System Tool Virus?

Status
Not open for further replies.
C

chickenwyng

New member
There is some sort of aggressive and invasive malware on my computer that pretends to be an antivirus computer scanning program called System Tool. I'm currently running the computer in safe mode because the virus seems inactive in safe mode, except for a small icon in the tool bar (red shield with a white x on it) associated with the virus, but claims to be associated with Windows Security Alerts.

DDS.txt is pasted below; Attach.txt is attached.

THANKS,
Gus



DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Beall at 11:38:50.70 on Sat 02/19/2011
Internet Explorer: 7.0.6000.16809 BrowserJavaVersion: 1.6.0_17

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beall\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beall\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.netflix.com/MemberHome
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\beall\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [KTPWare] c:\program files\elantech\ktp.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [SMBTray] c:\program files\compal\smart battery\SMBTray.exe
mRun: [WLSS] c:\program files\compal\wireless select switch\WLSS.exe
mRun: [Wow Video&Audio] c:\program files\compal\wow video&audio\WVAMain.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\iexplorer.exe" /runcleanupscript
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\beall\appdata\roaming\mozilla\firefox\profiles\xacqh1dp.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.washingtonpost.com/
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\beall\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\beall\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\beall\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: United States English Dictionary: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R? iaNvStor;Intel(R) Turbo Memory Technology NAND Controller
R? MpFilter;Microsoft Malware Protection Driver
R? MpKsl0543254a;MpKsl0543254a
R? MpKsl36a5625d;MpKsl36a5625d
R? MpNWMon;Microsoft Malware Protection Network Driver
R? SBSDWSCService;SBSD Security Center Service
R? SCManager;SafeConnect Manager
R? Smart Watchdog;Smart Watchdog Service
R? stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0
R? Viewpoint Manager Service;Viewpoint Manager Service
S? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
S? EMSC;COMPAL Embedded System Control
S? enecir;ENE CIR Receiver
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lbd;Lbd

=============== Created Last 30 ================

2011-02-19 15:52:02 -------- d-----w- c:\users\beall\appdata\roaming\Malwarebytes
2011-02-19 15:50:53 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-18 23:59:36 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9fc87a1b-803f-47a1-9381-df431ddca5ba}\MpKsl03f2d344.sys
2011-02-18 16:14:55 -------- d-----w- c:\program files\trend micro
2011-02-18 04:24:42 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9fc87a1b-803f-47a1-9381-df431ddca5ba}\MpKsl34848cbc.sys
2011-02-18 04:04:52 -------- d-----w- c:\progra~2\iPcBpJh09128
2011-02-17 22:10:48 -------- d-----w- c:\users\beall\appdata\local\DDMSettings
2011-02-17 22:03:15 -------- d-----w- c:\program files\common files\DivX Shared
2011-02-17 21:59:29 -------- d-----w- c:\progra~2\DivX
2011-02-17 16:19:01 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9fc87a1b-803f-47a1-9381-df431ddca5ba}\mpengine.dll
2011-01-27 18:54:02 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0feb5156-f0da-46ef-bedd-9b57b2ad3140}\gapaengine.dll
2011-01-27 18:38:05 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-01-27 18:36:58 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-24 15:44:45 -------- d-----w- c:\users\beall\appdata\roaming\TCB Networks
2011-01-24 15:44:39 -------- d-----w- c:\users\beall\appdata\local\TCB Networks

==================== Find3M ====================

2010-12-03 09:05:33 15880 ----a-w- c:\windows\system32\lsdelete.exe

============= FINISH: 11:39:59.52 ===============
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

System Tools is a real pain to remove, I doubt it will let you download anything so your going to have to download them from a known clean computer and transfer them by flash drive or a CD to the infected one.


  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.



  • Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

    Run rkill repeatedly until it's able to do it's job. This may take a few tries.

    You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.



You have Malwarebytes installed, open it, check for updates and run the Quick scan removing what it finds, then post the report into this thread for me to see



Then run this scanner

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
I had used malwarebytes before posting to this forum, as well as spybot, but then uninstalled malwarebytes immediately after scanning and cleaning my computer, because i wasn't sure i could trust it. it did find and remove a few items, but i no longer have the program and so i can't find the logs for it.

i don't seem to have any symptoms of systemtool now, but i'm skeptical...

i ran rkill and it seemed to work fine; system tool did not interrupt or prevent me from downloading it, nor did it claim that the file was corrupt.

should i still run OTL?
 
Hi,

Malwarebytes is one of the finest and trusted programs you can find, go and redownload and install it , here are the instructions.


Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please


If it wont run you may have to run RKill again. Make sure you post the log for me to see. Hang off on OTL, we will most likely run that after I see what Malwarebytes removes
 
this is the log from the malwarebytes quick scan. i found the log from the first malwarebytes quick scan i did before uninstalling it and i will post it beneath this one:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5831

Windows 6.0.6000
Internet Explorer 7.0.6000.16809

2/21/2011 2:47:58 PM
mbam-log-2011-02-21 (14-47-58).txt

Scan type: Quick scan
Objects scanned: 153417
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


---------------------------

log from the first quickscan before i uninstalled malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5810

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16809

2/19/2011 10:59:23 AM
mbam-log-2011-02-19 (10-59-23).txt

Scan type: Quick scan
Objects scanned: 150589
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\iPcBpJh09128 (Trojan.FakeAlert) -> Value: iPcBpJh09128 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\ipcbpjh09128\ipcbpjh09128.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Beall\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
 
Hi, it definitely removed part of a rogue program , go ahead and scan with OTL and post the log
 
OTL.txt:


OTL logfile created on: 2/21/2011 6:38:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Beall\Documents\Downloads
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.88 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive D: | 2.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BEALL-PC | User Name: Beall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Beall\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\SafeConnect\scManager.sys (Impulse Point, LLC)
PRC - C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Compal\Smart Battery\SMBTray.exe (Compal Electronics, Inc.)
PRC - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe ()
PRC - C:\Program Files\Compal\Wireless Select Switch\WLSS.exe (Compal Electronics, Inc.)
PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Elantech\KTP.EXE (ELANTECH Devices Corp.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Beall\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SCManager) -- C:\Program Files\SafeConnect\scManager.sys (Impulse Point, LLC)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Smart Watchdog) -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl7fd5c106) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52B228A8-9A12-4F71-9B4A-18572417832F}\MpKsl7fd5c106.sys (Microsoft Corporation)
DRV - (stdriver) -- C:\Windows\System32\drivers\stdriver32.sys (NCH Software)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (Ktp) -- C:\Windows\System32\drivers\Ktp.sys (ELANTECH Devices Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-286590198-423263835-920179683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKU\S-1-5-21-286590198-423263835-920179683-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-286590198-423263835-920179683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-286590198-423263835-920179683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-286590198-423263835-920179683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/14 14:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/17 17:06:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/17 17:06:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 11:48:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/17 17:06:22 | 000,000,000 | ---D | M]

[2008/09/13 22:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beall\AppData\Roaming\Mozilla\Extensions
[2011/02/19 19:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beall\AppData\Roaming\Mozilla\Firefox\Profiles\xacqh1dp.default\extensions
[2009/02/02 22:45:59 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Beall\AppData\Roaming\Mozilla\Firefox\Profiles\xacqh1dp.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/10/29 18:53:11 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Users\Beall\AppData\Roaming\Mozilla\Firefox\Profiles\xacqh1dp.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011/02/18 11:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/13 22:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2008/09/13 22:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/12/13 18:17:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\KTP.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe (Compal Electronics, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe (Compal Electronics, Inc.)
O4 - HKLM..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe ()
O4 - HKU\S-1-5-21-286590198-423263835-920179683-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Beall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TK8 EasyNote.lnk = C:\Users\Beall\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-286590198-423263835-920179683-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-286590198-423263835-920179683-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Beall\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Beall\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/21 14:39:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/21 14:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/21 14:39:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/21 14:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/19 11:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/19 11:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/19 10:52:02 | 000,000,000 | ---D | C] -- C:\Users\Beall\AppData\Roaming\Malwarebytes
[2011/02/19 10:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/18 11:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/02/18 11:14:54 | 000,000,000 | ---D | C] -- C:\rsit
[2011/02/17 23:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\iPcBpJh09128
[2011/02/17 17:10:48 | 000,000,000 | ---D | C] -- C:\Users\Beall\AppData\Local\DDMSettings
[2011/02/17 17:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/02/17 17:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/02/17 16:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/01/27 13:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/24 10:44:45 | 000,000,000 | ---D | C] -- C:\Users\Beall\AppData\Roaming\TCB Networks
[2011/01/24 10:44:39 | 000,000,000 | ---D | C] -- C:\Users\Beall\AppData\Local\TCB Networks

