[Malware] Computer stops obeying the mouse but drives spin like

Author

All Replies

GMLUSA

join:2012-02-17
West Hartford, CT

mbam-log-201···-33).txt 6,412 bytes	OTL.Txt 157,918 bytes	Extras.Txt 96,554 bytes
checkup.txt 926 bytes

My computer stops obeying clicks of the mouse or sometimes takes even longer than 5 min to respond. However, the drives keep spinning like crazy. If I disconnect from the network, things seem to work better. I am afraid my computer has been hijacked. I have run the tests and here are the logs:

BD did not leave a log. It said the computer was clean.

to forum · permalink · 2012-02-17 17:12:39 ·

lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

MBAM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.17.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
1Gustavo :: GUSTAVOS [limited]

Protection: Enabled

2/17/2012 12:51:33 PM
mbam-log-2012-02-17 (12-51-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 642969
Time elapsed: 2 hour(s), 50 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: »edits.mywebsearch.com/toolbaredi···GRfox000 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
E:\Avatars\MyWebFaceSetup2.3.50.57.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{557220F8-435B-4A6A-B267-B6A0E4589CC0}\RP1203\A0254992.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
K:\Cosmi\Ecc\Template.dat (JokeApp.NotFunny) -> Quarantined and deleted successfully.
K:\OldEdriveBKUP\WINDOWS\SYSTEM\HLINK.DLL (Trojan.FakeMS) -> Quarantined and deleted successfully.
D:\Documents and Settings\1Gustavo\Desktop\Click to Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

(end)
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-02-17 17:35:15 ·

lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

reply to GMLUSA

OTL

OTL logfile created on: 2/17/2012 4:34:26 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = D:\Documents and Settings\1Gustavo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 70.71% Memory free
4.69 Gb Paging File | 3.49 Gb Available in Paging File | 74.48% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive D: | 465.76 Gb Total Space | 325.62 Gb Free Space | 69.91% Space Free | Partition Type: NTFS
Drive E: | 74.51 Gb Total Space | 70.11 Gb Free Space | 94.09% Space Free | Partition Type: FAT32
Drive F: | 12.73 Gb Total Space | 10.37 Gb Free Space | 81.44% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 106.86 Gb Free Space | 22.94% Space Free | Partition Type: NTFS
Drive M: | 2794.49 Gb Total Space | 2785.72 Gb Free Space | 99.69% Space Free | Partition Type: NTFS

