\Quick Launch\Peachtree Complete Accounting 2010.lnk
[2010/09/29 11:08:28 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\Peachtree Complete Accounting 2010.lnk
[2010/09/25 08:32:27 | 2072,264,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/24 09:30:50 | 000,047,925 | ---- | C] () -- C:\windows\PeachWLog.XML
[2010/09/18 04:19:02 | 000,000,809 | ---- | C] () -- C:\Users\OLAWALE\Desktop\Road Rash.lnk
[2010/09/17 09:59:27 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/09/17 09:59:27 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/09/17 09:59:27 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/09/17 09:59:27 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010/09/17 09:59:27 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/09/13 01:10:46 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/13 01:10:22 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/09/04 21:47:52 | 000,000,746 | ---- | C] () -- C:\Users\OLAWALE\Desktop\Total Video Player.lnk
[2010/09/04 21:47:52 | 000,000,746 | ---- | C] () -- C:\Users\OLAWALE\Desktop\Total Video Converter.lnk
[2010/09/02 00:46:00 | 000,000,374 | ---- | C] () -- C:\windows\tasks\AWC Startup.job
[2010/09/02 00:45:56 | 000,001,010 | ---- | C] () -- C:\Users\OLAWALE\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/09/02 00:00:24 | 000,000,746 | ---- | C] () -- C:\Users\OLAWALE\Desktop\Free Download Manager.lnk
[2010/08/31 00:59:00 | 000,000,300 | ---- | C] () -- C:\windows\tasks\BearShareNAG.job
[2010/08/25 01:27:34 | 000,392,170 | ---- | C] () -- C:\windows\System32\onex.tmf
[2010/08/25 01:27:29 | 000,009,212 | ---- | C] () -- C:\windows\System32\RacUR.xml
[2010/08/25 01:27:28 | 000,000,153 | ---- | C] () -- C:\windows\System32\RacUREx.xml
[2010/08/25 01:27:26 | 000,062,976 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2010/08/25 01:26:52 | 000,344,698 | ---- | C] () -- C:\windows\System32\eaphost.tmf
[2010/08/25 01:26:47 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010/08/25 01:26:44 | 000,442,788 | ---- | C] () -- C:\windows\System32\dot3.tmf
[2010/08/25 01:25:20 | 000,208,966 | ---- | C] () -- C:\windows\System32\WFP.TMF
[2010/08/25 01:24:47 | 000,107,612 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
[2010/08/25 01:24:41 | 000,092,918 | ---- | C] () -- C:\windows\System32\slmgr.vbs
[2010/08/25 01:24:36 | 000,009,239 | ---- | C] () -- C:\windows\System32\spcinstrumentation.man
[2010/08/25 01:24:26 | 000,130,008 | ---- | C] () -- C:\windows\System32\systemsf.ebd
[2010/08/23 16:22:13 | 000,000,898 | ---- | C] () -- C:\Users\OLAWALE\Desktop\Windows Media Player.lnk
[2010/08/22 00:46:10 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\MTN [email protected]
[2010/08/21 11:14:49 | 000,000,357 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/08/21 11:14:48 | 000,127,880 | ---- | C] () -- C:\windows\hpoins44.dat
[2010/08/21 11:14:48 | 000,000,519 | ---- | C] () -- C:\windows\hpomdl44.dat
[2010/08/20 07:44:02 | 000,000,510 | ---- | C] () -- C:\Users\OLAWALE\.ems.cfg
[2010/08/20 07:42:45 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Your Freedom.lnk
[2010/08/19 08:05:25 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010/08/10 00:07:43 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010/08/09 23:47:21 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010/08/09 23:47:19 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/08/09 23:47:04 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/05/01 13:26:15 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/04/01 00:32:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/01 09:35:31 | 000,005,806 | ---- | C] () -- C:\Users\WALEX\AppData\Roaming\NMM-MetaData.db
[2009/11/17 15:48:22 | 000,014,336 | ---- | C] () -- C:\windows\System32\drivers\netnnusb.sys
[2009/10/12 06:36:06 | 000,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/10/12 06:36:06 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/09/07 23:22:10 | 000,000,053 | ---- | C] () -- C:\windows\WININIT.INI
[2009/09/07 23:21:58 | 000,000,000 | ---- | C] () -- C:\windows\setup32.INI
[2009/08/25 01:56:27 | 000,019,456 | ---- | C] () -- C:\Program Files\Spsspatch.exe
[2009/08/25 01:52:25 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth2.dll
[2009/08/25 01:52:25 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth1.dll
[2009/08/25 01:52:25 | 000,000,000 | ---- | C] () -- C:\windows\System32\serauth2.dll
[2009/08/25 01:52:25 | 000,000,000 | ---- | C] () -- C:\windows\System32\serauth1.dll
[2009/08/25 01:52:25 | 000,000,000 | ---- | C] () -- C:\windows\System32\nsprs.dll
[2009/08/25 01:49:01 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll
[2009/08/25 01:49:01 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll
[2009/08/19 05:00:30 | 000,000,000 | ---- | C] () -- C:\windows\Mavis Beacon Teaches Typing.INI
[2009/08/13 02:41:10 | 000,001,796 | ---- | C] () -- C:\windows\PCW170.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/01 02:37:56 | 000,000,018 | ---- | C] () -- C:\windows\gfact.ini
[2009/08/01 02:07:10 | 000,000,649 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/08/01 02:07:00 | 000,057,344 | ---- | C] () -- C:\windows\System32\sagefolderbrowser.dll
[2009/07/31 01:04:38 | 000,000,532 | ---- | C] () -- C:\windows\SUPERLEX.INI
[2009/07/28 05:21:17 | 000,030,197 | ---- | C] () -- C:\Users\WALEX\AppData\Roaming\UserTile.png
[2009/07/18 08:37:38 | 000,000,474 | ---- | C] () -- C:\windows\ODBC.INI
[2009/07/18 06:37:52 | 000,103,936 | ---- | C] () -- C:\Users\WALEX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/18 01:51:37 | 000,000,000 | ---- | C] () -- C:\Users\WALEX\AppData\Local\QSwitch.txt
[2009/07/18 01:51:37 | 000,000,000 | ---- | C] () -- C:\Users\WALEX\AppData\Local\DSwitch.txt
[2009/07/18 01:51:37 | 000,000,000 | ---- | C] () -- C:\Users\WALEX\AppData\Local\AtStart.txt
[2009/03/27 06:48:22 | 001,810,992 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/03/27 06:48:12 | 000,034,096 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2008/06/18 17:03:36 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008/06/18 17:03:36 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008/06/18 17:03:36 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008/06/18 17:03:36 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008/06/18 17:03:36 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008/06/18 17:03:36 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008/06/18 16:42:49 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008/05/21 15:20:22 | 000,147,456 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1489.dll
[2008/05/14 01:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006/05/20 03:39:58 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005/04/03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2004/07/13 23:36:34 | 000,001,633 | ---- | C] () -- C:\windows\PPAAT130.INI_upg2010
[2001/03/26 09:51:29 | 000,000,571 | ---- | C] () -- C:\windows\HBCIKRNL.INI
[2000/04/07 21:02:26 | 000,000,552 | ---- | C] () -- C:\Users\WALEX\AppData\Local\d3d8caps.dat
[2000/04/07 20:56:40 | 000,002,032 | ---- | C] () -- C:\Users\WALEX\AppData\Local\d3d9caps.dat
[1999/03/30 17:53:50 | 000,000,793 | ---- | C] () -- C:\windows\BTI.INI
[1998/05/07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2009/08/19 05:03:00 | 000,000,000 | -H-D | M] -- C:\Users\WALEX\AppData\Roaming\Broderbund
[2009/07/22 22:50:21 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/20 09:52:31 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\EpiValley
[2010/10/12 12:01:15 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Free Download Manager
[2010/10/05 17:41:21 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\GetRightToGo
[2001/03/26 09:56:34 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Hewlett Packard
[2009/07/18 05:52:01 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\InterVideo
[2010/09/14 13:40:24 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\IObit
[2010/10/12 07:24:26 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\LimeWire
[2010/09/25 08:35:24 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Nokia
[2010/06/18 18:22:20 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Opera
[2010/08/11 14:15:49 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\PC Suite
[2010/09/29 11:10:42 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Peachtree
[2010/02/16 22:10:46 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\PeerNetworking
[2010/04/01 18:11:39 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Research In Motion
[2010/02/02 17:30:12 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Software Informer
[2009/08/01 06:39:26 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Sports Interactive
[2009/12/18 18:12:29 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Teleca
[2009/07/31 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\The Lion King
[2001/03/26 09:54:50 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\TMP
[2010/10/12 07:22:13 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/08/31 00:59:00 | 000,000,300 | ---- | M] () -- C:\Windows\Tasks\BearShareNAG.job
[2010/10/12 00:02:24 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/12 12:08:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2F85BEFE-BDE6-4CA5-BAC8-D9BA862113ED}.job
[2010/10/12 12:06:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3F5B8360-F01D-4008-92ED-F1EDDAEC565F}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2001/03/26 09:57:50 | 000,000,086 | ---- | M] () -- C:\bcmwl6.log
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2001/03/26 09:54:44 | 000,000,164 | ---- | M] () -- C:\chicony.log
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/12 07:21:35 | 2072,264,704 | -HS- | M] () -- C:\hiberfil.sys
[2001/03/26 09:50:50 | 000,030,544 | ---- | M] () -- C:\intel_chipset.log
[2001/03/26 09:51:10 | 000,016,986 | ---- | M] () -- C:\intel_msm.log
[2009/07/31 01:01:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/01/05 12:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002/01/05 12:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2009/07/31 01:01:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/12 07:21:32 | 2385,993,728 | -HS- | M] () -- C:\pagefile.sys
[2010/09/29 11:02:07 | 002,591,002 | ---- | M] () -- C:\PSQL_v10_Install.log
[2010/09/29 11:09:35 | 000,895,324 | ---- | M] () -- C:\SageMessageCenter_Install.log
[2009/07/19 18:13:40 | 000,000,158 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:AE492DB0
< End of report >