========== Files - Modified Within 30 Days ==========

[2011/02/21 18:35:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-286590198-423263835-920179683-1000UA.job
[2011/02/21 18:08:25 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/21 18:08:25 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/21 14:39:27 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/21 11:08:34 | 000,004,688 | -H-- | M] () -- C:\Users\Beall\Documents\WVAProp.xml
[2011/02/21 11:08:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/21 09:51:10 | 000,027,335 | ---- | M] () -- C:\Users\Beall\AppData\Roaming\nvModes.dat
[2011/02/21 09:51:10 | 000,027,335 | ---- | M] () -- C:\Users\Beall\AppData\Roaming\nvModes.001
[2011/02/20 21:51:06 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{21E60416-6C2F-45D0-8CF4-E605B019EB61}.job
[2011/02/20 20:35:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-286590198-423263835-920179683-1000Core.job
[2011/02/19 19:13:24 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/19 19:13:15 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/19 19:11:23 | 000,008,268 | ---- | M] () -- C:\Users\Beall\AppData\Local\d3d9caps.dat
[2011/02/19 11:46:10 | 000,002,950 | ---- | M] () -- C:\Users\Beall\Desktop\Attach.zip
[2011/02/19 11:37:19 | 000,000,719 | ---- | M] () -- C:\Users\Beall\Desktop\ERUNT.lnk
[2011/02/17 22:37:09 | 000,002,047 | ---- | M] () -- C:\Users\Beall\Desktop\Google Chrome.lnk
[2011/02/17 22:37:09 | 000,002,009 | ---- | M] () -- C:\Users\Beall\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/15 23:16:08 | 000,688,952 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/15 23:16:08 | 000,685,610 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/02/15 23:16:08 | 000,681,116 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2011/02/15 23:16:08 | 000,630,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/15 23:16:08 | 000,196,018 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2011/02/15 23:16:08 | 000,121,582 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/02/15 23:16:08 | 000,117,092 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/15 23:16:08 | 000,114,352 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2011/02/15 23:16:08 | 000,108,042 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/15 23:16:08 | 000,070,676 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2011/02/10 11:46:20 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/01/29 00:22:21 | 000,002,627 | ---- | M] () -- C:\Users\Beall\Desktop\Microsoft Office Word 2007.lnk
[2011/01/27 13:40:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2011/02/21 14:39:27 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/19 19:13:15 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/19 11:46:10 | 000,002,950 | ---- | C] () -- C:\Users\Beall\Desktop\Attach.zip
[2011/02/19 11:37:19 | 000,000,719 | ---- | C] () -- C:\Users\Beall\Desktop\ERUNT.lnk
[2011/02/11 00:14:18 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/01/27 13:40:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010/12/07 15:26:55 | 000,000,036 | ---- | C] () -- C:\Users\Beall\AppData\Local\housecall.guid.cache
[2009/12/13 02:14:23 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/12/13 02:14:21 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/11/12 03:14:01 | 000,008,268 | ---- | C] () -- C:\Users\Beall\AppData\Local\d3d9caps.dat
[2009/06/01 18:10:28 | 000,019,836 | ---- | C] () -- C:\Users\Beall\AppData\Roaming\UserTile.png
[2009/02/08 13:17:38 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/06/19 12:19:28 | 000,001,146 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/06/12 13:50:47 | 000,027,335 | ---- | C] () -- C:\Users\Beall\AppData\Roaming\nvModes.001
[2008/06/12 11:56:45 | 000,027,335 | ---- | C] () -- C:\Users\Beall\AppData\Roaming\nvModes.dat
[2008/06/11 19:40:30 | 000,127,488 | ---- | C] () -- C:\Users\Beall\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/11 18:20:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/05/22 17:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/04/17 11:44:28 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2006/11/02 07:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/06/29 14:34:35 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\Ableton
[2008/06/11 19:26:53 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\acccore
[2010/03/10 13:00:52 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\Acoustica
[2008/07/13 13:35:57 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\Amazon
[2009/06/29 16:12:22 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\Antares
[2011/01/26 20:04:38 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\Audacity
[2009/10/24 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\diogenes
[2009/06/01 19:08:49 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\HouseCall 6.6
[2011/01/23 12:15:11 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\NCH Swift Sound
[2008/12/11 20:18:07 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\NetMedia Providers
[2009/06/01 19:25:40 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\PACE Anti-Piracy
[2009/06/01 18:11:16 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\PeerNetworking
[2008/12/11 20:18:07 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\Publish Providers
[2010/12/24 22:25:57 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\Recordpad
[2008/12/11 20:18:02 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\Sony
[2011/01/24 10:44:45 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\TCB Networks
[2008/06/12 13:43:21 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\TK8 Software
[2010/03/10 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\Tracktion 3
[2010/01/06 22:56:35 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/08/19 10:15:51 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\uniblue
[2010/07/16 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\Beall\AppData\Roaming\uTorrent
[2011/02/19 19:13:24 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/02/18 19:00:02 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/20 21:51:06 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{21E60416-6C2F-45D0-8CF4-E605B019EB61}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:XcHUSMu3nciGQb1iJkM5XPms
@Alternate Data Stream - 1203 bytes -> C:\Program Files\Common Files\System:zdufhorxsZAAu0Kb2BuQURttG
@Alternate Data Stream - 1142 bytes -> C:\ProgramData\Microsoft:7oTcRQd7KHOSdLXN48Mcob
@Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:EWiTMCZExoS1yvblqjPDP3Ejrm4