Computer Name: GUSTAVOS | User Name: 1Gustavo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/02/17 16:33:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\OTL.exe
PRC - [2012/02/17 11:32:24 | 003,409,872 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/25 08:10:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/14 19:47:28 | 000,670,792 | ---- | M] (Juniper Networks) -- D:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/08/20 21:35:10 | 005,729,328 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2011/08/20 21:32:40 | 000,403,096 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/08/20 21:32:36 | 000,808,704 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/08/20 21:31:28 | 005,932,256 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- D:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- D:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- D:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/11/30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2010/11/30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2010/11/30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2010/11/30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- D:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/12/17 06:42:06 | 000,105,632 | ---- | M] (Corel) -- D:\Program Files\Common Files\Corel\Standby\Standby.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/06/18 12:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- D:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2009/02/05 10:51:12 | 000,388,768 | ---- | M] () -- D:\WINDOWS\system32\atwtusb.exe
PRC - [2009/01/13 10:10:32 | 003,161,760 | ---- | M] () -- D:\WINDOWS\system32\WTMKM.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- d:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/11/22 09:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/11/22 09:26:14 | 000,155,648 | ---- | M] (Sonic Solutions) -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/10/27 16:17:36 | 008,740,864 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
PRC - [2004/04/28 14:02:22 | 000,042,496 | ---- | M] (Standard Microsystems Corp.) -- D:\Program Files\WDC\SetIcon.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/01/11 23:49:02 | 017,403,904 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
MOD - [2012/01/11 23:46:54 | 000,771,584 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2012/01/11 23:40:46 | 003,182,592 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/11 23:40:42 | 002,933,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/11 23:40:22 | 000,261,632 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/12/19 11:23:18 | 000,998,400 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/12/19 11:15:50 | 000,212,992 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/12/19 11:15:50 | 000,141,312 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
MOD - [2011/12/19 11:15:39 | 000,627,712 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/12/19 11:15:37 | 000,627,200 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/12/19 11:15:36 | 000,015,872 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
MOD - [2011/12/19 11:14:21 | 000,971,264 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/12/19 10:57:49 | 005,450,752 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/12/18 20:06:29 | 006,616,576 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/12/18 20:00:25 | 007,950,848 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/12/18 19:59:40 | 011,490,816 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- D:\WINDOWS\system32\quartz.dll
MOD - [2011/11/03 10:28:36 | 000,386,048 | ---- | M] () -- D:\WINDOWS\system32\qdvd.dll
MOD - [2011/08/22 15:47:44 | 000,336,408 | ---- | M] () -- D:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/20 21:37:40 | 000,018,784 | ---- | M] () -- D:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2011/08/20 20:56:00 | 000,435,552 | ---- | M] () -- D:\Program Files\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- D:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2010/06/24 03:27:00 | 000,197,928 | ---- | M] () -- D:\Program Files\ManyCam\Bin\VideoSrc.dll
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2009/11/19 11:26:12 | 002,174,976 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2009/11/19 11:18:16 | 000,708,608 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2009/11/19 11:14:38 | 006,443,008 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2009/11/19 11:14:38 | 000,356,352 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2009/11/19 11:14:38 | 000,188,416 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/19 11:14:36 | 001,581,056 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2009/02/05 10:51:12 | 000,388,768 | ---- | M] () -- D:\WINDOWS\system32\atwtusb.exe
MOD - [2009/01/13 10:10:32 | 003,161,760 | ---- | M] () -- D:\WINDOWS\system32\WTMKM.exe
MOD - [2008/04/13 19:12:03 | 000,192,512 | ---- | M] () -- D:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- D:\WINDOWS\system32\devenum.dll
MOD - [2006/08/29 08:29:00 | 000,180,224 | ---- | M] () -- D:\WINDOWS\system32\ATWTINK.DLL
MOD - [2005/11/22 09:15:12 | 004,448,256 | ---- | M] () -- D:\Program Files\Common Files\Roxio Shared\DLLShared\ROXIPP4.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (RoxWatch9)
SRV - File not found [On_Demand | Stopped] -- -- (RoxMediaDB9)
SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
SRV - [2012/02/17 11:32:24 | 003,409,872 | ---- | M] (Acronis) [Auto | Running] -- D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/14 19:47:28 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- D:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/08/20 21:35:10 | 005,729,328 | ---- | M] (Acronis) [Auto | Running] -- D:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/08/20 21:32:36 | 000,808,704 | ---- | M] (Acronis) [Auto | Running] -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- D:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/20 00:30:40 | 000,169,264 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- D:\Program Files\Retrospect\Retrospect 7.7\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- D:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/11/30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2010/11/30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- D:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- D:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/10/14 18:59:54 | 000,099,688 | R--- | M] (Sony Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2009/06/18 12:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- D:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/06/18 11:24:42 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- D:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2009/02/05 10:51:12 | 000,388,768 | ---- | M] () [Auto | Running] -- D:\WINDOWS\System32\atwtusb.exe -- (WTService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- d:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/22 09:29:52 | 000,233,472 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/11/22 09:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/11/22 09:26:14 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/11/21 22:47:56 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- D:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/11/21 22:47:10 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2000/05/24 14:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- D:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012/02/17 11:32:32 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/02/17 11:31:48 | 000,766,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2012/02/17 11:31:32 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2012/02/17 11:30:56 | 000,126,112 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\vididr.sys -- (vididr)