Extras;
OTL Extras logfile created on: 10/12/2010 12:03:08 PM - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\WALEX\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 29.32 Gb Free Space | 21.08% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.42 Gb Free Space | 15.74% Space Free | Partition Type: NTFS
Drive F: | 1020.00 Mb Total Space | 1019.75 Mb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: WALEX-PC | User Name: OLAWALE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-325031984-3351419643-2024898580-1004]
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050C79A2-636B-4676-86D7-EE90216D47C6}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe | 
"{06C6E70B-8EA1-4B64-838E-03423C1FECDB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{084BFB52-E7D3-4D66-A6E4-5F6C32A2B2EB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{08CCA66D-9FE8-4614-B720-C9C9B696F497}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{131CD43F-63B7-4ABE-91E9-416E3A1BDB53}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1BEE3811-B42F-4048-87E0-4D6E4A256F94}" = rport=445 | protocol=6 | dir=out | app=system | 
"{21804BB7-54C4-47B3-A587-21F18538BCAF}" = lport=80 | protocol=6 | dir=in | [email protected],-50 | 
"{22F1F6F6-6858-4CB0-BED0-648DCEF3F4AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{2A6755B5-8050-49C9-A2B3-CB240DE500DE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{2B2AB6EA-062A-4EFE-A7F5-07D073F52E1E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2DDC16FA-071C-4257-826E-E4D8953B3234}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{3192B423-F5CD-4ED4-BB0D-3EBB64B0FC69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38F3F515-22F4-411A-B899-9885201692DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{490716D5-4627-401B-9B00-0EDC18F30C0C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{49D9205C-F879-4741-A4D2-8F3552F328B3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{4BBDDA1D-6543-494A-869B-3B51DD8D8C96}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{54CB7453-F429-446A-B3DA-4F67940B9B20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{550FA76A-464B-40E9-B909-A5A718CA827C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{5867FB7B-684A-4CFB-9582-835E10C4E857}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{5877B618-13A2-4EA2-BC93-F2BA8234233D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{5A260BE6-62A9-49AF-8DDE-8140D43053A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{5B03FD34-AB53-405C-A59B-C7AF12794AAD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5E45CE2F-2350-4AB7-8483-2133085E24D2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5E5C59C9-4398-4259-AB64-EC7F79F71A95}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{603928F9-A1DA-4E2B-A16D-BD895D4C22DF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{60DFD251-7FBF-4A12-83AC-6EFE09AE0E3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6139404C-E059-4C7F-AAD3-5710777E0664}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{62E9D71D-BFCC-4848-9D2C-C1BDD0B724AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{6773EA89-9875-4F27-8EDF-8188B8CAEBE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{677FAB4E-0EA0-4F08-BFEF-3C31693DB234}" = lport=1688 | protocol=6 | dir=in | svc=slsvc | app=c:\windows\system32\slsvc.exe | 
"{6E7F73BE-B48C-4327-8806-28FF495FAECE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{6F8B512B-A092-437A-9C94-AEDE593A035D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{7201A81E-9BA9-4AAD-B6FD-571F951D840D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{768783DC-7F5B-43A7-8F06-6169CDD85F59}" = rport=139 | protocol=6 | dir=out | app=system | 
"{784FDA61-12FA-4E19-97E7-FDE84C180279}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe | 
"{7991C51F-BBEF-463D-9176-161B8B1792FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C2124FB-450B-4B0D-AEA0-2B8390CC2693}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7F975B7A-4CBB-480E-A5E1-BDEE2082A276}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{80DCF406-D194-46FC-B429-605ACD4D8E6A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{80EF7FFD-96C6-4686-A7F8-E67DDDC0F532}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{8380AE11-E06A-4BF8-B9E0-5585E74A3DBB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8FDFA2CD-14CD-46C3-A4E1-68603B52BE46}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{9041EB0C-B3A0-4D80-8941-9B3BA8EEAE9D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{95BFA258-B2C9-43A0-9381-98121D4C57FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9ADC5027-66C5-4340-BA83-A2C4C9BF61DA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe | 
"{9B4F9547-3724-47D2-B67D-87A8247B3CC9}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe | 
"{9D4D7899-BA69-4727-B865-1F2683590A1A}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{9FD1633D-310A-415E-A7F5-984385C86471}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3FC357F-731C-4BFF-A23D-C7E7C6B4D562}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{A67DA000-9F68-4243-8C6F-1C6F269E72DB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A9498A28-A910-46D0-9741-CF97CE4EA245}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B26C8BBD-7D27-48B5-A574-9AB2CEEAD29F}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe | 
"{B3C948B8-B17F-4B31-9203-3EE508C69CEF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B4A68169-1399-4E98-9287-364B718E84E0}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe | 
"{B685903E-8DCD-497A-A2FA-BD5490C21E43}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | 
"{BCF58D08-F950-4AC2-8F90-D7034DBBD836}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BEEB02C4-A19E-4214-AF82-28E02740641D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C29B1163-1290-4F85-B171-6B2443A94D4D}" = lport=3351 | protocol=6 | dir=in | name=pervasive dbengine | 
"{CB080B08-B499-46D4-A95D-337245E4B237}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB4C68AD-2C36-42EC-BD3E-152C572C9B7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D1252054-A1FC-4297-8C51-F0AA42BDD20F}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{D3756F43-6A46-4B6D-AE69-9912C8B1ED6C}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{D48E0E8E-C488-4FA8-980B-0C416495D30B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{D9AF300A-7DFB-4352-BB07-E14097796C9F}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{DBB2332F-FBB7-4F31-BE1C-A164BF415AF0}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{DC168030-20F7-4102-83E1-E994F2E2A999}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ED453309-9CF3-401D-A1C1-CD64E4A649D7}" = lport=443 | protocol=6 | dir=in | app=system | 
"{F218BABC-094A-4ADF-8E92-B68E310EAE73}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{F59BCCCA-0420-4385-99C0-426F5C7702C1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F6A69CEA-518C-46BF-B533-93A742D399DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F716A680-876F-43F1-A049-7638C4E853DB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FB36FFCF-E735-450F-B387-2772F24FB853}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{FF09C85C-0339-42E3-B3C2-1295EB254282}" = lport=1583 | protocol=6 | dir=in | name=pervasive dbengine |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CCC924-B673-41A8-9540-7015AFD786EC}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{064718D5-D692-4DF9-AC9B-711917184F8B}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe | 
"{08C22337-9D85-41E4-8AFE-3B21595D0445}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0D3EE4EB-9B38-4258-B5D7-7F8DA5F104DF}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | 
"{0D77A3B6-D9BD-40F2-8DE2-25C124AE222B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{0E10575D-F889-4C0D-A50A-7C2C5F2E4A92}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{14A1D6CE-A9B7-45C1-9E50-D859EBF12D0F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{198F8872-9EC8-4139-95AB-CE7FDAA8BD65}" = protocol=58 | dir=out | [email protected],-28546 | 
"{1F8C6291-3E60-40C4-B255-1971076E1838}" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe | 
"{23528F20-D39B-4D79-8B42-74D69BF7C6FD}" = protocol=1 | dir=in | [email protected],-28543 | 
"{23852272-8881-4B3E-B55A-C8B971C7E630}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{296B096F-C768-4DB9-B020-52DD6FCB5447}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe | 
"{29F0A511-C5E3-488A-A570-94C770A4D7DF}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe | 
"{2E3A0B72-8B82-46CB-8B13-07FA8BAB8E6E}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{3472AC3B-7F12-43F1-A899-9F14FEDEC3AF}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe | 
"{38E3233F-D871-488F-AA64-C34E1C5216B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3A692B18-D674-4292-A65F-09F0DA6B40CF}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{3BD1EC65-9B55-4192-BE75-B75D5A46311A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{45DC2D6C-CA76-47BF-ACFB-037795CC9AC4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{486D8F72-5B44-4C31-A74C-968523801BEF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{4916A0BF-F409-414B-AAD2-C03E4E4218DB}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{4AB639F8-6587-4A35-9828-9B9825D6DB89}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{5329DB41-D506-44AD-A275-2DBD91E5F259}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | 
"{5517007D-E064-4D7B-949B-19EAE2E575CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57D9E01C-0B3C-4CED-9467-925E2CE85F71}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5948CD0F-F157-42FE-B823-D8A510898CC6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{5AAC2D8E-2C52-426B-8CCC-5FACCB958960}" = protocol=6 | dir=in | app=c:\program files\opera 10.60 beta\opera.exe | 
"{5CE37EB1-F97F-4E37-9D36-5AF27056DF7B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5D148B02-32AA-457C-A37F-89439E72F7AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5DA4F340-3098-44E0-9D86-1D11DB813AEA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{5DA682C6-191F-4CFD-A6B5-CE87C03D724E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{5E7BD319-E893-4855-AF0F-5C0892AD608D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{61E38CDA-92BD-42B0-A6D3-0CB638802D6C}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashavast.exe | 
"{6404E3A7-A094-4381-BD5B-0183BEFEA388}" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{69300F92-98D7-45AE-874A-D1D58FB1C433}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{69F5E8CE-88F5-42F7-9A76-72540BC151FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{6B622D69-FDC2-4E41-AA17-CF000C703518}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{6BF6BE29-281B-4639-88A3-D89C50C43F30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E0EA42D-C2B0-4BA3-B0F1-394CDD4EC019}" = protocol=6 | dir=out | app=system | 
"{6FB96FCE-62BB-4F14-A836-F2D22C3E78A2}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe | 
"{76C55BA9-BA1A-43E9-A81E-48DD4E39D6EC}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{785D5AD1-9AA7-4070-9853-0D057A52B78D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{8043E0F8-C20F-4F94-A12D-6B574042E6B2}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashavast.exe | 
"{80DC77F8-874C-44C0-BA53-72EB6F6EFC0C}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{81A91087-4C4A-4502-8B9F-2EAC3C097D8C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{8D9A8BEA-8C6C-4BA4-A99E-928CA8813937}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{8E97F159-BBED-4469-A314-C735C6F1BAA0}" = protocol=6 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe | 
"{8F41942E-F90D-43B0-BEBB-2951004D58AC}" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{8FB0680C-EDFE-4045-B0F0-9CA9D0FBB37A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{9E59E1FF-500A-43B8-9FBE-B0677EF94F9F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{A0AD32DC-E454-4EEF-876F-C4F85EBD3A35}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A17FC13C-2AC0-44EC-A7A1-107FA2D0D257}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{A59165CE-B899-4AD1-82A9-3083F559DC17}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe | 
"{AC77822D-4F8A-44A0-83AD-77E16630E1FE}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{B536B194-4CB6-4EA5-86C8-3EC78808FFB5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B9F88743-459A-46D5-BB22-5E0782482DC5}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 
"{BA30ED12-C657-4931-8B05-1B9DF971D4DE}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | 
"{BB93DCEF-2D66-4796-AE62-71321F9BA0A1}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | 
"{CBCDA552-30BA-442D-A569-799555B4347E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{CD5739B9-A4FA-422E-B6BE-A52E5ED38880}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{CE9150BA-57E8-4878-9012-B04E996A5854}" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe | 
"{D5DF90EA-C15C-4196-88C4-387B3648749B}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe | 
"{E1DC8C57-E53B-4F57-8B67-15A1B320AA48}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E2D5F4EC-6FD4-430C-8883-68B65971D082}" = protocol=1 | dir=out | [email protected],-28544 | 
"{E429060C-DBBF-4362-9306-715FF2C0DC4F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{E4E33B56-A4A1-48B1-A4E1-950F837404A7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{E69784DB-CF47-4BA7-9294-0838C33C38ED}" = protocol=17 | dir=in | app=c:\program files\opera 10.60 beta\opera.exe | 
"{E6B815EE-7DE4-4F67-923F-ED3133892419}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{E82AB767-CFD5-496B-ACAE-E602141F4609}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{E93D90E3-3D59-4973-B65B-5B9AB6392D5A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{F170C12B-B6F5-4032-A376-D7AC3207E731}" = protocol=6 | dir=out | app=system | 
"{F5E27C8B-978F-4A4F-9657-D8B390D1BF94}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F825DA66-7984-4510-A8DC-93E7B95E71DF}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{F89DF84C-A70C-49B3-AE67-36E5E794CF62}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{FA99FFB0-99D7-4F00-94C1-AB2F30D75F6A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{FAB330F5-78F6-431C-82DA-4A92836726E1}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{FAFA7B55-2665-4B3C-B1D0-AFA14A32C44A}" = protocol=17 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe | 
"TCP Query User{121FEE11-9FED-4BD1-B1AC-879DEFE24E26}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"TCP Query User{45F446FA-25CC-4470-BF0C-F60D0F1FFD87}C:\users\walex\desktop\ultrasurf_9.6.exe" = protocol=6 | dir=in | app=c:\users\walex\desktop\ultrasurf_9.6.exe | 
"TCP Query User{47D08218-9882-4FA4-A5F5-A62236ED3166}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{5335A453-E9F1-4E54-BCE2-CC8069C38D8C}C:\program files\opera 10.60 beta\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera 10.60 beta\opera.exe | 
"TCP Query User{5752C518-C084-4CB3-85ED-2029974A6920}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{6B188489-0462-41AC-BBFB-717734820CC1}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{7E15EB18-4B44-4E57-B13C-7587750A3C68}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"TCP Query User{80EC717B-16BF-46D6-A917-8171C95FA2E3}C:\program files\your freedom\freedom.exe" = protocol=6 | dir=in | app=c:\program files\your freedom\freedom.exe | 
"TCP Query User{9D89C143-A7DF-47B1-A48A-203B01E00B0F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{BD09F255-5FAE-46DD-8B3A-1408CEFF2800}C:\users\walex\desktop\u98.exe" = protocol=6 | dir=in | app=c:\users\walex\desktop\u98.exe | 
"TCP Query User{CE495C38-0991-4248-B78D-3298D1B68CAD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E80567D2-BE2A-43C1-9AD7-2C9A56D02D83}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{05A7A0C6-87FC-4F1A-B0A5-810BAF338892}C:\program files\opera 10.60 beta\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera 10.60 beta\opera.exe | 
"UDP Query User{50D7592B-4D65-4556-A904-7AFFA1E3899F}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{5CFD824C-35AF-4F98-BA25-4B96C4CE8626}C:\users\walex\desktop\u98.exe" = protocol=17 | dir=in | app=c:\users\walex\desktop\u98.exe | 
"UDP Query User{7779033C-4860-473E-B90F-736D9D3A9A19}C:\program files\your freedom\freedom.exe" = protocol=17 | dir=in | app=c:\program files\your freedom\freedom.exe | 
"UDP Query User{923219D1-7479-4DCA-A468-CAD45D5BBD1A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{931B0E30-C21B-4012-B650-1CB9A5FE72E5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{A0F14F7A-1265-47D8-92D8-FB1B7DFD4DEA}C:\users\walex\desktop\ultrasurf_9.6.exe" = protocol=17 | dir=in | app=c:\users\walex\desktop\ultrasurf_9.6.exe | 
"UDP Query User{B070A673-4A6E-4615-AB76-C59E8AE43916}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{DA46EC11-865A-4587-8637-D9B15DC5078A}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"UDP Query User{DB2518BD-124D-42B6-9FB8-5F4C1A94254C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DE3899FA-4BBF-4A86-B50D-DDBB198760E6}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"UDP Query User{F33209C6-7C69-4979-B603-E2065050E32E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{03758EC2-DF40-4B5A-B404-CE220DA07718}" = Starcomms Neo
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{08041881-FCA5-44A7-B863-D66037A16AAF}" = Microsoft Student with Encarta Premium 2008
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Workgroup (32-bit)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E031F66-92C0-470A-B34B-9C48217A00A9}" = Opera 10.70
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CD774DA-B798-4D1E-B327-2AA6EA407929}" = Peachtree Accounting 2010
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Learning Essentials for Microsoft Office
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983980FC-66FB-4ECC-A5D8-4565BE217733}" = SCR3xxx Smart Card Reader
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D6D532B2-22E1-43AA-B4B7-34D772314859}" = Oxigen Client v5.00.0000
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar
"avast5" = avast! Free Antivirus
"Brothersoft Toolbar" = Brothersoft Toolbar
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"D5BADD64290F0F1F618874DFD37D079D04408CE0" = Windows Driver Package - UGO Networks (UGOIad) Net (03/13/2009 02.00.01.00)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flash Player_is1" = Flash Player 2.0
"FLV Player" = FLV Player 2.0 (build 25)
"Free Download Manager_is1" = Free Download Manager 3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{6CD774DA-B798-4D1E-B327-2AA6EA407929}" = Peachtree Complete Accounting 2010
"Integration Services" = Sage Integration Services
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Basic)
"LimeWire" = LimeWire 5.5.16
"mario_is1" = mario Powered by AdVantage
"Mavis Beacon Teaches Typing Deluxe 16" = Mavis Beacon Teaches Typing Deluxe 16
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfee SiteAdvisor" = McAfee Browser Protection Service
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MTN [email protected]" = MTN [email protected]
"MVS" = McAfee Virus and Spyware Protection Service
"Nokia PC Suite" = Nokia PC Suite
"OpenVPN" = OpenVPN 2.1_rc19
"PDF Complete" = PDF Complete
"Pervasive PSQL v10.10 Workgroup (32-bit)" = Pervasive PSQL v10.10 Workgroup (32-bit)
"Road Rash_is1" = Road Rash
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.7.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winning Eleven 8 INTERNATIONAL_is1" = Winning Eleven 8 INTERNATIONAL
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Your_Deploy_0" = Your Freedom (JET)
"Youtube Video Downloader_is1" = Youtube Video Downloader 3.22