< End of report >
 
extras.txt


OTL Extras logfile created on: 2/21/2011 6:38:06 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Beall\Documents\Downloads
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 67.88 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive D: | 2.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BEALL-PC | User Name: Beall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-286590198-423263835-920179683-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0866F14C-8E49-45FF-9A33-D2582DC2EDEE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0FBFDDE1-6753-47B3-9DD3-4618C2D0D445}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10D2FB4F-3309-44E8-98BD-16D150DF20A5}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{14E58449-4CC0-451A-B5D5-563DA6ECBFEE}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{1DF6C096-8299-44A1-A555-DAB932C36C65}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{2DF60C8F-8EA2-4E58-9892-22D9A85D1ADD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31C1F91F-2F9C-47F7-92E4-808A7258250C}" = lport=5357 | protocol=6 | dir=in | app=system |
"{35E497C3-7CAE-48AE-8182-180EAAAB1AD9}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{3C6279F9-AD4A-407E-BE97-C34B0A6BEB7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3FE30D29-0F01-4506-AAF5-E0095EF94022}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4A0CC7FC-4C23-4961-BC1D-D74E1905404D}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{4C41D458-AC24-476F-96AC-84B8167AE124}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52014F7A-1A21-49B3-A43B-B90F22FEA6A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{531CF2BE-35C1-4606-82FD-67AF44D489F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C0880EE-DEE4-4266-BF14-DB3FD1C51027}" = rport=5358 | protocol=6 | dir=out | app=system |
"{62363833-4653-46DC-95EF-CF1CB5D552D7}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{6CA8500A-D3EF-4391-9E37-987101705167}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6E035D48-240E-4793-8B35-20BA46FAD223}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A89D342-AB30-47AD-86B0-379AA27BB91C}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{871BF575-097A-47DF-ADA0-E0DBCF73B4D9}" = lport=5358 | protocol=6 | dir=in | app=system |
"{8818FD68-2DF7-456B-8EFB-1F5055DAEFDE}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{8B4D4341-8A1A-4F4C-8DA8-E86415908A51}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{90557E28-6746-42CE-A161-AA7ECB7CB2B8}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{925A0E58-4DA6-4712-820A-1B7B0A90D710}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{96BBF9AC-23E0-4ECD-99EF-8D58586D1BF9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4D42540-EF00-4AA5-B0DC-503457D7804A}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{AC68E128-A078-4F5C-B63F-6113442388FB}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{B036D018-06FA-4CFC-9005-AB516E556314}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C38D2F55-FA71-47CF-9751-C23336D617C3}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{C4439AC2-A98A-4179-84CD-0E9B3A8B0D12}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{D7F0E5E4-6E2A-4697-BBB8-325527937540}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E4730070-C0A5-41F9-B9C4-A5ACB4543287}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{E81DAEE9-E8D6-428C-8F32-2783ECF10A0C}" = rport=5357 | protocol=6 | dir=out | app=system |
"{E8284752-213E-41F1-8E32-F06CB246521F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E92824E6-8403-4BA1-9F66-613814320A41}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F289AF53-B60D-4C1C-B671-6128E6BC19D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F618DE60-C5A0-4A2A-9BC6-519DFF96A95B}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{F69EFDE2-EAFC-4F46-A227-96A848C6743E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9D6B349-130F-4CDF-A953-4B56649E047C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05873C59-0210-4CB8-83FB-6865799B5A60}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0B3C0509-8669-42F9-B49C-1AB3D07D28FA}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{0B771AA7-29E6-4E43-BC65-A48E71061D60}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{0CA767AD-8976-4ED6-9C4F-870637EC0D62}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0DD0D41A-E5C9-471D-A385-92B4062C9E7B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{0F63950B-F418-4FBB-AF5E-8179909E86AB}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{145F5482-70A2-49FC-8299-5479ACB5A590}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1AFB8183-8775-4F0B-8670-93B9C0B8986B}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{1E77C9F7-03B2-4AA1-8199-D37E5D7057FC}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{2205BB04-054C-49A5-BFA8-DE13930681DD}" = protocol=17 | dir=in | app=c:\users\beall\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{24BC856E-F895-4DD9-A225-34E47C60649D}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{2B5A04A2-B882-42F4-8077-5D737BC023C4}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{2D09C867-02F2-49AA-B969-A5910F77FC1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{344D37AD-6C94-45DC-8566-DCAAC0060A80}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{361F9970-0E82-42EC-A85F-CA19D81A4C00}" = protocol=6 | dir=in | app=c:\users\beall\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{389DDFB7-B4C9-4232-AB9B-709220FC1C30}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5647FBF7-3623-48AF-9DAE-773E64876ACF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59B11252-675F-4E14-901B-E0AD5354AC53}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{59F3374A-3941-4F82-BC5F-F6443960369A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{64625FA3-B000-404B-91FA-E301CE2B10FF}" = protocol=6 | dir=in | app=c:\users\beall\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{685CAF1F-E01D-4EBC-83F8-D131C2197364}" = protocol=17 | dir=in | app=c:\users\beall\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{6C458F0C-2443-4D23-A4CF-CF210335BA0A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7432570B-FA4C-427B-A98B-BB225D9D10D2}" = protocol=6 | dir=out | app=system |