DRV - [2012/02/17 11:30:51 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
DRV - [2012/02/17 11:30:30 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\fltsrv.sys -- (fltsrv)
DRV - [2012/02/04 07:44:55 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 07:44:55 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/23 20:58:18 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/20 02:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/12/19 11:10:26 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120216.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/19 11:10:26 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120216.033\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/05 22:42:18 | 007,490,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/30 18:49:07 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120216.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/14 19:14:44 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/07/06 15:01:21 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 20:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- D:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2010/11/30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\SymDSMon.sys -- (SymDSMon)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/14 17:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/11 22:20:37 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit)
DRV - [2009/08/24 23:10:52 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/05/21 14:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/02/11 08:47:48 | 000,156,552 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mausbft.sys -- (MAUSBFT)
DRV - [2008/01/23 16:38:25 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/23 16:38:06 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/07/26 06:13:04 | 000,023,168 | ---- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/22 00:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/22 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- D:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- D:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/27 13:50:00 | 001,021,832 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/26 17:46:48 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/04/27 22:24:20 | 000,120,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\USBAV191.SYS -- (USBAV191)
DRV - [2005/03/31 11:32:42 | 000,175,104 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2004/11/01 12:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003/12/09 05:53:06 | 000,009,728 | R--- | M] (Western Digital) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\inibtmgr.sys -- (inibtmgr)
DRV - [2001/08/17 08:28:18 | 000,794,399 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USR1806V.SYS -- (USR1806V)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »start.facemoods.com/?a=grupo&s={···rms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »finalsite.ccsu.edu/page.cfm?p=2118
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: d:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: D:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: D:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: d:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/02 06:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/17 15:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/09 22:42:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/09 22:42:01 | 000,000,000 | ---D | M]

[2012/02/07 09:43:42 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\1Gustavo\Application Data\Mozilla\Extensions
[2010/12/25 15:20:52 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\1Gustavo\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/02/07 09:45:00 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/12/26 17:44:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/27 12:40:48 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/27 05:06:56 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/29 15:31:09 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 11:14:56 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/03 17:20:41 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- D:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/06/10 11:20:12 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- D:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2009/06/10 11:20:20 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- D:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/06/10 11:22:02 | 000,046,408 | ---- | M] () -- D:\Program Files\mozilla firefox\plugins\atmccli.dll
[2009/07/13 14:01:10 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- D:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/06/10 11:20:32 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- D:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/11 14:47:41 | 000,002,048 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2012/02/07 12:49:35 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\free\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [atwtusb] D:\WINDOWS\System32\atwtusb.exe ()
O4 - HKLM..\Run: [IntelAudioStudio] D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MacrokeyManager] D:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKLM..\Run: [Standby] d:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SATARAID5.lnk = File not found
O4 - Startup: D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WDDMStatus.lnk = D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\free\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\free\GRBrowse.htm ()
O8 - Extra context menu item: Search the Web - D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} »download.microsoft.com/download/···trol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} »quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »www.update.microsoft.com/microso···39103687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} »java.sun.com/products/plugin/aut···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} »juniper.net/dana-cached/sc/Junip···ient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} »mydeuce.kicks-ass.net/MP4DVR.cab (ERViewerOCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E5B241-C767-49E3-A932-9BC42255B22E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\MsMsgSrv: DllName - (MsMsgSrv.DLL) - File not found
O24 - Desktop WallPaper: D:\Documents and Settings\1Gustavo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\1Gustavo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-02-17 17:35:57 ·

lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

O32 - AutoRun File - [2009/01/10 17:40:20 | 000,000,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/02 16:40:48 | 000,000,000 | ---- | M] () - K:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1f4fe29c-df67-11dd-bc5a-0016761f2be5}\Shell\AutoRun\command - "" = H:\Setup_FlipShare.exe
O33 - MountPoints2\{1f4fe29c-df67-11dd-bc5a-0016761f2be5}\Shell\Setup FlipShare\command - "" = H:\Setup_FlipShare.exe
O33 - MountPoints2\{3c140f92-0cf9-11de-bc95-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{3c140f92-0cf9-11de-bc95-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c140f92-0cf9-11de-bc95-0016761f2be5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{3c140f94-0cf9-11de-bc95-0016761f2be5}\Shell\Auto\command - "" = tel.xls.exe
O33 - MountPoints2\{3c140f94-0cf9-11de-bc95-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c140f94-0cf9-11de-bc95-0016761f2be5}\Shell\AutoRun\command - "" = D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
O33 - MountPoints2\{54c9ba1c-70c9-11de-ba0c-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{54c9ba1c-70c9-11de-ba0c-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54c9ba1c-70c9-11de-ba0c-0016761f2be5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{54c9ba1e-70c9-11de-ba0c-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{54c9ba1e-70c9-11de-ba0c-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54c9ba1e-70c9-11de-ba0c-0016761f2be5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{812628c4-7138-11de-ba0d-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{812628c4-7138-11de-ba0d-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{812628c4-7138-11de-ba0d-0016761f2be5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ab54e614-c9f8-11dc-872f-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{ab54e614-c9f8-11dc-872f-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ab54e614-c9f8-11dc-872f-0016761f2be5}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bbbf7e65-c814-11dc-b3cc-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bbbf7e65-c814-11dc-b3cc-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbbf7e65-c814-11dc-b3cc-806d6172696f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{cf650308-b2a9-11df-bb48-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{cf650308-b2a9-11df-bb48-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf650308-b2a9-11df-bb48-0016761f2be5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f2ddbb13-5a9b-11dd-bbaf-0016761f2be5}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure31.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/17 16:33:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\OTL.exe
[2012/02/17 16:02:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\QuickScan
[2012/02/17 12:47:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\Malwarebytes
[2012/02/17 12:47:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/17 12:47:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012/02/17 12:47:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2012/02/17 12:47:17 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2012/02/17 12:45:15 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\1Gustavo\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/17 12:02:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\TFC.exe
[2012/02/17 11:32:32 | 000,234,752 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\afcdp.sys
[2012/02/17 11:31:48 | 000,766,208 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\tdrpman.sys
[2012/02/17 11:30:56 | 000,126,112 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\vididr.sys
[2012/02/17 11:30:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\30E56105-8D4E-4EFE-B61C-1E55A5433C4F
[2012/02/17 11:30:51 | 000,084,512 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\vsflt58.sys
[2012/02/17 11:30:30 | 000,076,768 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\fltsrv.sys
[2012/02/17 11:29:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Acronis
[2012/02/17 11:29:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Start Menu\Programs\Acronis
[2012/02/17 11:28:08 | 000,000,000 | ---D | C] -- D:\Program Files\Acronis
[2012/02/17 11:28:06 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Acronis
[2012/02/17 11:05:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\Acronis
[2012/02/17 11:05:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2012/02/10 05:59:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\WEBREG
[2012/02/10 05:54:04 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- D:\WINDOWS\System32\hpf3l70w.dll
[2012/02/10 05:53:07 | 000,315,392 | R--- | C] (Hewlett-Packard Co.) -- D:\WINDOWS\System32\hpwvst01.dll
[2012/02/10 05:53:06 | 000,966,656 | R--- | C] (Hewlett-Packard Co.) -- D:\WINDOWS\System32\hpwtiop5.dll
[2012/02/10 05:53:06 | 000,749,568 | R--- | C] (Hewlett-Packard) -- D:\WINDOWS\System32\hpwwiax6.dll
[2012/02/09 23:01:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2012/02/09 23:01:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\Yahoo!
[2012/02/09 23:01:22 | 000,000,000 | ---D | C] -- D:\Program Files\Yahoo!
[2012/02/09 20:44:58 | 000,000,000 | ---D | C] -- D:\WINDOWS\hpoj4500g510g-m
[2012/01/26 13:52:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
[2012/01/26 13:52:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\ATI
[2012/01/26 13:52:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\ATI
[2012/01/26 13:41:26 | 000,000,000 | ---D | C] -- D:\Program Files\AMD APP
[2012/01/26 13:41:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Catalyst Control Center
[2012/01/26 13:35:28 | 000,000,000 | ---D | C] -- D:\Program Files\ATI
[2012/01/26 13:34:56 | 000,000,000 | ---D | C] -- D:\Program Files\ATI Technologies
[2012/01/26 13:28:01 | 000,000,000 | ---D | C] -- D:\AMD
[2012/01/26 08:30:57 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\atiiiexx.dll
[2012/01/26 08:30:40 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- D:\WINDOWS\System32\ATIDEMGX.dll
[2012/01/26 08:28:52 | 000,100,368 | ---- | C] (Advanced Micro Devices) -- D:\WINDOWS\System32\drivers\AtihdXP3.sys
[2012/01/23 21:08:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\Windows Search
[2008/07/23 17:44:29 | 000,964,218 | ---- | C] (Click2learn, Inc.) -- D:\Program Files\OTSMENU.exe
[2008/07/23 17:44:29 | 000,717,965 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\InstallTest.exe
[2008/07/23 17:44:28 | 002,036,730 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\Givetest.EXE
[2008/07/23 17:44:27 | 000,760,758 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\EditTaskList.exe
[2008/07/23 17:44:26 | 001,546,606 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\CreateQuestions.exe
[2008/07/23 17:44:26 | 000,943,546 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\AssessResults.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/02/17 16:33:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\OTL.exe
[2012/02/17 16:33:00 | 000,000,890 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 15:51:00 | 000,002,422 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012/02/17 15:50:03 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1454471165-839522115-1003.job
[2012/02/17 15:49:52 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 15:49:11 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012/02/17 15:48:38 | 3486,871,552 | -HS- | M] () -- D:\hiberfil.sys
[2012/02/17 15:48:35 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2012/02/17 12:47:29 | 000,000,793 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 12:45:35 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\1Gustavo\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/17 12:02:32 | 000,772,954 | ---- | M] () -- D:\WINDOWS\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/17 12:02:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\TFC.exe
[2012/02/17 11:32:32 | 000,234,752 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\afcdp.sys
[2012/02/17 11:31:48 | 000,766,208 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\tdrpman.sys
[2012/02/17 11:31:32 | 000,609,760 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\timntr.sys
[2012/02/17 11:30:56 | 000,126,112 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\vididr.sys
[2012/02/17 11:30:51 | 000,084,512 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\vsflt58.sys
[2012/02/17 11:30:30 | 000,076,768 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\fltsrv.sys
[2012/02/17 11:29:44 | 000,000,873 | ---- | M] () -- D:\Documents and Settings\1Gustavo\Desktop\Acronis True Image Home 2012.lnk
[2012/02/12 23:05:00 | 000,000,254 | ---- | M] () -- D:\WINDOWS\tasks\NUSchedule.job
[2012/02/12 19:26:00 | 000,000,292 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1454471165-839522115-1003.job
[2012/02/10 05:57:58 | 000,205,440 | ---- | M] () -- D:\WINDOWS\hpwins26.dat
[2012/02/09 21:11:11 | 000,001,817 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/09 19:51:44 | 000,204,970 | ---- | M] () -- D:\WINDOWS\hpwins26.dat.temp
[2012/02/07 09:07:36 | 000,000,508 | ---- | M] () -- D:\Documents and Settings\1Gustavo\Desktop\terminate.vbs
[2012/02/06 20:48:03 | 000,000,290 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1454471165-839522115-1006.job
[2012/02/03 21:01:28 | 000,180,224 | ---- | M] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/03 05:59:56 | 000,028,401 | ---- | M] () -- D:\Documents and Settings\1Gustavo\Desktop\PlacementEntry.pub
[2012/02/02 06:01:51 | 000,001,909 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS\Desktop\Norton 360.LNK
[2012/01/28 00:27:32 | 000,000,172 | ---- | M] () -- D:\WINDOWS\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/26 08:25:08 | 000,001,324 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 07:55:33 | 000,000,059 | ---- | M] () -- D:\WINDOWS\WININIT.INI