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2010 4:03:37 PM | Computer Name = WALEX-PC | Source = VSS | ID = 39
Description =

Error - 8/9/2010 4:03:37 PM | Computer Name = WALEX-PC | Source = VSS | ID = 8193
Description =

Error - 8/9/2010 4:03:37 PM | Computer Name = WALEX-PC | Source = System Restore | ID = 8193
Description =

Error - 8/9/2010 4:03:39 PM | Computer Name = WALEX-PC | Source = VSS | ID = 39
Description =

Error - 8/9/2010 4:03:39 PM | Computer Name = WALEX-PC | Source = VSS | ID = 8193
Description =

Error - 8/9/2010 4:03:39 PM | Computer Name = WALEX-PC | Source = System Restore | ID = 8193
Description =

Error - 8/9/2010 5:23:29 PM | Computer Name = WALEX-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/9/2010 5:30:50 PM | Computer Name = WALEX-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 8/9/2010 5:30:50 PM | Computer Name = WALEX-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 8/9/2010 5:55:55 PM | Computer Name = WALEX-PC | Source = WinMgmt | ID = 10
Description =

[ Credential Manager Events ]
Error - 9/19/2010 5:40:37 PM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 9/19/2010 5:40:37 PM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 9/21/2010 10:50:40 AM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 9/21/2010 10:50:40 AM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/8/2010 2:57:16 AM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/8/2010 2:57:16 AM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 10/11/2010 6:27:23 PM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/11/2010 6:27:23 PM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 10/11/2010 6:27:40 PM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/11/2010 6:27:40 PM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

[ OSession Events ]
Error - 5/16/2010 4:54:43 PM | Computer Name = WALEX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/20/2010 11:17:17 AM | Computer Name = WALEX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2010 11:05:47 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/11/2010 11:07:20 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 10/12/2010 2:21:17 AM | Computer Name = WALEX-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 10/12/2010 2:21:32 AM | Computer Name = WALEX-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 10/12/2010 2:22:22 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2010 2:22:22 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2010 2:24:24 AM | Computer Name = WALEX-PC | Source = DCOM | ID = 10005
Description =

Error - 10/12/2010 2:24:24 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10/12/2010 2:24:24 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2010 2:25:10 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7024
Description =

< End of report >


----------



## CatByte (Feb 24, 2009)

Hi

Please do the following:

Run *OTL.exe*

Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL


```
:OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin File not found
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - Reg Error: Value error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKCU..\Run: [vjhax] C:\Users\OLAWALE\AppData\Roaming\tginsxs.DLL File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2010/09/25 08:26:47 | 000,000,000 | ---D | C] -- C:\Combo11478C
[2010/09/18 21:51:39 | 000,000,000 | ---D | C] -- C:\Combo4690C
[2010/09/18 18:31:39 | 000,000,000 | ---D | C] -- C:\Combo
[2010/09/16 12:09:34 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2010/09/16 12:09:28 | 000,000,000 | -HSD | C] -- C:\Users\OLAWALE\Desktop\%APPDATA%
[2010/08/30 00:53:54 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}

:Commands
[resethosts]
[emptyflash]
[purity]
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL log

Now delete the copy of ComboFix that you have on your desktop

Show hidden files and folders:


Close all programs so that you are at your desktop. 
Open the *Control Panel* switch to classic view, then click *Folder Options.* 
After the new window appears select the *View* tab. 
Put a checkmark in the checkbox labeled *Display the contents of system folders. *
Under the *Hidden files and folders* section select the radio button labeled *Show hidden files and folders.* 
Remove the checkmark from the checkbox labeled *Hide file extensions for known file types.* 
Remove the checkmark from the checkbox labeled *Hide protected operating system files.* 
Press the *Apply* button and then the *OK* button and *exit* My Computer. 
Now your computer is configured to show all hidden files. 

Download a fresh copy of ComboFix from the link below - rename it to *explorer.com* before saving it to your desktop

*Link 1* 

reboot into safe mode

Tap F8 repeatedly upon startup until an option menu appears > arrow up to safe mode

run combofix > allow it to complete until a log appears

post the log


----------



## wakss3 (Sep 11, 2010)

Hi,
i run OTL, and b4 it finished , it showed a message 'destination access denied, try again or skip with a word document that is denied and also gave the option to reboot which i did, after that i tried to run OTL again & the scan log showed instead; below is the log; d txt is titled; 10122010_201007;

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vjhax deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
C:\Combo11478C\N_ folder moved successfully.
C:\Combo11478C\en-US folder moved successfully.
C:\Combo11478C folder moved successfully.
C:\Combo4690C\N_ folder moved successfully.
C:\Combo4690C\en-US folder moved successfully.
C:\Combo4690C folder moved successfully.
C:\Combo\N_ folder moved successfully.
C:\Combo\en-US folder moved successfully.
C:\Combo folder moved successfully.
C:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\windows\System32\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\windows\System32\%APPDATA%\Microsoft folder moved successfully.
C:\windows\System32\%APPDATA% folder moved successfully.
C:\Users\OLAWALE\Desktop\%APPDATA%\Microsoft\Windows\PrivacIE folder moved successfully.
C:\Users\OLAWALE\Desktop\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Users\OLAWALE\Desktop\%APPDATA%\Microsoft\Windows\IECompatCache folder moved successfully.
C:\Users\OLAWALE\Desktop\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Users\OLAWALE\Desktop\%APPDATA%\Microsoft folder moved successfully.
C:\Users\OLAWALE\Desktop\%APPDATA% folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\OFFLINE\mMSI.dll folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\OFFLINE\mIDEFunc.dll folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\OFFLINE\mDown.dll folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\OFFLINE folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339\B65C837 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\FA0AD339 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\F6B6F1A3\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\F6B6F1A3 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\F6485937\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\F6485937 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\F59C27E6\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\F59C27E6 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\EB499896\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\EB499896 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E71FD6F8\4384961B folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E71FD6F8 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E5EEF46D\6F1649F0 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E5EEF46D folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E1205031\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E1205031 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E1125B43\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\E1125B43 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\D8E2DD7D\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\D8E2DD7D folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\D758B4AF\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\D758B4AF folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CF0301D9\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CF0301D9 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\FBFA5EB5 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\F47182D1 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\E94EBD31 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\C0092918 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\84C820CF folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\791778DB folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\55918EDF folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\5457B739 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\21DAE81F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73\10F113B4 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\CAE85C73 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\C659D865\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\C659D865 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\B8F69EAD\10021D18 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\B8F69EAD folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\A9A94B67\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\A9A94B67 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\A7457357\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\A7457357 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\A65A7124\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\A65A7124 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\98E0F891\7A3A7AD4 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\98E0F891 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\9600AA40\C8A3952D folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\9600AA40 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\91647351\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\91647351 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\8A70A97C\75047EDB folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\8A70A97C folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\8459F157\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\8459F157 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\83634109\1955D56B folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\83634109 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\81AF4674\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\81AF4674 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\80162CE9\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\80162CE9 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\771D3D0D\10021D18 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\771D3D0D folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\6DAB6250\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\6DAB6250 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\6C6D3108\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\6C6D3108 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\69096120\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\69096120 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\616FE8CB\10021D18 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\616FE8CB folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\6048B1B4\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\6048B1B4 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5C8005B3\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5C8005B3 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5C3E5631\E4C0BCA0 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5C3E5631 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5C2FE811\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5C2FE811 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5459C276\10021D18 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\5459C276 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\4F72EEAA\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\4F72EEAA folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\4DB83F74\10021D18 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\4DB83F74 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\45417D96\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\45417D96 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\44D65ED6\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\44D65ED6 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\43BAECE8\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\43BAECE8 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\37DEA78\FF25D106 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\37DEA78 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\3299D68B\10021D18 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\3299D68B folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\2844D7E8\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\2844D7E8 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\26F283B2\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\26F283B2 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\253DD188\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\253DD188 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\22275590\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\22275590 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\1CD4F33E\5465F75F folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\1CD4F33E folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\1A3E8190\5B894F00 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\1A3E8190 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\19B687CD\10021D18 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\19B687CD folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\17B52F58\7A3A7AD4 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\17B52F58 folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\14ABA30B\4384961B folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES\14ABA30B folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306}\BRAND_FILES folder moved successfully.
C:\Users\WALEX\AppData\Local\{A7135C8B-F43E-46A1-88B2-668FD0EBD306} folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: OLAWALE

User: Public

User: WALEX

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 67 bytes

User: Default User

User: OLAWALE
->Temporary Internet Files folder emptied: 26398809 bytes

User: Public

User: WALEX
->Temporary Internet Files folder emptied: 305989020 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3542 bytes
%systemroot%\System32 .tmp files removed: 13824 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 574332 bytes
RecycleBin emptied: 10796328 bytes

Total Files Cleaned = 328.00 mb

OTL by OldTimer - Version 3.2.15.1 log created on 10122010_201007
Files\Folders moved on Reboot...
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\adsCA8PM1R7.txt moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\animation-min[1].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\blank[3].html moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\blank[4].html moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\connection-min[1].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\container-min[2].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\ncode_imageresizer[1].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\rtw[1].htm moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\TmnAdsense-min[1].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\tpp4[1].htm moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N22SZFDT\vbulletin_menu.MJC[1].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78WK8BN2\adsCAZ0R1I6.txt moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78WK8BN2\rounded[1].css moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78WK8BN2\rtwie[1].htm moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78WK8BN2\sh24[1].html moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78WK8BN2\yahoo-dom-event[1].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\949406-c-program-dll-module-could-3[1].html moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\949406-c-program-dll-module-could-3[2].html moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\fc[1].txt moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\launch[1].txt moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\quicksearch[1].css moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\searchlight_quicksearch[1].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\style[1].css moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\vbulletin_global[1].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\vbulletin_important[2].css moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3RW4U8YU\vbulletin_post_loader[2].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00HTLSEY\directory[1].txt moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00HTLSEY\openmail.app[1].invoke moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00HTLSEY\openmail.app[2].invoke moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00HTLSEY\st[2] moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00HTLSEY\techguy.full[2].js moved successfully.
C:\Users\WALEX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
tk care.
do i disable antivirus b4 running combo renamed(explorer.com)?


----------



## CatByte (Feb 24, 2009)

Yes,

Please disable the security programs before running ComboFix

Please be patient and allow it to run until a log is created.


----------



## wakss3 (Sep 11, 2010)

ok i will do dat & give u the feedback soon. thanks.


----------



## wakss3 (Sep 11, 2010)

Hi,
After d combo scan, i got the combo log this time but there are some file left on my desktop which are also attached here too , can i delete d files?. there is also notification pop up that ''d file or directory C:/Qoobox/Back Env is corrupt $ unreadable pls run d chkdsk utility'' but i did nothing to it. here is d combo log;

ComboFix 10-10-12.03 - OLAWALE 10/13/2010 12:11:09.1.2 - x86 MINIMAL
Microsoft® Windows Vista Business 6.0.6002.2.1252.1.1033.18.1975.1467 [GMT 1:00]
Running from: c:\users\WALEX\Desktop\ComboFix.exe
AV: Total Protection *On-access scanning disabled* (Outdated) {8C354827-2F54-4E28-90DC-AD391E77808C}
FW: Total Protection *disabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}
SP: Avira AntiVir PersonalEdition *disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Total Protection *disabled* (Outdated) {DEBE977C-6A5A-49CC-937A-9E8BB3202260}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\hpeB470.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.
2010-10-13 11:17 . 2010-10-13 11:54 -------- d-----w- c:\users\WALEX\AppData\Local\temp
2010-10-13 11:17 . 2010-10-13 11:17 -------- d-----w- c:\users\OLAWALE\AppData\Local\temp
2010-10-13 11:17 . 2010-10-13 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-13 11:00 . 2010-10-13 11:00 -------- d-----w- C:\%APPDATA%
2010-10-13 11:00 . 2010-10-13 11:01 -------- d-----w- C:\32788R22FWJFW
2010-10-12 19:10 . 2010-10-12 19:10 -------- d-----w- C:\_OTL
2010-10-12 11:41 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04EDD232-9129-4023-A81C-DBA8DF496C7E}\mpengine.dll
2010-10-07 14:44 . 2010-10-07 14:44 -------- d-----w- c:\program files\VirtualDJ
2010-10-07 13:48 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-10-06 17:22 . 2010-10-06 17:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-06 15:49 . 2008-01-09 11:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-10-06 11:55 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-06 11:55 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-05 16:40 . 2010-10-05 16:41 -------- d-----w- c:\users\WALEX\AppData\Roaming\GetRightToGo
2010-09-29 10:08 . 2010-09-29 10:08 -------- d-----w- c:\programdata\Aatrix Software
2010-09-29 10:08 . 2009-08-13 01:41 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2010-09-29 10:03 . 2010-09-29 10:04 -------- d-----w- c:\program files\Business Objects
2010-09-29 10:00 . 2010-09-29 10:00 -------- d-----w- c:\program files\Pervasive Software
2010-09-29 10:00 . 2010-09-29 10:00 -------- d-----w- c:\programdata\Pervasive Software
2010-09-28 16:08 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-09-28 16:08 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-09-28 16:08 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-09-28 16:08 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-09-28 16:08 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-09-28 16:08 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-09-25 11:08 . 2010-09-25 11:08 -------- d-----w- C:\found.002
2010-09-24 08:30 . 2000-12-31 23:00 655872 ----a-w- c:\windows\system32\msvcr90.dll
2010-09-24 08:30 . 2000-12-31 23:00 568832 ----a-w- c:\windows\system32\msvcp90.dll
2010-09-24 08:30 . 2000-12-31 23:00 1156600 ----a-w- c:\windows\system32\MFC90.dll
2010-09-24 08:29 . 2010-09-24 08:29 -------- d-----w- c:\windows\PeachInst
2010-09-24 08:28 . 2010-09-24 08:28 -------- d-----w- C:\Sage
2010-09-22 17:10 . 2010-09-22 17:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 10:44 . 2010-09-22 10:44 -------- d-----w- C:\Nokia
2010-09-18 04:11 . 2010-10-07 14:29 -------- d-----w- c:\users\OLAWALE\.limewire
2010-09-18 03:19 . 2010-09-18 03:19 -------- d-----w- c:\program files\Road Rash
2010-09-18 00:01 . 2010-10-13 11:54 -------- d-----w- c:\users\WALEX\AppData\Roaming\LimeWire