"{7F464714-0287-45B8-BE53-AFC386A35C4B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{84957936-348A-4FB5-BB25-BA10CC1843EC}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{8989CEC9-0EA3-44CE-A1F3-D90CB2248DE3}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{8A34B919-27F1-4971-94BA-9C35FABC3B97}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{8EC614F8-1152-4328-9178-C996C5E22FE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A627FFA-B5DF-47B3-9645-87E4573232E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9AA12E7F-33A8-44D5-A993-B4178BC63910}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{9DE54AE8-1394-4E23-A609-3509EEF54839}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B59400CB-0A69-4E6B-8F7F-540F421E2D7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBCDDB88-B4C1-4EC0-9CDF-AE5B190E84EB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCB70FD4-3289-4C53-8F27-9BF3E0FA9BB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7124708-C182-452C-98E3-312DD83EE932}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{CB3D4EAE-6FC0-47DA-B055-AFC2383FE94F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CCE26056-89A7-48B8-8418-6D46D48FBC80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB9B6B56-4049-4584-9B58-1364188B50CA}" = protocol=6 | dir=in | app=c:\users\beall\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{DC88CA3D-D681-474B-A324-2AD3AD464171}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DD9206DD-1626-48AD-9C82-7C9A0A999851}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F6110195-DB6C-4951-995D-DB7AF74B060B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F8802FAC-6A65-4C15-AF79-4DCCBAF67BEB}" = protocol=17 | dir=in | app=c:\users\beall\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FA7A6A2E-0511-4926-B38D-CDB454D7C5DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF149B41-601C-4528-82E9-4F4537A72898}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"TCP Query User{106D04F4-3B2D-4117-A8D4-DD98B92DCBAA}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"TCP Query User{2038F20E-1DBC-4EFC-B2AF-CB9D9F313BDB}C:\users\beall\desktop\housecall66.exe" = protocol=6 | dir=in | app=c:\users\beall\desktop\housecall66.exe |
"TCP Query User{30972827-D245-42BC-AB01-A2D0D74275E2}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{40202346-BC4F-4698-9737-E63A4223A6FA}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{8CA24F20-464F-4900-ADC4-730D0749248E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{98BF6F0C-2F7D-44E0-A1C6-49E70A3FAD7B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{A937AD6B-7BB7-420A-B95C-60A1B4A6D420}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{B92F9CAF-DF8F-417C-BF1D-DA819B0DD467}C:\users\beall\desktop\housecall66(2).exe" = protocol=6 | dir=in | app=c:\users\beall\desktop\housecall66(2).exe |
"TCP Query User{D84F3E8C-A15B-416F-A5D9-AD7FCD7E6BC4}C:\users\beall\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\beall\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{E64DC208-56F4-4AA7-887A-B5017206FBFE}C:\users\beall\desktop\housecall66.exe" = protocol=6 | dir=in | app=c:\users\beall\desktop\housecall66.exe |
"TCP Query User{F2C117A4-D272-4FBB-9C2C-ABC13D4BFFB3}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{FC58E3C0-5B7D-44E6-A30E-31A093DDB2B5}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{FC791BA8-157C-4DF9-ACBC-326252B5DDAE}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{15AAD30F-28C0-4255-867C-8D45D754BE5E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{1AB5FC5A-5BBD-4101-8F13-FA0CD042EEA2}C:\users\beall\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\beall\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1B14A244-6529-417A-A465-FAA69D2E4E9C}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{1E1FCF9F-04CB-4ED7-891C-9A57141A6EC1}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{5B864F6A-0554-4E21-9859-CDC4C91C0487}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{65F7723B-CE8A-4C7B-88F5-D6FC2041793C}C:\users\beall\desktop\housecall66.exe" = protocol=17 | dir=in | app=c:\users\beall\desktop\housecall66.exe |
"UDP Query User{797159DC-2F4D-43EB-A30F-4850D9346953}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{852F3C19-E10E-4CD8-A289-A40CDE9F1AE3}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
"UDP Query User{95F87F4B-277A-4216-9390-9CBC20BC715F}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{CBB64E31-CBF3-4191-A9DC-3E0CE70C1E3B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{DD3F926F-4CE7-4927-99C8-4CDC5DFF3D04}C:\users\beall\desktop\housecall66.exe" = protocol=17 | dir=in | app=c:\users\beall\desktop\housecall66.exe |
"UDP Query User{F46FED58-428B-4559-86C7-27775850D7B5}C:\users\beall\desktop\housecall66(2).exe" = protocol=17 | dir=in | app=c:\users\beall\desktop\housecall66(2).exe |
"UDP Query User{FF115077-E591-4C54-82FE-EA3478BFD949}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{17F6CD67-0E9D-4C4B-8F49-17F081092AE2}" = Better Homes and Gardens Interior Designer 7.0
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66F49D6A-E999-4DB0-ADB6-EE546806E340}" = Antares Auto-Tune Evo VST
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7243A264-7401-445E-99E6-2CC334960047}" = Smart Watchdog
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory and Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92F9A6BF-B815-42B8-B55B-4BE6C718A694}" = Okus 1.2
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 2.5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"DC++" = DC++ 0.7091
"Diogenes_is1" = Diogenes version 3
"DivX Setup.divx.com" = DivX Setup
"Elantech" = KTP Ware PS/2-x86 5.0.3.13
"ERUNT_is1" = ERUNT 1.1j
"Finale NotePad 2008" = Finale NotePad 2008
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch
"InstallShield_{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"InstallShield_{7243A264-7401-445E-99E6-2CC334960047}" = Smart Watchdog
"InstallShield_{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}" = Wow Video&Audio utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"SafeConnect" = SafeConnect
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SoundTap" = SoundTap Streaming Audio Recorder
"TK8 EasyNote_is1" = TK8 EasyNote 1.1
"Tracktion 3.0_is1" = Tracktion 3.0.4.8
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-286590198-423263835-920179683-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2011 12:18:23 PM | Computer Name = Beall-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 2/17/2011 12:18:26 PM | Computer Name = Beall-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 2/18/2011 12:28:47 AM | Computer Name = Beall-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/18/2011 12:06:51 PM | Computer Name = Beall-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/18/2011 8:04:55 PM | Computer Name = Beall-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/19/2011 12:03:32 PM | Computer Name = Beall-PC | Source = EventSystem | ID = 4609
Description =