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/02/17 12:47:28 | 000,000,793 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 11:29:44 | 000,000,873 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Desktop\Acronis True Image Home 2012.lnk
[2012/02/09 22:17:47 | 000,000,731 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/02/09 21:11:10 | 000,001,817 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/09 20:14:48 | 000,204,970 | ---- | C] () -- D:\WINDOWS\hpwins26.dat.temp
[2012/02/09 20:14:48 | 000,000,370 | ---- | C] () -- D:\WINDOWS\hpwmdl26.dat.temp
[2012/02/09 19:20:13 | 000,205,440 | ---- | C] () -- D:\WINDOWS\hpwins26.dat
[2012/02/09 19:20:12 | 000,000,370 | ---- | C] () -- D:\WINDOWS\hpwmdl26.dat
[2012/02/07 09:07:36 | 000,000,508 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Desktop\terminate.vbs
[2012/01/26 08:30:58 | 000,036,338 | ---- | C] () -- D:\WINDOWS\atiogl.xml
[2012/01/26 08:30:32 | 000,219,080 | ---- | C] () -- D:\WINDOWS\System32\atiapfxx.blb
[2012/01/26 08:30:26 | 000,887,724 | ---- | C] () -- D:\WINDOWS\System32\ativva6x.dat
[2012/01/26 08:30:25 | 000,608,507 | ---- | C] () -- D:\WINDOWS\System32\atiicdxx.dat
[2012/01/26 08:30:25 | 000,000,003 | ---- | C] () -- D:\WINDOWS\System32\ativva5x.dat
[2012/01/14 12:18:15 | 000,077,421 | ---- | C] () -- D:\WINDOWS\hpqins05.dat
[2012/01/11 15:27:50 | 000,110,592 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDevice.Dll
[2012/01/11 15:27:50 | 000,036,608 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- D:\WINDOWS\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- D:\WINDOWS\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- D:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- D:\WINDOWS\System32\OpenVideo.dll
[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- D:\WINDOWS\System32\OVDecode.dll
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- D:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/06 15:24:18 | 000,036,712 | ---- | C] () -- D:\WINDOWS\System32\CleanMFT32.exe
[2011/04/07 07:20:36 | 000,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI
[2011/03/26 09:17:17 | 003,161,760 | ---- | C] () -- D:\WINDOWS\System32\WTMKM.exe
[2011/03/26 09:17:17 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\ATWTINK.DLL
[2011/03/26 09:17:17 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\InstallService.exe
[2011/03/26 09:17:16 | 000,010,251 | ---- | C] () -- D:\WINDOWS\System32\Vista.ini
[2011/03/26 09:17:16 | 000,009,868 | ---- | C] () -- D:\WINDOWS\System32\XP_2000.ini
[2011/03/26 09:17:16 | 000,000,593 | ---- | C] () -- D:\WINDOWS\System32\MKProfile.ini
[2011/01/20 22:05:02 | 000,179,718 | ---- | C] () -- D:\WINDOWS\hpwins14.dat
[2011/01/20 22:05:01 | 000,001,108 | R--- | C] () -- D:\WINDOWS\hpwmdl14.dat
[2011/01/04 19:11:38 | 000,001,940 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/16 14:21:55 | 000,007,378 | ---- | C] () -- D:\WINDOWS\System32\makobbot.dll
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\voxigker.dll
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\mekires.exe
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\delokapp.dll
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\conansec.dll
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\binuvmag.sys
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\apixont.dll
[2010/08/25 20:30:25 | 000,000,000 | ---- | C] () -- D:\WINDOWS\DVEdit.INI
[2010/08/25 16:14:13 | 000,354,816 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2010/08/25 16:13:12 | 000,124,264 | R--- | C] () -- D:\WINDOWS\System32\mp3dec.dll
[2010/08/25 16:13:12 | 000,081,920 | R--- | C] () -- D:\WINDOWS\System32\dsp_trc.dll
[2010/08/25 16:13:12 | 000,010,600 | R--- | C] () -- D:\WINDOWS\System32\IcdSptSvps.dll
[2010/05/14 16:56:06 | 010,898,456 | ---- | C] () -- D:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 16:56:06 | 000,104,472 | ---- | C] () -- D:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 16:55:58 | 000,336,408 | ---- | C] () -- D:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 16:47:00 | 000,028,418 | ---- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/22 18:34:16 | 000,001,324 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/02/12 10:40:36 | 006,344,704 | ---- | C] () -- D:\WINDOWS\System32\botavsec.exe
[2010/02/11 13:41:56 | 006,631,424 | ---- | C] () -- D:\WINDOWS\System32\sndiwchk.exe
[2010/02/11 12:02:20 | 000,017,959 | ---- | C] () -- D:\WINDOWS\System32\dskakdel.dll
[2009/12/13 13:55:44 | 000,217,088 | ---- | C] () -- D:\WINDOWS\System32\qtmlClient.dll
[2009/12/11 14:27:34 | 000,323,006 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Application Data\speech.wav
[2009/11/07 17:47:47 | 000,000,437 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Application Data\spell.cfg
[2009/11/07 17:47:47 | 000,000,145 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Application Data\userdata2.adl
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- D:\WINDOWS\System32\OGAEXEC.exe
[2009/04/30 04:54:51 | 000,000,035 | ---- | C] () -- D:\WINDOWS\A6W.INI
[2009/04/25 11:34:39 | 000,012,717 | R--- | C] () -- D:\WINDOWS\hpwscr14.dat
[2008/12/31 10:07:05 | 000,388,768 | ---- | C] () -- D:\WINDOWS\System32\atwtusb.exe
[2008/12/31 10:07:05 | 000,102,048 | ---- | C] () -- D:\WINDOWS\RmTablet.exe
[2008/12/31 10:07:05 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\tblmouse.exe
[2008/12/31 10:07:05 | 000,023,168 | ---- | C] () -- D:\WINDOWS\System32\drivers\aiptektp.sys
[2008/12/31 10:07:05 | 000,007,323 | ---- | C] () -- D:\WINDOWS\aiptbl.ini
[2008/12/31 10:04:54 | 000,000,046 | ---- | C] () -- D:\WINDOWS\RmFile.ini
[2008/12/31 10:04:36 | 000,053,728 | ---- | C] () -- D:\WINDOWS\rmfile.exe
[2008/12/31 10:04:36 | 000,043,664 | ---- | C] () -- D:\WINDOWS\addrun.exe
[2008/12/26 22:25:20 | 000,000,256 | ---- | C] () -- D:\WINDOWS\System32\pool.bin
[2008/12/02 18:06:11 | 000,000,000 | ---- | C] () -- D:\WINDOWS\flowview.INI
[2008/10/22 19:50:31 | 000,000,237 | ---- | C] () -- D:\WINDOWS\swacnfg.ini
[2008/09/30 11:00:04 | 000,088,536 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\rx_audio.Cache
[2008/09/02 08:17:02 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2008/08/26 05:37:17 | 000,001,304 | ---- | C] () -- D:\WINDOWS\checkip.dat
[2008/07/29 15:30:48 | 000,480,688 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\rx_image.Cache