2010-09-16 21:33 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-16 21:31 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-16 21:30 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 21:30 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 21:30 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 12:40 . 2010-09-14 12:40 -------- d-----w- c:\users\WALEX\AppData\Roaming\IObit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-10-07 2735200]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-06-06 15:38 392112 ----a-w- c:\program files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 16:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-10-07 13:36 2735200 ----a-w- c:\program files\Brothersoft\tbBro1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-10-07 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-10-07 2735200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"SiteAdvisor"="c:\program files\SiteAdvisor\6173\SiteAdv.exe" [2007-08-28 36640]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"DataMngr"="c:\progra~1\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe" [2010-06-06 796600]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"PeachtreePrefetcher.exe"="c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2009-08-13 28456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\WALEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-9-30 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\OLAWALE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-325031984-3351419643-2024898580-1004]
"EnableNotificationsRef"=dword:00000003
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 UGOIad;UGO Networks Modem;c:\windows\system32\DRIVERS\netnnusb.sys [2009-11-17 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DCSHost.exe;DCSHost.exe;c:\programdata\DatacardService\DCSHost.exe [2009-04-23 110592]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2008-05-05 202048]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2009-08-13 435496]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-10-13 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-09-01 14:10]
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 11:56]
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 11:56]
2010-10-13 c:\windows\Tasks\User_Feed_Synchronization-{2F85BEFE-BDE6-4CA5-BAC8-D9BA862113ED}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
2010-10-13 c:\windows\Tasks\User_Feed_Synchronization-{3F5B8360-F01D-4008-92ED-F1EDDAEC565F}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {03E77AB5-B34E-4C13-8BC3-4AB0BF388C9C} = 196.3.60.5 196.3.60.7
FF - ProfilePath - c:\users\WALEX\AppData\Roaming\Mozilla\Firefox\Profiles\2t91urta.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://wap.ng.zain.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p=
FF - prefs.js: network.proxy.ftp - 10.199.212.2
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 10.199.212.2
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 10.199.212.2
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.199.212.2
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.199.212.2
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-McAfee Managed Firewall - c:\program files\McAfee\Managed VirusScan\Agent\myinx
AddRemove-MVS - c:\program files\McAfee\Managed VirusScan\Agent\myinx

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000081
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0026\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(716)
c:\program files\HEWLETT-PACKARD\IAM\BIN\ASWLNPkg.dll
c:\program files\HEWLETT-PACKARD\IAM\BIN\ItMsg.dll
- - - - - - - > 'Explorer.exe'(2936)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\progra~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\SiteAdvisor\6173\SAService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-10-13 13:04:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-13 12:04
Pre-Run: 32,018,386,944 bytes free
Post-Run: 31,141,810,176 bytes free
- - End Of File - - 93A60C422C62F1661C418D5E928AE977


----------



## wakss3 (Sep 11, 2010)

Hi, in case attached file did not show in last combo log i posted here is it. these are d 2 files showed on my desktop afta combo scan , do i delete them?
1;
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Windows Media [email protected]%SystemRoot%\system32\unregmp2.exe,-4
Windows Media Player (2)[email protected]%SystemRoot%\system32\unregmp2.exe,-4
Launch Internet Explorer [email protected]%windir%\System32\ie4uinit.exe,-733
[email protected]%SystemRoot%\system32\shell32.dll,-22051
[email protected]%SystemRoot%\system32\shell32.dll,-22019

2; 
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Microsoft Office - 60 Day [email protected]:\PROGRA~1\MICROS~4\mui\oaa.dll,-103

take care.
thanks as i wait 4 ur response to solve d problem.


----------



## CatByte (Feb 24, 2009)

Hi

No don't delete them, we will attend to them when we are finished cleaning your machine

Please do the following:

Please download TDSSKiller.zip
Extract it to your desktop
Double click *TDSSKiller.exe*
Press *Start Scan*
Only if *Malicious* objects are found then ensure *Cure* is selected
Then click *Continue* > *Reboot now*

Copy and paste the log in your next reply
_A copy of the log will be saved automatically to the root of the drive (typically C:\)_


*NEXT*

Please download *Malwarebytes' Anti-Malware * 

Double Click *mbam-setup.exe* to install the application.
Make sure a *checkmark* is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish.*
If an update is found, it will download and install the latest version.
Once the program has loaded, select* "Perform Quick Scan"*, then click* Scan.*
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that everything is checked, and click *Remove Selected*. <-- very important
When disinfection is completed, a *log* will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. 


*NEXT*

Using Internet Explorer or Firefox, visit *Kaspersky On-line Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions. 
*2.* To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan
*3.* Click *Run* at the Security prompt. 
The program will then begin downloading and installing and will also update the database. 
Please be patient as this can take several minutes. 

Once the update is complete, click on *My Computer* under the green *Scan* bar to the left to start the scan. 
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. 
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined. 
Click *View scan report* at the bottom.










 Click the *Save as Text* button to save the file to your desktop so that you may post it in your next reply


----------



## wakss3 (Sep 11, 2010)

Hi,
The TDSSKiller.exe did not open, i extracted it on desktop, whe i double click, it only wink its window and disappear. it didnt run talkless of seeing start scan. i dont know what happened.
tk cr.


----------



## CatByte (Feb 24, 2009)

Please try running it in safe mode...

to boot into safe mode > reboot and tap F8 repeatedly upon start up until an option menu appears

arrow up to safe mode, see if it will run,

if it still wont run in safe mode > right click the file and rename it to explorer.exe

if it still wont run - carry on with the malwarebytes and kaspersky scans


----------



## wakss3 (Sep 11, 2010)

Hi, 
The TDSSkiller.exe did not open, even when i run in a safe mode and renamed.
MBAM ran succssfully, here is the scan;
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4839
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
10/15/2010 7:07:32 PM
mbam-log-2010-10-15 (19-07-32).txt
Scan type: Quick scan
Objects scanned: 167634
Time elapsed: 7 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 41
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\$RECYCLE.BIN\S-1-5-21-325031984-3351419643-2024898580-1004\$RPEGNTM.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

i will now proceed with online scan and i will give u feedback.
tk cr.


----------



## wakss3 (Sep 11, 2010)

Hi, Kaspersky online scanner is not avalable currently according to d site besides which of them will i download, pure, anti virus, trial version or what?


----------



## CatByte (Feb 24, 2009)

Please use the link I provided


----------



## wakss3 (Sep 11, 2010)

Hi,
pls be patient wit me, i need to make sure the server is stable b4 doing the online scan so it wont waste my time ok, i will still do that soon.
take care.


----------



## CatByte (Feb 24, 2009)

How are you making out?


----------



## wakss3 (Sep 11, 2010)

cool, how are u doing? sorry 4 keeping you waiting, bear with me.bye.


----------



## CatByte (Feb 24, 2009)

I'm doing fine,

more important, how is your computer doing?


----------



## wakss3 (Sep 11, 2010)

d computer is working only that the error we wanted to solve is still there and u know we are still on it, the kaspersky online scan is coming soon ok.


----------



## CatByte (Feb 24, 2009)

OK, good

I'll be waiting for the kaspersky scan report


----------



## wakss3 (Sep 11, 2010)

Hi,
Finally here come the kaspersky online scan report for you.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 27, 2010
Operating system: Microsoft Windows Vista Business Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 26, 2010 20:24:02
Records in database: 4178813
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Objects scanned: 185182
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 04:35:35

File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir Infected: not-a-virus:AdWare.Win32.FunWeb.ds 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: Hoax.Win32.Screensaver.b 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:Garbage.Win32.WebToolbar.ap 1
C:\SOFTWARES\New Folder\Desktop\Chess.exe Infected: not-a-virus:WebToolbar.Win32.Zango.h 1
C:\Users\WALEX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\3d43daad-3ccb9442 Infected: Trojan-Downloader.Java.Agent.ao 1
Selected area has been scanned.

Tk care.


----------



## CatByte (Feb 24, 2009)

Hi

Please describe for me in as much detail as possible how the computer is running and if there are any outstanding issues

Please do the following:









*Your Java is out of date.* Older versions have vulnerabilities that malware can use to infect your system. *Please follow these steps to remove older version Java components and update.*

Download the latest version of *Java Runtime Environment (JRE) 22* and save it to your desktop.
Scroll down to where it says *JDK 6 Update 22 (JDK or JRE)*
Click the *Download JRE* button to the right
Select the *Windows* platform from the dropdown menu.
Read the License Agreement and then check the box that says: "_I agree to the Java SE Runtime Environment 6u22 with JavaFX 1 License Agreement_". Click on *Continue.* The page will refresh.
Click on the link to download *Windows Offline Installation* and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on *Add or Remove Programs* and remove all older versions of Java.
Check (_highlight_) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the *Remove* or *Change/Remove* button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on * jre-6u22-windows-i586.exe* to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the *Settings* button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - *Leave BOTH Checked*

*Applications and Applets
Trace and Log Files*

Click OK on Delete Temporary Files Window
*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.*
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.


----------



## wakss3 (Sep 11, 2010)

Hi,
My notebook is running ok except this error that pop up @ start up that you have been trying to correct for me and again remember in one of my post that i mentioned this other problem i encountered when i wanted to try resolve the error myself b4 i met u (the site), i.e that i try run HP RECOVERY MANAGER to restore the system to factory settings but which could not run due to this message displayed then ''Error, a critical support file needed to run d HP RECOVERY MANAGER is missing from ur system. unable to continue. (E;/system.sav/util/diskutil.exe) ok''
Aside the above;
I have removed the Java on my computer completelely and i have downloaded newer version and also install it as u said. I followed all d instructions.

Thank u, i expect ur reply and next thing to do.


----------



## CatByte (Feb 24, 2009)

Please do the following:


Go to *Start* and type in *cmd*
*Right-click* on the *cmd icon* above, and click *Run As Administrator*
At the command prompt, type *sfc /scannow*, and then press *ENTER.*
Note This command may take several minutes to finish. You may be prompted to provide Windows installation source files when you run the *sfc /scannow* command.
At the command prompt, type *exit*, and then press *ENTER* to close the command prompt.


----------



## wakss3 (Sep 11, 2010)

Hi,
I have done the cmd scan, i thought there will be a report after d exit but nothing.
bye.


----------



## CatByte (Feb 24, 2009)

it will usually tell you on the screen if it finds and fixes any problems

how is the computer running now?

Are there still outstanding issues?

Please describe in as much detain as possible what they are?

Please explain if you are still getting error messages, exactly what the error messages say

thanks


----------



## wakss3 (Sep 11, 2010)

Hi,
the last time u ask if there is any error again on my computer, i posted the complain left in my last 2 or 3 post pls kindly check my reply to it the last time u ask if there is any error left, about my previous 3 post. anyway the error that usually pop up at start up is still there ''error loading C:users/AppData/Roaming/tginsxs.dll' the specific module could not be found.''
tk care.


----------



## CatByte (Feb 24, 2009)

yes, I asked again as I needed more specific information about the errors

You say it "usually pops up"...does that mean it pops up every time you reboot or only some times/ Have you checked recently?

Is it still popping up? I need as much information as possible in order to properly diagnose the problem, saying "I'm getting the same error" doesn't help me much

anyway

try this

Press Start->Run, copy/paste the following command (it's one long command) into the run box and press OK:

*reg export "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "%userprofile%\desktop\menu.txt"*

A new file called menu.txt should appear on your Desktop, please post the contents with your next response.


----------



## wakss3 (Sep 11, 2010)

Hi,yes the error pop up every time i reboot up till now. this is the error message in quote ''error loading C:users/AppData/Roaming/tginsxs.dll' the specific module could not be found.''here is the menu log;Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LightScribe Control Panel"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden""fsm"="""L08AXLRD_119591676"="\"C:\\Program Files\\Microsoft Student\\Microsoft Student with Encarta Premium 2008 DVD\\EDICT.EXE\" -m""vjhax"="rundll32.exe \"C:\\Users\\WALEX\\AppData\\Roaming\\tginsxs.dll\",metmdds""ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler""Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun""swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"""WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"take care.


----------



## CatByte (Feb 24, 2009)

Hi

well that is interesting, we deleted that entry once and it didn't show up in the subsequent ComboFix log, but the export of that key shows it's still there.

Please do the following:


*Very Important!* Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. 
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click *Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box - Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vjhax"=-
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')

*Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File;*
2.Click *Save As...* Change the directory to your *desktop;*
3.Change the *Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save* ...











 Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
 ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
 When finished, it shall produce a log for you. 
 *Copy and paste the contents of the log in your next reply.*

*CAUTION:** Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.


----------



## wakss3 (Sep 11, 2010)

Hi, 
do i do it offline because my internet explorer is preventing it from running or is it that it will show blank page while scanning because it showed blank page now.


----------



## CatByte (Feb 24, 2009)

this should have nothing to do with internet explorer

just run combofix off line

what do you mean internet explorer is preventing what form running?


----------



## wakss3 (Sep 11, 2010)

Hi, 
its because i have deleted combo fix.exe on my sistem now, i thought we will not need it again since it gave us much problem, dats why i deleted it so i thought i will drop d CTCFScipt on d combo interface you put in your repply. sorry, ok i will download another combo fix.exe and do it from d desktptop.


----------



## CatByte (Feb 24, 2009)

Hi

Download it from here

drag the script into it to run it

*Link 1*


----------



## wakss3 (Sep 11, 2010)

Hi,
I have downloaded it from the previous link and i have dropped the CFScript file and run, after all the completed scan, it showed that combo is preparing the log and i waited for it to show the log but it hung, when i waited for close to 1 hr or more and nothing happens cos the whole system hung with it so i reboot but as usual, i check C: then i saw combofix (text) here it is;

ComboFix 10-11-02.01 - OLAWALE 11/03/2010 3:26:19.1.2 - x86
Microsoft® Windows Vista Business 6.0.6002.2.1252.1.1033.18.1975.970 [GMT 1:00]
Running from: C:\Users\WALEX\Desktop\Combo.com
Command switches used :: C:\Users\WALEX\Desktop\CFScript.txt
AV: Total Protection *On-access scanning disabled* (Outdated) {8C354827-2F54-4E28-90DC-AD391E77808C}
FW: Total Protection *disabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}
SP: Avira AntiVir PersonalEdition *disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Total Protection *disabled* (Outdated) {DEBE977C-6A5A-49CC-937A-9E8BB3202260}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

Then i tried the same process to run CFScipt in combo again but no log this time around either on desktop or C;
After this i rebooted and the error we wanted to stop is still showing at every start up.
tk care.


----------



## CatByte (Feb 24, 2009)

You show that you have McAfee and Avira both running.

Having more than one antivirus can cause system slowdowns, conflicts and crashes: so I suggest uninstalling one of them.

Let's try this registry fix to get rid of the error:

Please do the following:

*Launch Notepad*, and *copy/paste everything in the codebox* below into the new document, including the word *Windows Registry Editor Version 5.00*. Go up to "*File Save As*" and click the drop-down box to change the "*Save As Type*" to "*All Files*" and save it to your desktop as *fixme.reg*.