Error - 2/19/2011 8:49:18 PM | Computer Name = Beall-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 2/19/2011 8:49:29 PM | Computer Name = Beall-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 2/20/2011 9:34:01 PM | Computer Name = Beall-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 2/20/2011 9:34:05 PM | Computer Name = Beall-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ Media Center Events ]
Error - 11/14/2008 9:31:58 PM | Computer Name = Beall-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/6/2009 9:32:13 PM | Computer Name = Beall-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/22/2009 8:06:05 PM | Computer Name = Beall-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 11/19/2009 2:43:42 AM | Computer Name = Beall-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/10/2010 6:34:54 AM | Computer Name = Beall-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 2/19/2011 12:03:14 PM | Computer Name = Beall-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.1.3 for the Network Card with network address
001DE08B929B has been denied by the DHCP server 10.10.64.31 (The DHCP Server sent
a DHCPNACK message).

Error - 2/19/2011 12:03:16 PM | Computer Name = Beall-PC | Source = DCOM | ID = 10005
Description =

Error - 2/19/2011 12:03:32 PM | Computer Name = Beall-PC | Source = DCOM | ID = 10005
Description =

Error - 2/19/2011 12:03:39 PM | Computer Name = Beall-PC | Source = DCOM | ID = 10005
Description =

Error - 2/19/2011 12:03:39 PM | Computer Name = Beall-PC | Source = DCOM | ID = 10005
Description =

Error - 2/19/2011 12:05:18 PM | Computer Name = Beall-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 132.162.76.34 for the Network Card with network
address 001DE08B929B has been denied by the DHCP server 10.0.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/19/2011 12:05:29 PM | Computer Name = Beall-PC | Source = DCOM | ID = 10005
Description =

Error - 2/19/2011 8:13:31 PM | Computer Name = Beall-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.1.3 for the Network Card with network address
001DE08B929B has been denied by the DHCP server 10.10.64.31 (The DHCP Server sent
a DHCPNACK message).