[2008/07/23 17:44:47 | 000,000,233 | ---- | C] () -- D:\WINDOWS\asym.ini
[2008/07/23 17:44:31 | 000,173,612 | ---- | C] () -- D:\Program Files\SNDTEST.WAV
[2008/07/23 17:44:30 | 000,314,924 | ---- | C] () -- D:\Program Files\INSTRUCT.WAV
[2008/07/23 17:44:30 | 000,226,860 | ---- | C] () -- D:\Program Files\ENDTEST.WAV
[2008/07/23 17:44:30 | 000,004,640 | ---- | C] () -- D:\Program Files\NATURE.WAV
[2008/07/23 17:44:25 | 000,009,757 | ---- | C] () -- D:\Program Files\DeIsL1.isu
[2008/07/06 08:53:22 | 001,513,984 | ---- | C] () -- D:\WINDOWS\System32\Mgxrdr32.dll
[2008/07/06 08:53:21 | 000,306,688 | ---- | C] () -- D:\WINDOWS\System32\LFFPX7.DLL
[2008/07/06 08:53:21 | 000,095,232 | ---- | C] () -- D:\WINDOWS\System32\LFKODAK.DLL
[2008/07/06 08:50:48 | 000,082,944 | ---- | C] () -- D:\WINDOWS\System32\Ppiv20.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/24 20:53:22 | 000,002,528 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Application Data\$_hpcst$.hpc
[2008/03/22 11:38:31 | 000,000,129 | ---- | C] () -- D:\WINDOWS\MSPublisher_Quark Converter.INI
[2008/03/22 08:29:15 | 000,486,704 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/21 15:50:44 | 000,000,510 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2008/03/21 15:42:08 | 000,042,483 | ---- | C] () -- D:\WINDOWS\ICCCODES.DAT
[2008/03/21 15:42:08 | 000,039,095 | ---- | C] () -- D:\WINDOWS\Iccsigs.dat
[2008/03/21 15:42:08 | 000,000,156 | ---- | C] () -- D:\WINDOWS\KPCMS.INI
[2008/03/21 15:41:46 | 000,210,944 | ---- | C] () -- D:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/19 09:53:53 | 000,000,134 | ---- | C] () -- D:\WINDOWS\Readiris.ini
[2008/03/19 09:53:44 | 000,023,040 | ---- | C] () -- D:\WINDOWS\System32\irisco32.dll
[2008/03/13 14:58:31 | 000,002,071 | ---- | C] () -- D:\WINDOWS\panose.bin
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- D:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/02/03 10:52:13 | 000,000,207 | ---- | C] () -- D:\WINDOWS\cdplayer.ini
[2008/02/03 09:19:07 | 000,180,224 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 18:05:01 | 000,000,035 | ---- | C] () -- D:\WINDOWS\webica.ini
[2008/01/28 15:33:46 | 000,001,485 | ---- | C] () -- D:\WINDOWS\MTB30.INI
[2008/01/26 15:06:50 | 000,000,059 | ---- | C] () -- D:\WINDOWS\WININIT.INI
[2008/01/25 17:44:54 | 000,000,165 | ---- | C] () -- D:\WINDOWS\Quicken.ini
[2008/01/25 16:08:08 | 000,210,456 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/25 16:08:08 | 000,206,360 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/25 16:08:08 | 000,198,168 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/25 16:08:08 | 000,198,168 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/25 16:08:08 | 000,194,072 | ---- | C] () -- D:\WINDOWS\System32\IVIresizePX.dll
[2008/01/25 16:08:08 | 000,026,136 | ---- | C] () -- D:\WINDOWS\System32\IVIresize.dll
[2008/01/24 19:21:14 | 000,001,167 | ---- | C] () -- D:\WINDOWS\mozver.dat
[2008/01/21 21:53:53 | 000,000,063 | ---- | C] () -- D:\WINDOWS\sbwin.ini
[2008/01/21 16:10:06 | 000,001,839 | ---- | C] () -- D:\WINDOWS\TT3.INI
[2008/01/21 15:37:54 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2008/01/21 15:26:21 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2008/01/21 15:02:25 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2008/01/21 14:20:57 | 000,000,000 | ---- | C] () -- D:\WINDOWS\ativpsrm.bin
[2008/01/21 07:02:34 | 000,004,346 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini
[2005/12/01 14:05:44 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\px.ini
[2005/11/14 14:40:28 | 000,204,800 | ---- | C] () -- D:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 11:30:04 | 003,596,288 | R--- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 11:30:02 | 000,524,288 | R--- | C] () -- D:\WINDOWS\System32\divxsm.exe
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- D:\WINDOWS\System32\drivers\atnt40k.sys
[2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll
[2005/04/27 22:24:20 | 000,120,128 | ---- | C] () -- D:\WINDOWS\System32\drivers\USBAV191.SYS
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\besched.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 006,627,328 | ---- | C] () -- D:\WINDOWS\System32\verixget.exe
[2004/08/04 07:00:00 | 001,691,648 | ---- | C] () -- D:\WINDOWS\System32\keraglib.dll
[2004/08/04 07:00:00 | 001,683,456 | ---- | C] () -- D:\WINDOWS\System32\selesreg.dll
[2004/08/04 07:00:00 | 000,755,200 | ---- | C] () -- D:\WINDOWS\System32\ir50_32.dll
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,457,016 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,338,432 | ---- | C] () -- D:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,200,192 | ---- | C] () -- D:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 07:00:00 | 000,183,808 | ---- | C] () -- D:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 07:00:00 | 000,156,765 | ---- | C] () -- D:\WINDOWS\System32\mp4obver32.dll
[2004/08/04 07:00:00 | 000,156,765 | ---- | C] () -- D:\WINDOWS\System32\kbdahxml32.dll
[2004/08/04 07:00:00 | 000,153,765 | ---- | C] () -- D:\WINDOWS\System32\vipipkey32.dll
[2004/08/04 07:00:00 | 000,120,320 | ---- | C] () -- D:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 07:00:00 | 000,075,922 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2004/04/14 10:40:32 | 000,001,417 | ---- | C] () -- D:\WINDOWS\System32\WD.ini
[2003/12/15 15:42:52 | 000,000,232 | ---- | C] () -- D:\WINDOWS\SwapDrvrSP3.ini
[2003/12/15 15:42:36 | 000,000,233 | ---- | C] () -- D:\WINDOWS\SwapDrvrSP2.ini
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- D:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\lockres.dll
[1998/12/08 17:53:58 | 000,116,736 | ---- | C] () -- D:\WINDOWS\System32\PCDLIB32.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2012/02/17 11:31:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\30E56105-8D4E-4EFE-B61C-1E55A5433C4F
[2009/10/31 22:27:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Acapela Group
[2012/02/17 11:05:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Acronis
[2011/01/27 17:59:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Ahnenblatt
[2010/10/10 11:39:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Alien Skin
[2008/07/01 09:11:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Blender Foundation