```
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vjhax"=-
```
3. Locate *fixme.reg* on your Desktop. It should look like this







. Double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer *Yes* and wait for a message to appear similar to *Merged Successfully*.

4. *Restart* your computer.

Let me know if that takes care of it


----------



## wakss3 (Sep 11, 2010)

HI,
YOU ARE A GENIOUS, IT TAKES CARE OF IT, I FOLLOWED ALL YOUR INSTRUCTION AND RESTARTED THE COMPUTER AT THE END OF IT, THE ERROR MESSAGE DID NOT SHOW UP. THANK YOU AND GOD BLESS YOU, LOOKING FORWARD TO HEARING FROM U SO I COULD ASK FURTHER QUESTION OR IF U HAVE ANYTHING TO SAY.
TAKE CARE.:up:


----------



## CatByte (Feb 24, 2009)

Hi

Good

glad that has resolved that issue

Please do the following:

Download *TFC* to your *desktop*
*Mirror*

Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean
*It's normal after running TFC cleaner that the PC will be slower to boot the first time. *

*
NEXT*

Defrag your System

Download and run *Puran Disk Defragmenter*

*
NEXT*

post a fresh DDS Log and Attach.txt and advise how the computer is running now and if there are any outstanding issues:

I will post the download link and full instructions again, save you scrolling back to the beginning:

Please download *DDS* from either of these links

*LINK 1* 
*LINK 2*

and save it to your *desktop.*

Disable any script blocking protection
 Double click *dds.pif* to run the tool. 
When done, two *DDS.txt's* will open. 
Save both reports to your *desktop.*
---------------------------------------------------
*Please include the contents of the following in your next reply:*

*DDS.txt*

*Attach.txt*.


----------



## wakss3 (Sep 11, 2010)

Hi, 
I have defrag C; with puran disk defragmenter, i have also downloaded dds but when i run it, it showed the window with black background with those instructions u gave written on d window with the last letter like minus sign i.e _ blinking, i waited 4 about 50 min nothing happend, window media player also opened when i double click it showing PEV but didnt open anything cos of the format, so wat happen? i disabled anti virus b4 doing it.


----------



## wakss3 (Sep 11, 2010)

forgot to say that each time i closed window media player it reopend by itself until later that i close dds window b4 it closes.


----------



## CatByte (Feb 24, 2009)

Please run OTL


Download *OTL* and save it to your desktop.
Double click on the







icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
Under the *Extra Registry* section, check *Use SafeList*
Download the following file *scan.txt* to your *Desktop*. *Click here to download it*. You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying *"Click Ok to load a custom scan from a file or Cancel to cancel"*
Click the Ok button and navigate to the file *scan.txt* which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (*Edit->Select All, Edit->Copy*) the contents of these files, one at a time and post them in your topic


----------



## wakss3 (Sep 11, 2010)

OTL logfile created on: 11/5/2010 2:58:29 PM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\WALEX\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 45.67 Gb Free Space | 32.85% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.18 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
Drive F: | 1020.00 Mb Total Space | 1019.75 Mb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive G: | 24.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WALEX-PC | User Name: OLAWALE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 14:45:57 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WALEX\Desktop\OTL.exe
PRC - [2010/10/22 21:22:16 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/10/13 14:00:27 | 000,114,688 | ---- | M] () -- C:\Program Files\MTN [email protected]\MTN [email protected]
PRC - [2010/10/12 12:56:47 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/10/06 18:45:15 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/09/23 00:21:26 | 000,884,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsui.exe
PRC - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe
PRC - [2010/09/23 00:19:02 | 001,448,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mesh\WLSync.exe
PRC - [2010/09/23 00:16:36 | 000,054,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Companion\companionuser.exe
PRC - [2010/09/22 23:28:10 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/09/22 16:33:20 | 000,071,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mesh\MOE.exe
PRC - [2010/09/22 12:03:38 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/06/07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/06/06 16:38:28 | 000,796,600 | ---- | M] () -- C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
PRC - [2010/05/14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/05/11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/08/13 05:04:28 | 000,435,496 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/05/08 11:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/23 15:11:26 | 000,110,592 | ---- | M] () -- C:\ProgramData\DatacardService\DCSHOST.exe
PRC - [2009/04/23 15:07:42 | 000,258,048 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DataCardMonitor.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 03:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/05/14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/05/08 01:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008/05/02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008/05/02 21:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008/04/18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/04 16:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/03/31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008/01/21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/05/21 12:00:22 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
PRC - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2010/11/05 14:45:57 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WALEX\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/08/09 22:06:46 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010/05/04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010/04/26 03:09:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2009/09/25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009/04/10 23:28:22 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2009/04/10 23:28:20 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2009/04/10 23:28:20 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/10 23:28:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008/05/21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008/01/21 03:25:27 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/21 03:25:21 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008/01/21 03:25:11 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2008/01/21 03:24:14 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- C:\Combo\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE -- (EngineServer)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/17 12:11:40 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\windows\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/13 05:04:28 | 000,435,496 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/07/16 10:20:06 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/04/23 15:11:26 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCSHOST.exe -- (DCSHost.exe)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/05/02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/04/18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\OLAWALE\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/16 15:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 15:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/06/04 02:18:58 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/11/17 15:48:22 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netnnusb.sys -- (UGOIad)
DRV - [2009/09/10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/16 10:20:26 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/03/27 06:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/01 17:40:16 | 000,039,680 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_mdm.sys -- (sit_mdm)
DRV - [2008/07/01 17:40:16 | 000,038,656 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_prt.sys -- (sit_prt)
DRV - [2008/07/01 17:40:16 | 000,022,144 | ---- | M] (SUNGIL) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_bus.sys -- (sit_bus)
DRV - [2008/07/01 17:40:16 | 000,004,352 | ---- | M] (SUNGIL Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sit_flt.sys -- (sit_flt)
DRV - [2008/05/21 15:07:48 | 002,369,536 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/05/16 21:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 21:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 21:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 21:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 21:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 21:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 21:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/05/14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/07 07:09:20 | 000,125,200 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/04/29 00:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/04/14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/03/21 19:35:24 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/03/10 18:25:10 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2008/01/21 03:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 03:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/17 22:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/03 21:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 21:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 21:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 21:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 21:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 21:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 21:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ytie"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ytie"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://wap.ng.zain.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytie&p="
FF - prefs.js..network.proxy.autoconfig_url: "http://hidedaddy.com/"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "local host"
FF - prefs.js..network.proxy.backup.socks_port: 1080
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "10.199.212.2"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "10.199.212.2"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "10.199.212.2"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.199.212.2"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "10.199.212.2"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/19 08:05:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/28 19:14:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/16 12:04:13 | 000,000,000 | ---D | M]

[2010/05/01 13:21:25 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Mozilla\Extensions
[2010/05/01 13:21:25 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/11/05 10:38:41 | 000,000,000 | ---D | M] -- C:\Users\WALEX\AppData\Roaming\Mozilla\Firefox\Profiles\2t91urta.default\extensions
[2010/10/20 23:00:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\WALEX\AppData\Roaming\Mozilla\Firefox\Profiles\2t91urta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 00:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\WALEX\AppData\Roaming\Mozilla\Firefox\Profiles\2t91urta.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/02 01:52:11 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\WALEX\AppData\Roaming\Mozilla\Firefox\Profiles\2t91urta.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010/10/28 12:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/28 12:38:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/28 12:37:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/12 14:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/10/13 12:54:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\tbBro1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.295.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/22 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/14 08:41:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - C:\Combo\PEV.cfx File not found
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - C:\Combo\PEV.cfx File not found
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F76E0CCF-0053-A9E4-C492-DB1B57EE7693} - Microsoft Windows Media Player
ActiveX: >{1CDEAFEA-D70F-4D76-B076-C0502CD4C20A}0FE7AE - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\System32\rundll32.exe" "C:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/04 19:27:01 | 001,110,016 | ---- | C] (Puran Software) -- C:\windows\System32\PuranFD.exe
[2010/11/04 19:27:01 | 000,229,376 | ---- | C] (Puran Software) -- C:\windows\System32\PuranDefragS.exe
[2010/11/04 19:27:01 | 000,221,184 | ---- | C] (Puran Software) -- C:\windows\System32\PuranDC.exe
[2010/11/04 19:27:01 | 000,212,992 | ---- | C] (Puran Software) -- C:\windows\System32\PuranDefrag.dll
[2010/11/04 19:27:01 | 000,107,008 | ---- | C] (Puran Software) -- C:\windows\System32\PuranDefragBT.exe
[2010/11/04 19:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2010/11/04 17:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Opera 11.00 internal
[2010/11/04 17:49:17 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Roaming\Windows Live Writer
[2010/11/04 17:49:17 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Local\Windows Live Writer
[2010/11/04 09:07:25 | 000,000,000 | ---D | C] -- C:\windows\en
[2010/11/04 09:06:26 | 000,039,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\fssfltr.sys
[2010/11/04 08:56:39 | 000,000,000 | ---D | C] -- C:\windows\System32\Live Remote
[2010/11/04 08:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/11/04 08:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/11/04 08:51:16 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_5.dll
[2010/11/04 08:51:16 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_42.dll
[2010/11/04 08:51:16 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_3.dll
[2010/11/04 08:49:41 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Local\Windows Live
[2010/11/04 08:47:18 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webservices.dll
[2010/11/03 06:05:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/11/03 05:46:31 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/11/03 05:37:06 | 000,000,000 | --SD | C] -- C:\Combo
[2010/11/03 05:36:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/10/31 22:54:15 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmploc.DLL
[2010/10/31 22:48:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2010/10/31 22:47:44 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2010/10/31 22:25:04 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010/10/31 22:25:04 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010/10/31 22:25:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010/10/31 22:25:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2010/10/31 22:25:01 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/10/31 22:25:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/10/31 22:25:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010/10/31 22:25:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010/10/31 22:25:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2010/10/31 22:25:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2010/10/31 22:24:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2010/10/31 22:24:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2010/10/31 22:24:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/10/31 22:24:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/10/31 22:24:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010/10/31 22:24:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2010/10/31 22:24:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010/10/31 22:04:57 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll
[2010/10/31 22:04:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Apphlpdm.dll
[2010/10/31 22:04:52 | 004,240,384 | ---- | C] (Microsoft) -- C:\windows\System32\GameUXLegacyGDFs.dll
[2010/10/31 22:02:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2010/10/31 22:02:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2010/10/31 22:01:57 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/10/31 22:01:52 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshsq.dll
[2010/10/31 21:51:49 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmpmde.dll
[2010/10/28 12:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/28 12:38:15 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010/10/28 12:38:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010/10/28 12:38:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010/10/26 00:42:12 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Roaming\Nero
[2010/10/26 00:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/10/26 00:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/10/16 12:07:42 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/10/16 12:05:15 | 000,000,000 | -HSD | C] -- C:\Users\OLAWALE\Desktop\%APPDATA%
[2010/10/16 12:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/16 12:04:13 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010/10/15 18:50:19 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Roaming\Malwarebytes
[2010/10/15 18:49:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/10/15 18:49:34 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2010/10/15 18:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/15 18:49:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/10/15 18:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/13 14:00:41 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2010/10/13 14:00:41 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2010/10/13 14:00:41 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbdev.sys
[2010/10/13 14:00:41 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2010/10/13 12:17:44 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Local\temp
[2010/10/13 12:00:58 | 000,000,000 | ---D | C] -- C:\%APPDATA%
[2010/10/12 20:10:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/12 19:11:54 | 000,000,000 | ---D | C] -- C:\Users\WALEX\AppData\Roaming\Google
[2010/10/07 15:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/10/07 14:49:44 | 000,000,000 | ---D | C] -- C:\windows\System32\WindowsPowerShell
[2010/10/07 14:48:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winrsmgr.dll
[2010/10/07 14:47:39 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winrs.exe
[2010/10/07 14:47:39 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winrshost.exe
[2010/10/07 14:47:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsmprovhost.exe
[2010/10/07 14:47:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wsmplpxy.dll
[2010/10/07 14:47:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winrssrv.dll
[2010/10/07 14:47:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wevtfwd.dll
[2010/10/07 14:47:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wecutil.exe
[2010/10/07 14:47:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wecapi.dll
[2010/10/07 14:47:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WsmRes.dll
[2010/10/07 14:47:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pwrshplugin.dll
[2010/10/07 14:47:13 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSManMigrationPlugin.dll
[2010/10/07 14:47:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WSManHTTPConfig.exe
[2010/10/07 14:47:13 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winrscmd.dll
[2010/10/07 14:47:13 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WsmWmiPl.dll
[2010/10/07 14:47:13 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WsmAuto.dll
[2010/10/07 14:46:40 | 000,000,000 | ---D | C] -- C:\ceeb6f727d28c00f65f2e96f3d160c
[2010/10/06 18:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/06 18:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/06 16:49:40 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\windows\System32\drivers\seehcri.sys
[2009/07/18 01:46:08 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/03/27 06:47:16 | 000,195,120 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/11/05 15:03:00 | 000,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{2F85BEFE-BDE6-4CA5-BAC8-D9BA862113ED}.job
[2010/11/05 15:00:59 | 000,000,418 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{3F5B8360-F01D-4008-92ED-F1EDDAEC565F}.job
[2010/11/05 14:36:29 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 14:36:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/11/05 14:36:18 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 14:36:17 | 000,003,344 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 12:08:21 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 11:01:59 | 000,644,156 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/11/05 11:01:59 | 000,121,098 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/11/05 10:21:52 | 000,000,374 | ---- | M] () -- C:\windows\tasks\AWC Startup.job
[2010/11/05 10:21:11 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2010/11/05 10:20:51 | 2072,264,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/05 01:52:17 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010/11/04 19:27:02 | 000,000,762 | ---- | M] () -- C:\Users\OLAWALE\Desktop\Puran Defrag.lnk
[2010/11/04 18:53:15 | 000,460,304 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/11/02 02:08:46 | 000,086,528 | ---- | M] () -- C:\windows\MBR.exe
[2010/10/29 17:00:33 | 000,152,064 | ---- | M] () -- C:\Users\WALEX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 12:37:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010/10/28 12:37:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010/10/28 12:37:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010/10/28 12:37:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010/10/27 18:40:27 | 000,000,924 | ---- | M] () -- C:\Users\OLAWALE\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/27 18:40:27 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2010/10/15 18:49:38 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 14:01:05 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\MTN [email protected]