Error - 2/19/2011 8:13:54 PM | Computer Name = Beall-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/19/2011 8:41:49 PM | Computer Name = Beall-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 132.162.76.34 for the Network Card with network
address 001DE08B929B has been denied by the DHCP server 10.0.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
 
Hi,

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
IE - HKU\S-1-5-21-286590198-423263835-920179683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-286590198-423263835-920179683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902


:Services

:Reg

:Files



:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
This is the log created after the fix and the reboot:

All processes killed
========== OTL ==========
HKU\S-1-5-21-286590198-423263835-920179683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-286590198-423263835-920179683-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Beall
->Temp folder emptied: 117903947 bytes
->Temporary Internet Files folder emptied: 95321301 bytes
->Java cache emptied: 67064398 bytes
->FireFox cache emptied: 49864439 bytes
->Google Chrome cache emptied: 58474459 bytes
->Flash cache emptied: 337602 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 22799009 bytes
->FireFox cache emptied: 90629480 bytes
->Flash cache emptied: 52192 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3156670 bytes
RecycleBin emptied: 2235202 bytes

Total Files Cleaned = 484.00 mb


[EMPTYFLASH]

User: All Users

User: Beall
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes


User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.20.6 log created on 02222011_164548

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000000425FBF19CF42516E4 not found!

Registry entries deleted on Reboot...


--------------------

This is the log produced after the last scan:

OTL logfile created on: 2/23/2011 1:15:57 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Beall\Documents\Downloads
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 23.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 68.14 Gb Free Space | 45.71% Space Free | Partition Type: NTFS
Drive D: | 2.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BEALL-PC | User Name: Beall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Beall\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Beall\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Beall\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Users\Beall\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\SafeConnect\scManager.sys (Impulse Point, LLC)
PRC - C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Compal\Smart Battery\SMBTray.exe (Compal Electronics, Inc.)
PRC - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe ()
PRC - C:\Program Files\Compal\Wireless Select Switch\WLSS.exe (Compal Electronics, Inc.)
PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Elantech\KTP.EXE (ELANTECH Devices Corp.)
PRC - C:\Users\Beall\AppData\Roaming\TK8 Software\TK8 EasyNote\Note.exe ()
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
PRC - C:\Users\Beall\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Beall\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SCManager) -- C:\Program Files\SafeConnect\scManager.sys (Impulse Point, LLC)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Smart Watchdog) -- C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl88365d4b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{549808C3-1C97-4CFC-A558-1A2F8D2025CC}\MpKsl88365d4b.sys (Microsoft Corporation)
DRV - (MpKsld0cc63d0) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{549808C3-1C97-4CFC-A558-1A2F8D2025CC}\MpKsld0cc63d0.sys (Microsoft Corporation)
DRV - (stdriver) -- C:\Windows\System32\drivers\stdriver32.sys (NCH Software)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (Ktp) -- C:\Windows\System32\drivers\Ktp.sys (ELANTECH Devices Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/14 14:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/17 17:06:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/17 17:06:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/26 11:48:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/17 17:06:22 | 000,000,000 | ---D | M]

[2008/09/13 22:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beall\AppData\Roaming\Mozilla\Extensions
[2011/02/19 19:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beall\AppData\Roaming\Mozilla\Firefox\Profiles\xacqh1dp.default\extensions
[2009/02/02 22:45:59 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Beall\AppData\Roaming\Mozilla\Firefox\Profiles\xacqh1dp.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/10/29 18:53:11 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Users\Beall\AppData\Roaming\Mozilla\Firefox\Profiles\xacqh1dp.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011/02/18 11:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/13 22:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2008/09/13 22:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/02/22 16:45:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\KTP.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe (Compal Electronics, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe (Compal Electronics, Inc.)
O4 - HKLM..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Beall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TK8 EasyNote.lnk = C:\Users\Beall\AppData\Roaming\TK8 Software\TK8 EasyNote\EasyNote.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Beall\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Beall\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/22 16:45:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/21 14:39:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/21 14:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/21 14:39:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/21 14:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/19 11:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/19 11:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/19 10:52:02 | 000,000,000 | ---D | C] -- C:\Users\Beall\AppData\Roaming\Malwarebytes
[2011/02/19 10:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/18 11:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/02/18 11:14:54 | 000,000,000 | ---D | C] -- C:\rsit
[2011/02/17 23:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\iPcBpJh09128
[2011/02/17 17:10:48 | 000,000,000 | ---D | C] -- C:\Users\Beall\AppData\Local\DDMSettings
[2011/02/17 17:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/02/17 17:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/02/17 16:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/01/27 13:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/24 10:44:45 | 000,000,000 | ---D | C] -- C:\Users\Beall\AppData\Roaming\TCB Networks
[2011/01/24 10:44:39 | 000,000,000 | ---D | C] -- C:\Users\Beall\AppData\Local\TCB Networks