[2009/12/13 18:28:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Digidesign
[2012/01/21 09:18:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Dropbox
[2008/02/20 21:47:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\GetRight
[2008/02/21 07:44:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\GetRightToGo
[2008/03/10 15:11:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\gtk-2.0
[2009/12/05 17:54:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\hm8platform
[2008/01/31 18:14:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\ICAClient
[2008/07/01 11:38:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Inspiration Software
[2012/01/13 15:33:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Juniper Networks
[2011/01/27 18:24:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Lala Music Mover
[2010/07/16 16:45:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Leadertech
[2010/07/21 16:50:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\ManyCam
[2009/03/01 12:20:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\MyHeritage
[2009/12/11 22:20:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\NCH Swift Sound
[2008/01/26 15:49:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Nvu
[2010/09/08 06:28:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\OpenOffice.org
[2008/03/20 11:51:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Org Professional
[2009/12/13 15:04:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\PACE Anti-Piracy
[2012/02/17 16:09:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\QuickScan
[2011/03/26 13:46:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Research In Motion
[2012/01/01 19:26:50 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\1Gustavo\Application Data\RPPrivate
[2012/01/11 16:19:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Samsung
[2009/07/21 17:53:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\SnapKast
[2009/12/13 14:08:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Structure
[2008/12/17 15:19:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\System Tweaker
[2010/12/25 15:20:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\TomTom
[2010/02/18 19:00:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Ulead Systems
[2008/12/17 15:10:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Uniblue
[2009/07/13 14:01:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\webex
[2011/07/30 09:47:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Windows Desktop Search
[2012/01/23 21:08:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Windows Search
[2009/10/31 22:27:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Xtranormal
[2012/02/17 11:05:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2008/07/01 09:11:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Blender Foundation
[2011/05/16 12:46:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\FileCure
[2009/11/04 17:39:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Flip Video
[2008/03/08 17:21:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\GetRight
[2009/09/19 11:52:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\GetRightToGo
[2008/01/25 16:08:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
[2012/01/13 15:31:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Juniper Networks
[2009/01/10 17:45:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies
[2009/03/01 12:25:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\MyHeritage
[2011/03/05 16:10:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2008/01/21 23:26:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\OLYMPUS
[2009/12/13 15:04:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\PACE Anti-Piracy
[2009/09/24 17:45:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\PCSettings
[2012/02/12 06:08:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Retrospect
[2012/01/11 16:11:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2008/01/23 18:07:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
[2010/02/18 18:59:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
[2011/03/26 13:05:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Tablet
[2012/02/12 23:05:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/12/25 15:27:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2011/03/26 13:56:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2012/01/09 16:13:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Western Digital
[2009/02/01 14:03:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/17 15:10:19 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2012/02/12 23:05:00 | 000,000,254 | ---- | M] () -- D:\WINDOWS\Tasks\NUSchedule.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\Ulead VideoStudio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\SPAN 336:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\Retrospect Catalog Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\My Webs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\My FormTool Forms:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\HotPotatoes:Roxio EMC Stream
@Alternate Data Stream - 184 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D3A96964
@Alternate Data Stream - 180 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DA868A70
@Alternate Data Stream - 1512 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:Q7Abz9DjFukR9Xe1WEG
@Alternate Data Stream - 1511 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:2KQrSCYcI6F9PW5XV4DPYnQe6Z
@Alternate Data Stream - 1368 bytes -> D:\Documents and Settings\1Gustavo\Local Settings\Application Data\oJGxA50O6HnN:eeSe0gjisR9Hvow9surbHxB
@Alternate Data Stream - 1296 bytes -> D:\Program Files\Common Files\System:0qItaC4876ZsWaJlxnL
@Alternate Data Stream - 1271 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:TKjTVnyVfcMClvmLo3USazYjrey
@Alternate Data Stream - 1256 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:vfKkAgpy1Na8PP9mvg
@Alternate Data Stream - 1251 bytes -> D:\Program Files\Common Files\System:xf3uajAjpZ4lDNvp4H7sn912GN
@Alternate Data Stream - 1244 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:zxc1xI1P4INzcPsDhu
@Alternate Data Stream - 1200 bytes -> D:\Program Files\Outlook Express:RiGIYXjREiW8DiCuqREkxx
@Alternate Data Stream - 102 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D287FACF