[2010/10/13 12:54:34 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/10/07 15:44:39 | 000,000,776 | ---- | M] () -- C:\Users\OLAWALE\Desktop\Virtual DJ.lnk
[2010/10/07 14:52:34 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/07 09:42:15 | 000,001,662 | ---- | M] () -- C:\Users\OLAWALE\Desktop\LimeWire 5.5.16.lnk
[2010/10/06 18:22:30 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:49:59 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk

========== Files Created - No Company Name ==========

[2010/11/04 19:27:02 | 000,000,762 | ---- | C] () -- C:\Users\OLAWALE\Desktop\Puran Defrag.lnk
[2010/11/03 05:47:36 | 2072,264,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/27 18:40:27 | 000,000,924 | ---- | C] () -- C:\Users\OLAWALE\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/10/27 18:40:27 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010/10/15 18:49:38 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 14:01:05 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\MTN [email protected]
[2010/10/12 12:57:06 | 000,000,888 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/12 12:57:04 | 000,000,884 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/07 15:44:39 | 000,000,776 | ---- | C] () -- C:\Users\OLAWALE\Desktop\Virtual DJ.lnk
[2010/10/07 14:52:34 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/07 14:47:15 | 000,201,184 | ---- | C] () -- C:\windows\System32\winrm.vbs
[2010/10/07 14:47:15 | 000,004,675 | ---- | C] () -- C:\windows\System32\wsmanconfig_schema.xml
[2010/10/07 14:47:15 | 000,002,426 | ---- | C] () -- C:\windows\System32\WsmTxt.xsl
[2010/10/07 09:42:15 | 000,001,662 | ---- | C] () -- C:\Users\OLAWALE\Desktop\LimeWire 5.5.16.lnk
[2010/10/06 18:22:30 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 16:49:59 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/08/25 01:26:47 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010/08/21 11:14:49 | 000,000,357 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/01 13:26:15 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/04/01 00:32:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/01 09:35:31 | 000,005,806 | ---- | C] () -- C:\Users\WALEX\AppData\Roaming\NMM-MetaData.db
[2009/11/17 15:48:22 | 000,014,336 | ---- | C] () -- C:\windows\System32\drivers\netnnusb.sys
[2009/10/12 06:36:06 | 000,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/10/12 06:36:06 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/09/07 23:22:10 | 000,000,053 | ---- | C] () -- C:\windows\WININIT.INI
[2009/09/07 23:21:58 | 000,000,000 | ---- | C] () -- C:\windows\setup32.INI
[2009/08/25 01:56:27 | 000,019,456 | ---- | C] () -- C:\Program Files\Spsspatch.exe
[2009/08/25 01:52:25 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth2.dll
[2009/08/25 01:52:25 | 000,001,024 | ---- | C] () -- C:\windows\System32\clauth1.dll
[2009/08/25 01:52:25 | 000,000,000 | ---- | C] () -- C:\windows\System32\serauth2.dll
[2009/08/25 01:52:25 | 000,000,000 | ---- | C] () -- C:\windows\System32\serauth1.dll
[2009/08/25 01:52:25 | 000,000,000 | ---- | C] () -- C:\windows\System32\nsprs.dll
[2009/08/25 01:49:01 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll
[2009/08/25 01:49:01 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll
[2009/08/19 05:00:30 | 000,000,000 | ---- | C] () -- C:\windows\Mavis Beacon Teaches Typing.INI
[2009/08/13 02:41:10 | 000,001,796 | ---- | C] () -- C:\windows\PCW170.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/01 02:37:56 | 000,000,018 | ---- | C] () -- C:\windows\gfact.ini
[2009/08/01 02:07:10 | 000,000,649 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/08/01 02:07:00 | 000,057,344 | ---- | C] () -- C:\windows\System32\sagefolderbrowser.dll
[2009/07/31 01:04:38 | 000,000,532 | ---- | C] () -- C:\windows\SUPERLEX.INI
[2009/07/28 05:21:17 | 000,030,197 | ---- | C] () -- C:\Users\WALEX\AppData\Roaming\UserTile.png
[2009/07/18 08:37:38 | 000,000,474 | ---- | C] () -- C:\windows\ODBC.INI
[2009/07/18 06:37:52 | 000,152,064 | ---- | C] () -- C:\Users\WALEX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/18 01:51:37 | 000,000,000 | ---- | C] () -- C:\Users\WALEX\AppData\Local\QSwitch.txt
[2009/07/18 01:51:37 | 000,000,000 | ---- | C] () -- C:\Users\WALEX\AppData\Local\DSwitch.txt
[2009/07/18 01:51:37 | 000,000,000 | ---- | C] () -- C:\Users\WALEX\AppData\Local\AtStart.txt
[2009/03/27 06:48:22 | 001,810,992 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/03/27 06:48:12 | 000,034,096 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2008/06/18 17:03:36 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008/06/18 17:03:36 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008/06/18 17:03:36 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008/06/18 17:03:36 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008/06/18 17:03:36 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008/06/18 17:03:36 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008/06/18 16:42:49 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008/05/21 15:20:22 | 000,147,456 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1489.dll
[2008/05/14 01:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006/05/20 03:39:58 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005/04/03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2004/07/13 23:36:34 | 000,001,633 | ---- | C] () -- C:\windows\PPAAT130.INI_upg2010
[2001/03/26 09:51:29 | 000,000,571 | ---- | C] () -- C:\windows\HBCIKRNL.INI
[2000/04/07 21:02:26 | 000,000,552 | ---- | C] () -- C:\Users\WALEX\AppData\Local\d3d8caps.dat
[2000/04/07 20:56:40 | 000,002,032 | ---- | C] () -- C:\Users\WALEX\AppData\Local\d3d9caps.dat
[1999/03/30 17:53:50 | 000,000,793 | ---- | C] () -- C:\windows\BTI.INI
[1998/05/07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2001/03/26 09:57:50 | 000,000,086 | ---- | M] () -- C:\bcmwl6.log
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2001/03/26 09:54:44 | 000,000,164 | ---- | M] () -- C:\chicony.log
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/05 10:20:51 | 2072,264,704 | -HS- | M] () -- C:\hiberfil.sys
[2001/03/26 09:50:50 | 000,030,544 | ---- | M] () -- C:\intel_chipset.log
[2001/03/26 09:51:10 | 000,016,986 | ---- | M] () -- C:\intel_msm.log
[2009/07/31 01:01:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/01/05 12:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002/01/05 12:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2009/07/31 01:01:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/05 10:20:48 | 2385,993,728 | -HS- | M] () -- C:\pagefile.sys
[2010/09/29 11:02:07 | 002,591,002 | ---- | M] () -- C:\PSQL_v10_Install.log
[2010/09/29 11:09:35 | 000,895,324 | ---- | M] () -- C:\SageMessageCenter_Install.log
[2009/07/19 18:13:40 | 000,000,158 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:19 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:19 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:19 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2010/08/25 01:41:18 | 000,037,665 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/03/10 23:30:24 | 000,273,408 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp081.dll
[2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp70v.dll
[2008/01/21 03:23:39 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 13:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

Invalid Environment Variable: APPDATA

< %ALLUSERSPROFILE%\Favorites\*.* >

Invalid Environment Variable: APPDATA

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:58 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2007/11/20 07:21:40 | 000,019,456 | ---- | M] () -- C:\Program Files\Spsspatch.exe

Invalid Environment Variable: APPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

Invalid Environment Variable: APPDATA

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/20 03:53:02 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

Invalid Environment Variable: APPDATA

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2006/11/02 13:36:17 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/09/13 00:22:26 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/09/13 00:21:55 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/09/13 00:21:55 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/09/13 00:21:55 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/09/13 00:21:55 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/09/13 00:21:55 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/04/27 09:16:49 | 000,000,402 | -HS- | M] () -- C:\Users\OLAWALE\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/21 11:24:35 | 000,000,357 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2008/05/16 14:30:28 | 000,673,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\Installer\HPPTSuiteInstallEngine.exe
[14 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

Invalid Environment Variable: AppData

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[14 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 22:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\System32\acwizard.ico

< %systemroot%\system\*.dat >
[2009/07/18 01:50:46 | 000,000,044 | ---- | M] () -- C:\Windows\system\hpsysdrv.dat

< %systemroot%\system\*.exe >

Invalid Environment Variable: AppData

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/11/04 08:51:41 | 000,293,657 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

Invalid Environment Variable: AppData

< %UserProfile%\*.dat >
[2010/11/05 15:03:53 | 004,194,304 | -HS- | M] () -- C:\Users\OLAWALE\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

Invalid Environment Variable: appdata

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

Invalid Environment Variable: AppData

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.rpv /x >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

Invalid Environment Variable: AppData

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2008/06/18 16:26:20 | 000,000,000 | ---D | M] -- C:\Program Files\ActivIdentity
[2010/10/06 18:22:19 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/03 04:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2001/03/26 09:49:52 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/06/20 01:12:48 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2010/08/31 09:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Toolbar
[2010/07/28 23:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/10/06 16:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest update
[2010/09/02 02:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\BearShare Applications
[2010/11/04 08:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2001/03/26 09:57:53 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/09/07 23:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2010/10/07 14:33:23 | 000,000,000 | ---D | M] -- C:\Program Files\Brothersoft
[2010/09/29 11:04:36 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2009/06/04 08:05:20 | 000,000,000 | ---D | M] -- C:\Program Files\CA Yahoo! Anti-Spy
[2010/11/03 17:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/06/20 01:12:49 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/05/11 12:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Crystal Decisions
[2010/09/28 13:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/08/19 05:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/06/18 18:27:56 | 000,000,000 | ---D | M] -- C:\Program Files\DownloadToolz
[2009/12/02 23:18:07 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/05/01 13:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\Flash Player 2.0
[2009/12/01 21:00:39 | 000,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2010/09/07 00:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Free Download Manager
[2010/10/12 12:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/10/04 12:00:16 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/08/21 11:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/07/18 01:46:54 | 000,000,000 | ---D | M] -- C:\Program Files\HP Webcam Application
[2008/06/18 16:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2010/10/06 16:49:27 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/08/04 22:57:15 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/31 23:36:54 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/06/18 17:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/09/02 00:45:48 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/10/16 12:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/01 13:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/07/18 08:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\KONAMI
[2009/07/21 01:53:57 | 000,000,000 | ---D | M] -- C:\Program Files\Learning Essentials
[2010/10/07 09:42:15 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2009/09/07 23:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Line50
[2010/09/13 00:05:25 | 000,000,000 | ---D | M] -- C:\Program Files\LSI SoftModem
[2010/10/15 18:51:04 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/01 13:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\mario
[2001/03/26 09:55:46 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2010/06/17 17:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/21 01:04:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/09/09 05:54:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/07/31 16:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/06/18 16:53:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/10/13 11:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/06/17 17:32:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/21 02:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Student
[2010/06/17 17:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/07/19 18:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/19 17:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/06/17 14:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/09/13 00:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/25 01:56:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/28 19:14:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/19 18:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/09/01 23:48:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2010/11/04 08:53:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar
[2010/06/18 08:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/13 14:01:51 | 000,000,000 | ---D | M] -- C:\Program Files\MTN [email protected]
[2010/08/07 10:17:44 | 000,000,000 | ---D | M] -- C:\Program Files\MyPlayCity.com
[2010/11/02 20:18:53 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/08/19 08:05:12 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009/12/15 23:30:02 | 000,000,000 | ---D | M] -- C:\Program Files\OpenVPN
[2010/11/04 18:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/08/26 23:50:21 | 000,000,000 | ---D | M] -- C:\Program Files\Opera 10.60 Beta
[2010/11/04 17:54:49 | 000,000,000 | ---D | M] -- C:\Program Files\Opera 11.00 internal
[2010/08/25 00:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\OxigenInstall
[2010/08/09 22:14:06 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2008/06/18 16:37:58 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Complete
[2010/09/29 11:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\Pervasive Software
[2010/11/04 21:55:00 | 000,000,000 | ---D | M] -- C:\Program Files\Puran Defrag
[2006/11/02 13:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/09/18 04:19:02 | 000,000,000 | ---D | M] -- C:\Program Files\Road Rash
[2010/04/27 09:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/09/29 11:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Sage Software
[2009/10/12 06:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2001/03/26 09:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\SCM Microsystems
[2010/10/12 12:55:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/09/02 00:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Software Informer
[2010/10/06 16:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2010/03/20 09:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Starcomms_
[2008/06/18 17:00:51 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/09/04 21:47:52 | 000,000,000 | ---D | M] -- C:\Program Files\Total Video Converter
[2006/11/02 14:01:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/01/30 06:44:46 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/10/07 15:44:43 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2010/08/25 01:56:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/08/25 01:56:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/08/25 01:56:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/09/01 23:49:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2010/08/25 01:56:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/11/04 09:07:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/09/17 10:57:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/31 23:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 13:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/08/25 01:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/09/13 01:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/08/25 01:56:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/09/06 00:22:42 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/08/20 07:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\Your Freedom
[2009/08/01 01:51:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >
[2006/09/18 22:43:58 | 000,000,707 | ---- | M] () -- C:\windows\_default.pif

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >
[2007/05/16 00:08:36 | 000,021,999 | ---- | M] () -- C:\Windows\System32\xsi.zip

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< %SYSTEMDRIVE%\Arquivo de programas\*.* >

< %ProgramFiles%\tcpview\*.* >

< %systemroot%\system32\*.lyo >

< %ProgramFiles%\huanbang2\*.* >

< %systemroot%\winhuanbang\*.* >

< %systemroot%\minrsv.ini\*.* >

< %systemroot%\assembly\GAC\*.* >

Invalid Environment Variable: AppData

< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2010/06/28 15:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

< %systemroot%\system32\*.pdo >

< %SYSTEMDRIVE%\APPDATASH\*.* >

< %SYSTEMDRIVE%\sy\*.* >

< %systemroot%\*.cot >

< %systemroot%\system32\*.html >

< %systemroot%\system32\win32.exe\*.* >

< %systemroot%\System32\9283\*.* >

< %systemroot%\System32\hardpol\*.* /s >

< %systemroot%\Fonts\*.dat >

< %ProgramFiles%\WinNTsystem operation\*.* >

< %SYSTEMDRIVE%\moneyxmexx.exe\*.* >

< %USERPROFILE%\Templates\*.exe >

< %SYSTEMDRIVE%\MSOCache\*.* >

< %systemroot%\inf\win\*.* >

< %SYSTEMDRIVE%\users\*.ini /x >

< %systemroot%\Media\*.exe >

< %systemroot%\Media\*.dll >

Invalid Environment Variable: AppData

< %ProgramFiles%\wiselink\*.* >

< %systemroot%\*.wd >

< %systemroot%\boot\*.* >

< %systemroot%\ime\*.dll /x >

< %systemroot%\system32\GroupPolicy\User\Scripts\*.* /s >

< %systemroot%\system32\*.INS >

< %SYSTEMDRIVE%\Temporary\*.* >

Invalid Environment Variable: AppData

< %SYSTEMDRIVE%\KEY\*.* /s >

< %SYSTEMDRIVE%\INVRSO\*.* >

< %systemroot%\Config\Audit\*.* /s >

< %ProgramFiles%\facebook\*.* >

< %SystemRoot%\system32\___hptmp\*.* >

< %SystemRoot%\system32\Macromedia\*.* >

< %SystemRoot%\system32\Macrocmp\*.* >

< %systemroot%\ap0calypse_00CD1A40\*.* /s >

< %SYSTEMDRIVE%\bbotxxxxxx.exe\*.* >

< %systemroot%\cacher\*.* >

< %systemroot%\down\*.* >

< %systemroot%\up\*.* >

< %SYSTEMDRIVE%\bootstartx.exe\*.* >

< %systemroot%\system32\wbem\grpconv.exe >

< %SYSTEMDRIVE%\Zolander\*.* /s >

< %systemroot%\Media_\*.* >

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download >
"CheckExeSignatures" = yes

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName6 /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-05 11:05:47

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:AE492DB0

< End of report >

OTL Extras logfile created on: 11/5/2010 2:58:29 PM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\WALEX\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 45.67 Gb Free Space | 32.85% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.18 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
Drive F: | 1020.00 Mb Total Space | 1019.75 Mb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive G: | 24.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WALEX-PC | User Name: OLAWALE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-325031984-3351419643-2024898580-1004]
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050C79A2-636B-4676-86D7-EE90216D47C6}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe | 
"{06C6E70B-8EA1-4B64-838E-03423C1FECDB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{084BFB52-E7D3-4D66-A6E4-5F6C32A2B2EB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{08CCA66D-9FE8-4614-B720-C9C9B696F497}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{131CD43F-63B7-4ABE-91E9-416E3A1BDB53}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1BEE3811-B42F-4048-87E0-4D6E4A256F94}" = rport=445 | protocol=6 | dir=out | app=system | 
"{21804BB7-54C4-47B3-A587-21F18538BCAF}" = lport=80 | protocol=6 | dir=in | [email protected],-50 | 
"{22F1F6F6-6858-4CB0-BED0-648DCEF3F4AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{2A6755B5-8050-49C9-A2B3-CB240DE500DE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{2B2AB6EA-062A-4EFE-A7F5-07D073F52E1E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2DDC16FA-071C-4257-826E-E4D8953B3234}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{3192B423-F5CD-4ED4-BB0D-3EBB64B0FC69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38F3F515-22F4-411A-B899-9885201692DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{490716D5-4627-401B-9B00-0EDC18F30C0C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{49D9205C-F879-4741-A4D2-8F3552F328B3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{4BBDDA1D-6543-494A-869B-3B51DD8D8C96}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{54CB7453-F429-446A-B3DA-4F67940B9B20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{550FA76A-464B-40E9-B909-A5A718CA827C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{5867FB7B-684A-4CFB-9582-835E10C4E857}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{5877B618-13A2-4EA2-BC93-F2BA8234233D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{5A260BE6-62A9-49AF-8DDE-8140D43053A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{5B03FD34-AB53-405C-A59B-C7AF12794AAD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5E45CE2F-2350-4AB7-8483-2133085E24D2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5E5C59C9-4398-4259-AB64-EC7F79F71A95}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{603928F9-A1DA-4E2B-A16D-BD895D4C22DF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{60DFD251-7FBF-4A12-83AC-6EFE09AE0E3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6139404C-E059-4C7F-AAD3-5710777E0664}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{62E9D71D-BFCC-4848-9D2C-C1BDD0B724AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{62F85737-ED63-4E3C-9A84-EED743614E66}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6773EA89-9875-4F27-8EDF-8188B8CAEBE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{677FAB4E-0EA0-4F08-BFEF-3C31693DB234}" = lport=1688 | protocol=6 | dir=in | svc=slsvc | app=c:\windows\system32\slsvc.exe | 