========== Files - Modified Within 30 Days ==========

[2011/02/23 01:23:39 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{21E60416-6C2F-45D0-8CF4-E605B019EB61}.job
[2011/02/23 01:08:08 | 000,002,627 | ---- | M] () -- C:\Users\Beall\Desktop\Microsoft Office Word 2007.lnk
[2011/02/23 01:07:18 | 000,004,688 | -H-- | M] () -- C:\Users\Beall\Documents\WVAProp.xml
[2011/02/23 01:06:17 | 000,027,335 | ---- | M] () -- C:\Users\Beall\AppData\Roaming\nvModes.001
[2011/02/23 01:05:24 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/23 01:01:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/23 01:00:10 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/23 01:00:10 | 000,005,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/22 16:49:40 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/22 16:45:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/02/22 16:35:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-286590198-423263835-920179683-1000UA.job
[2011/02/21 20:43:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-286590198-423263835-920179683-1000Core.job
[2011/02/21 14:39:27 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/21 09:51:10 | 000,027,335 | ---- | M] () -- C:\Users\Beall\AppData\Roaming\nvModes.dat
[2011/02/19 19:11:23 | 000,008,268 | ---- | M] () -- C:\Users\Beall\AppData\Local\d3d9caps.dat
[2011/02/19 11:46:10 | 000,002,950 | ---- | M] () -- C:\Users\Beall\Desktop\Attach.zip
[2011/02/19 11:37:19 | 000,000,719 | ---- | M] () -- C:\Users\Beall\Desktop\ERUNT.lnk
[2011/02/17 22:37:09 | 000,002,047 | ---- | M] () -- C:\Users\Beall\Desktop\Google Chrome.lnk
[2011/02/17 22:37:09 | 000,002,009 | ---- | M] () -- C:\Users\Beall\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/15 23:16:08 | 000,688,952 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/15 23:16:08 | 000,685,610 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/02/15 23:16:08 | 000,681,116 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2011/02/15 23:16:08 | 000,630,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/15 23:16:08 | 000,196,018 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2011/02/15 23:16:08 | 000,121,582 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/02/15 23:16:08 | 000,117,092 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/15 23:16:08 | 000,114,352 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2011/02/15 23:16:08 | 000,108,042 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/15 23:16:08 | 000,070,676 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2011/02/10 11:46:20 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/01/27 13:40:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2011/02/23 01:05:21 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/21 14:39:27 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/19 19:13:15 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/19 11:46:10 | 000,002,950 | ---- | C] () -- C:\Users\Beall\Desktop\Attach.zip
[2011/02/19 11:37:19 | 000,000,719 | ---- | C] () -- C:\Users\Beall\Desktop\ERUNT.lnk
[2011/01/27 13:40:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010/12/07 15:26:55 | 000,000,036 | ---- | C] () -- C:\Users\Beall\AppData\Local\housecall.guid.cache
[2009/12/13 02:14:23 | 000,000,053 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/12/13 02:14:21 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/11/12 03:14:01 | 000,008,268 | ---- | C] () -- C:\Users\Beall\AppData\Local\d3d9caps.dat
[2009/06/01 18:10:28 | 000,019,836 | ---- | C] () -- C:\Users\Beall\AppData\Roaming\UserTile.png
[2009/02/08 13:17:38 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/06/19 12:19:28 | 000,001,146 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/06/12 13:50:47 | 000,027,335 | ---- | C] () -- C:\Users\Beall\AppData\Roaming\nvModes.001
[2008/06/12 11:56:45 | 000,027,335 | ---- | C] () -- C:\Users\Beall\AppData\Roaming\nvModes.dat
[2008/06/11 19:40:30 | 000,127,488 | ---- | C] () -- C:\Users\Beall\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/11 18:20:16 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/05/22 17:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/04/17 11:44:28 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2006/11/02 07:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 1209 bytes -> C:\ProgramData\Microsoft:XcHUSMu3nciGQb1iJkM5XPms
@Alternate Data Stream - 1203 bytes -> C:\Program Files\Common Files\System:zdufhorxsZAAu0Kb2BuQURttG
@Alternate Data Stream - 1142 bytes -> C:\ProgramData\Microsoft:7oTcRQd7KHOSdLXN48Mcob
@Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:EWiTMCZExoS1yvblqjPDP3Ejrm4

< End of report >
 
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
 
Status
Not open for further replies.
Back
Top