"{6E7F73BE-B48C-4327-8806-28FF495FAECE}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{6F8B512B-A092-437A-9C94-AEDE593A035D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{7201A81E-9BA9-4AAD-B6FD-571F951D840D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{768783DC-7F5B-43A7-8F06-6169CDD85F59}" = rport=139 | protocol=6 | dir=out | app=system | 
"{784FDA61-12FA-4E19-97E7-FDE84C180279}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe | 
"{7991C51F-BBEF-463D-9176-161B8B1792FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C2124FB-450B-4B0D-AEA0-2B8390CC2693}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7F975B7A-4CBB-480E-A5E1-BDEE2082A276}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{80DCF406-D194-46FC-B429-605ACD4D8E6A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{80EF7FFD-96C6-4686-A7F8-E67DDDC0F532}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{8380AE11-E06A-4BF8-B9E0-5585E74A3DBB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{860361DE-3E91-4B4D-A028-975FE71138C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8FDFA2CD-14CD-46C3-A4E1-68603B52BE46}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{9041EB0C-B3A0-4D80-8941-9B3BA8EEAE9D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{95BFA258-B2C9-43A0-9381-98121D4C57FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9ADC5027-66C5-4340-BA83-A2C4C9BF61DA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe | 
"{9B4F9547-3724-47D2-B67D-87A8247B3CC9}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe | 
"{9D4D7899-BA69-4727-B865-1F2683590A1A}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{9FD1633D-310A-415E-A7F5-984385C86471}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3FC357F-731C-4BFF-A23D-C7E7C6B4D562}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{A67DA000-9F68-4243-8C6F-1C6F269E72DB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A9498A28-A910-46D0-9741-CF97CE4EA245}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B26C8BBD-7D27-48B5-A574-9AB2CEEAD29F}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe | 
"{B3C948B8-B17F-4B31-9203-3EE508C69CEF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B4A68169-1399-4E98-9287-364B718E84E0}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe | 
"{B685903E-8DCD-497A-A2FA-BD5490C21E43}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | 
"{BCF58D08-F950-4AC2-8F90-D7034DBBD836}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BEEB02C4-A19E-4214-AF82-28E02740641D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C29B1163-1290-4F85-B171-6B2443A94D4D}" = lport=3351 | protocol=6 | dir=in | name=pervasive dbengine | 
"{CB080B08-B499-46D4-A95D-337245E4B237}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB4C68AD-2C36-42EC-BD3E-152C572C9B7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D1252054-A1FC-4297-8C51-F0AA42BDD20F}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{D3756F43-6A46-4B6D-AE69-9912C8B1ED6C}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{D48E0E8E-C488-4FA8-980B-0C416495D30B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{D9AF300A-7DFB-4352-BB07-E14097796C9F}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{DBB2332F-FBB7-4F31-BE1C-A164BF415AF0}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{DC168030-20F7-4102-83E1-E994F2E2A999}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ED453309-9CF3-401D-A1C1-CD64E4A649D7}" = lport=443 | protocol=6 | dir=in | app=system | 
"{F218BABC-094A-4ADF-8E92-B68E310EAE73}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{F59BCCCA-0420-4385-99C0-426F5C7702C1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F6A69CEA-518C-46BF-B533-93A742D399DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F716A680-876F-43F1-A049-7638C4E853DB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FB36FFCF-E735-450F-B387-2772F24FB853}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{FF09C85C-0339-42E3-B3C2-1295EB254282}" = lport=1583 | protocol=6 | dir=in | name=pervasive dbengine |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CCC924-B673-41A8-9540-7015AFD786EC}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{064718D5-D692-4DF9-AC9B-711917184F8B}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe | 
"{08C22337-9D85-41E4-8AFE-3B21595D0445}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0D3EE4EB-9B38-4258-B5D7-7F8DA5F104DF}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | 
"{0D77A3B6-D9BD-40F2-8DE2-25C124AE222B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{0E10575D-F889-4C0D-A50A-7C2C5F2E4A92}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{14A1D6CE-A9B7-45C1-9E50-D859EBF12D0F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{181875D8-D49A-4061-91C6-5AE1372F5335}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{198F8872-9EC8-4139-95AB-CE7FDAA8BD65}" = protocol=58 | dir=out | [email protected],-28546 | 
"{1F8C6291-3E60-40C4-B255-1971076E1838}" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe | 
"{23528F20-D39B-4D79-8B42-74D69BF7C6FD}" = protocol=1 | dir=in | [email protected],-28543 | 
"{23852272-8881-4B3E-B55A-C8B971C7E630}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{296B096F-C768-4DB9-B020-52DD6FCB5447}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe | 
"{29F0A511-C5E3-488A-A570-94C770A4D7DF}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe | 
"{2E3A0B72-8B82-46CB-8B13-07FA8BAB8E6E}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{3472AC3B-7F12-43F1-A899-9F14FEDEC3AF}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe | 
"{38E3233F-D871-488F-AA64-C34E1C5216B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3A692B18-D674-4292-A65F-09F0DA6B40CF}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{3BD1EC65-9B55-4192-BE75-B75D5A46311A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{45DC2D6C-CA76-47BF-ACFB-037795CC9AC4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{486D8F72-5B44-4C31-A74C-968523801BEF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{4916A0BF-F409-414B-AAD2-C03E4E4218DB}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{4AB639F8-6587-4A35-9828-9B9825D6DB89}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{5329DB41-D506-44AD-A275-2DBD91E5F259}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | 
"{5517007D-E064-4D7B-949B-19EAE2E575CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57D9E01C-0B3C-4CED-9467-925E2CE85F71}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5948CD0F-F157-42FE-B823-D8A510898CC6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{5AAC2D8E-2C52-426B-8CCC-5FACCB958960}" = protocol=6 | dir=in | app=c:\program files\opera 10.60 beta\opera.exe | 
"{5CE37EB1-F97F-4E37-9D36-5AF27056DF7B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5D148B02-32AA-457C-A37F-89439E72F7AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5DA4F340-3098-44E0-9D86-1D11DB813AEA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{5DA682C6-191F-4CFD-A6B5-CE87C03D724E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{5E7BD319-E893-4855-AF0F-5C0892AD608D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{61E38CDA-92BD-42B0-A6D3-0CB638802D6C}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast4\ashavast.exe | 
"{6404E3A7-A094-4381-BD5B-0183BEFEA388}" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{69300F92-98D7-45AE-874A-D1D58FB1C433}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{69F5E8CE-88F5-42F7-9A76-72540BC151FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{6B622D69-FDC2-4E41-AA17-CF000C703518}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{6BF6BE29-281B-4639-88A3-D89C50C43F30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E0EA42D-C2B0-4BA3-B0F1-394CDD4EC019}" = protocol=6 | dir=out | app=system | 
"{6FB96FCE-62BB-4F14-A836-F2D22C3E78A2}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe | 
"{76C55BA9-BA1A-43E9-A81E-48DD4E39D6EC}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{785D5AD1-9AA7-4070-9853-0D057A52B78D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{8043E0F8-C20F-4F94-A12D-6B574042E6B2}" = protocol=6 | dir=in | app=c:\program files\alwil software\avast4\ashavast.exe | 
"{80DC77F8-874C-44C0-BA53-72EB6F6EFC0C}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{81A91087-4C4A-4502-8B9F-2EAC3C097D8C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{8D9A8BEA-8C6C-4BA4-A99E-928CA8813937}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{8E97F159-BBED-4469-A314-C735C6F1BAA0}" = protocol=6 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe | 
"{8F41942E-F90D-43B0-BEBB-2951004D58AC}" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{8FB0680C-EDFE-4045-B0F0-9CA9D0FBB37A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{9E59E1FF-500A-43B8-9FBE-B0677EF94F9F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{A0AD32DC-E454-4EEF-876F-C4F85EBD3A35}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A17FC13C-2AC0-44EC-A7A1-107FA2D0D257}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{A59165CE-B899-4AD1-82A9-3083F559DC17}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe | 
"{A6547BED-2B4B-4FA7-949F-94C873DD2979}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{AC77822D-4F8A-44A0-83AD-77E16630E1FE}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{B536B194-4CB6-4EA5-86C8-3EC78808FFB5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B9F88743-459A-46D5-BB22-5E0782482DC5}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 
"{BA30ED12-C657-4931-8B05-1B9DF971D4DE}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | 
"{BB93DCEF-2D66-4796-AE62-71321F9BA0A1}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | 
"{CBCDA552-30BA-442D-A569-799555B4347E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{CD5739B9-A4FA-422E-B6BE-A52E5ED38880}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{CE9150BA-57E8-4878-9012-B04E996A5854}" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe | 
"{D5DF90EA-C15C-4196-88C4-387B3648749B}" = protocol=17 | dir=in | app=c:\program files\alwil software\avast5\avastui.exe | 
"{E1DC8C57-E53B-4F57-8B67-15A1B320AA48}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E2D5F4EC-6FD4-430C-8883-68B65971D082}" = protocol=1 | dir=out | [email protected],-28544 | 
"{E429060C-DBBF-4362-9306-715FF2C0DC4F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{E4E33B56-A4A1-48B1-A4E1-950F837404A7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{E69784DB-CF47-4BA7-9294-0838C33C38ED}" = protocol=17 | dir=in | app=c:\program files\opera 10.60 beta\opera.exe | 
"{E6B815EE-7DE4-4F67-923F-ED3133892419}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{E82AB767-CFD5-496B-ACAE-E602141F4609}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{E93D90E3-3D59-4973-B65B-5B9AB6392D5A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{F170C12B-B6F5-4032-A376-D7AC3207E731}" = protocol=6 | dir=out | app=system | 
"{F825DA66-7984-4510-A8DC-93E7B95E71DF}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{F89DF84C-A70C-49B3-AE67-36E5E794CF62}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{FA99FFB0-99D7-4F00-94C1-AB2F30D75F6A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{FAB330F5-78F6-431C-82DA-4A92836726E1}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{FAFA7B55-2665-4B3C-B1D0-AFA14A32C44A}" = protocol=17 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe | 
"TCP Query User{121FEE11-9FED-4BD1-B1AC-879DEFE24E26}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"TCP Query User{45F446FA-25CC-4470-BF0C-F60D0F1FFD87}C:\users\walex\desktop\ultrasurf_9.6.exe" = protocol=6 | dir=in | app=c:\users\walex\desktop\ultrasurf_9.6.exe | 
"TCP Query User{47D08218-9882-4FA4-A5F5-A62236ED3166}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{5335A453-E9F1-4E54-BCE2-CC8069C38D8C}C:\program files\opera 10.60 beta\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera 10.60 beta\opera.exe | 
"TCP Query User{5752C518-C084-4CB3-85ED-2029974A6920}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{6B188489-0462-41AC-BBFB-717734820CC1}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{7E15EB18-4B44-4E57-B13C-7587750A3C68}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"TCP Query User{80EC717B-16BF-46D6-A917-8171C95FA2E3}C:\program files\your freedom\freedom.exe" = protocol=6 | dir=in | app=c:\program files\your freedom\freedom.exe | 
"TCP Query User{9D89C143-A7DF-47B1-A48A-203B01E00B0F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{9E12870F-4F30-4A77-BA31-2BC622CCAD07}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{BD09F255-5FAE-46DD-8B3A-1408CEFF2800}C:\users\walex\desktop\u98.exe" = protocol=6 | dir=in | app=c:\users\walex\desktop\u98.exe | 
"TCP Query User{CE495C38-0991-4248-B78D-3298D1B68CAD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E80567D2-BE2A-43C1-9AD7-2C9A56D02D83}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{05A7A0C6-87FC-4F1A-B0A5-810BAF338892}C:\program files\opera 10.60 beta\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera 10.60 beta\opera.exe | 
"UDP Query User{46B05A78-8B5F-4543-8019-4EA8768EAA15}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{50D7592B-4D65-4556-A904-7AFFA1E3899F}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{5CFD824C-35AF-4F98-BA25-4B96C4CE8626}C:\users\walex\desktop\u98.exe" = protocol=17 | dir=in | app=c:\users\walex\desktop\u98.exe | 
"UDP Query User{7779033C-4860-473E-B90F-736D9D3A9A19}C:\program files\your freedom\freedom.exe" = protocol=17 | dir=in | app=c:\program files\your freedom\freedom.exe | 
"UDP Query User{923219D1-7479-4DCA-A468-CAD45D5BBD1A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{931B0E30-C21B-4012-B650-1CB9A5FE72E5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{A0F14F7A-1265-47D8-92D8-FB1B7DFD4DEA}C:\users\walex\desktop\ultrasurf_9.6.exe" = protocol=17 | dir=in | app=c:\users\walex\desktop\ultrasurf_9.6.exe | 
"UDP Query User{B070A673-4A6E-4615-AB76-C59E8AE43916}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{DA46EC11-865A-4587-8637-D9B15DC5078A}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"UDP Query User{DB2518BD-124D-42B6-9FB8-5F4C1A94254C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DE3899FA-4BBF-4A86-B50D-DDBB198760E6}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"UDP Query User{F33209C6-7C69-4979-B603-E2065050E32E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{03758EC2-DF40-4B5A-B404-CE220DA07718}" = Starcomms Neo
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{08041881-FCA5-44A7-B863-D66037A16AAF}" = Microsoft Student with Encarta Premium 2008
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Workgroup (32-bit)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CD774DA-B798-4D1E-B327-2AA6EA407929}" = Peachtree Accounting 2010
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Learning Essentials for Microsoft Office
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983980FC-66FB-4ECC-A5D8-4565BE217733}" = SCR3xxx Smart Card Reader
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6D532B2-22E1-43AA-B4B7-34D772314859}" = Oxigen Client v5.00.0000
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar
"avast5" = avast! Free Antivirus
"Brothersoft Toolbar" = Brothersoft Toolbar
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"D5BADD64290F0F1F618874DFD37D079D04408CE0" = Windows Driver Package - UGO Networks (UGOIad) Net (03/13/2009 02.00.01.00)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flash Player_is1" = Flash Player 2.0
"FLV Player" = FLV Player 2.0 (build 25)
"Free Download Manager_is1" = Free Download Manager 3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{6CD774DA-B798-4D1E-B327-2AA6EA407929}" = Peachtree Complete Accounting 2010
"Integration Services" = Sage Integration Services
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Basic)
"LimeWire" = LimeWire 5.5.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mario_is1" = mario Powered by AdVantage
"Mavis Beacon Teaches Typing Deluxe 16" = Mavis Beacon Teaches Typing Deluxe 16
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MTN [email protected]" = MTN [email protected]
"Nokia PC Suite" = Nokia PC Suite
"OpenVPN" = OpenVPN 2.1_rc19
"PDF Complete" = PDF Complete
"Pervasive PSQL v10.10 Workgroup (32-bit)" = Pervasive PSQL v10.10 Workgroup (32-bit)
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1
"Road Rash_is1" = Road Rash
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.7.2
"WinLiveSuite" = Windows Live Essentials
"Winning Eleven 8 INTERNATIONAL_is1" = Winning Eleven 8 INTERNATIONAL
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Your_Deploy_0" = Your Freedom (JET)
"Youtube Video Downloader_is1" = Youtube Video Downloader 3.22

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2010 4:03:34 PM | Computer Name = WALEX-PC | Source = System Restore | ID = 8193
Description =

Error - 8/9/2010 4:03:35 PM | Computer Name = WALEX-PC | Source = VSS | ID = 39
Description =

Error - 8/9/2010 4:03:35 PM | Computer Name = WALEX-PC | Source = VSS | ID = 8193
Description =

Error - 8/9/2010 4:03:35 PM | Computer Name = WALEX-PC | Source = System Restore | ID = 8193
Description =

Error - 8/9/2010 4:03:37 PM | Computer Name = WALEX-PC | Source = VSS | ID = 39
Description =

Error - 8/9/2010 4:03:37 PM | Computer Name = WALEX-PC | Source = VSS | ID = 8193
Description =

Error - 8/9/2010 4:03:37 PM | Computer Name = WALEX-PC | Source = System Restore | ID = 8193
Description =

Error - 8/9/2010 4:03:39 PM | Computer Name = WALEX-PC | Source = VSS | ID = 39
Description =

Error - 8/9/2010 4:03:39 PM | Computer Name = WALEX-PC | Source = VSS | ID = 8193
Description =

Error - 8/9/2010 4:03:39 PM | Computer Name = WALEX-PC | Source = System Restore | ID = 8193
Description =

[ Credential Manager Events ]
Error - 10/14/2010 4:18:32 PM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 10/14/2010 4:18:32 PM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/14/2010 4:37:23 PM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 10/14/2010 4:37:23 PM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/28/2010 7:33:21 AM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/28/2010 7:33:21 AM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 10/29/2010 2:45:15 PM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 10/29/2010 2:45:15 PM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 11/5/2010 9:37:13 AM | Computer Name = WALEX-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/5/2010 9:37:13 AM | Computer Name = WALEX-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
[email protected] Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

[ OSession Events ]
Error - 5/16/2010 4:54:43 PM | Computer Name = WALEX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/20/2010 11:17:17 AM | Computer Name = WALEX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/4/2010 1:57:18 PM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 11/4/2010 4:38:02 PM | Computer Name = WALEX-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/4/2010 8:52:18 PM | Computer Name = WALEX-PC | Source = DCOM | ID = 10010
Description =

Error - 11/5/2010 5:20:32 AM | Computer Name = WALEX-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/5/2010 5:20:48 AM | Computer Name = WALEX-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/5/2010 5:22:26 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/5/2010 5:22:26 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/5/2010 5:22:26 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/5/2010 5:22:26 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/5/2010 5:24:02 AM | Computer Name = WALEX-PC | Source = Service Control Manager | ID = 7024
Description =

< End of report >


----------



## CatByte (Feb 24, 2009)

Hi

Logs appear to be clean

time to do some house keeping

Please do the following:

*Follow these steps to uninstall Combofix *


Make sure your security programs are totally disabled.
Click *START* then *RUN*
Now copy/paste *Combofix /uninstall* into the *runbox* and click *OK.* Note the *space* between the *..X* and the */U*, it needs to be there.










Clean up with *OTL:*

Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.

*
If there are any logs/tools remaining such as DDS, TDSSKiller, RKU, etc. > right click and delete them.*

*NEXT*

Below I have included a number of recommendations for how to protect your computer against malware infections.


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article *
Strong passwords: How to create and use them* Then consider a *password keeper,* to keep all your passwords safe.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

*Make Internet Explorer more secure*
Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.

*Download* *TFC* *to your desktop*
Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean
*It's normal after running TFC cleaner that the PC will be slower to boot the first time. *

*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green* to go 
*Yellow* for caution 
*Red* to stop
 WOT has an addon available for both Firefox and IE

*Keep a backup of your important files* - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
*Think Prevention.*
*PC Safety and Security--What Do I Need?.*

***Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. *

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.


----------



## wakss3 (Sep 11, 2010)

Hi,
I want to say thanks alot for all your advices about my system security and everything, i have performed all the instructions and i have no problem with it. one more question has the threats found during kerpasky online scanner been removed? if yes ok.
Thank you and God bless.:up:


----------



## CatByte (Feb 24, 2009)

Hi

Yes they have, they were in quarantine, which has been cleared and old java cache which has also been cleared, so you are good to go.


----------



## wakss3 (Sep 11, 2010)

Thanks for that words gud to go.
Take care.


----------