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-02-17 17:36:16 ·

lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

EXTRAS

OTL Extras logfile created on: 2/17/2012 4:34:26 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = D:\Documents and Settings\1Gustavo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 70.71% Memory free
4.69 Gb Paging File | 3.49 Gb Available in Paging File | 74.48% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive D: | 465.76 Gb Total Space | 325.62 Gb Free Space | 69.91% Space Free | Partition Type: NTFS
Drive E: | 74.51 Gb Total Space | 70.11 Gb Free Space | 94.09% Space Free | Partition Type: FAT32
Drive F: | 12.73 Gb Total Space | 10.37 Gb Free Space | 81.44% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 106.86 Gb Free Space | 22.94% Space Free | Partition Type: NTFS
Drive M: | 2794.49 Gb Total Space | 2785.72 Gb Free Space | 99.69% Space Free | Partition Type: NTFS

Computer Name: GUSTAVOS | User Name: 1Gustavo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"85:TCP" = 85:TCP:*:Enabled:BroadWave Web Server

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = D:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\HP Software Update\hpwucli.exe" = D:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Retrospect\Retrospect 7.6\Retrospect.exe" = D:\Program Files\Retrospect\Retrospect 7.6\Retrospect.exe:*:Enabled:Retrospect
"D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)
"D:\Program Files\Skype\Plugin Manager\skypePM.exe" = D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"D:\Program Files\Java\jre6\bin\java.exe" = D:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Roxio\Easy Media Creator 8\Creator Classic\Creator8.exe" = D:\Program Files\Roxio\Easy Media Creator 8\Creator Classic\Creator8.exe:*:Enabled:Creator8 -- (Sonic Solutions)
"D:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe" = D:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe:*:Enabled:Roxio UPnP Renderer Service -- (Sonic Solutions)
"L:\setup\HPZNUI01.EXE" = L:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"L:\setup\HPONICIFS01.EXE" = L:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"D:\Program Files\Logitech\Vid\Vid.exe" = D:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"D:\Documents and Settings\1Gustavo\Application Data\Dropbox\bin\Dropbox.exe" = D:\Documents and Settings\1Gustavo\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"D:\Program Files\Retrospect\Retrospect 7.7\Retrospect.exe" = D:\Program Files\Retrospect\Retrospect 7.7\Retrospect.exe:*:Enabled:Retrospect -- (Sonic Solutions)
"D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"D:\WINDOWS\system32\muzapp.exe" = D:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = D:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\HP Software Update\hpwucli.exe" = D:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" = D:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe:*:Enabled:Acronis Sync Agent Service -- (Acronis)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06968636-3053-3474-9AF4-CC363F7C41C0}" = Strawberry Perl
"{07B3B42B-18C1-4CA7-AFFB-2B0313BBFB7C}_is1" = Vizacc HelpMaker 7.4.4 (remove only)
"{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}" = Fast Track
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09C6A4C7-A2D2-1DD9-A81C-44C30042A00C}" = CCC Help Greek
"{0A173336-214D-0609-4897-5E2547D0395D}" = CCC Help Dutch
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10E78E61-CCB0-4E35-B216-763992F50409}" = Xtranormal State - Voicepack-English-US-Samantha
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{1551F75D-F27A-490A-8E5C-36DB06F0C453}" = Xtranormal State - Voicepack-English-US-Tom
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9E212F-DFDC-F1D4-D1FD-986149513125}" = CCC Help Russian
"{1CAEFAE2-D12E-CA26-62BC-DF452004B3B1}" = CCC Help Swedish
"{1D9B2B74-82B1-9CE7-0A9A-6234008D11EE}" = CCC Help Polish
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2254E64C-D2B1-4478-BD7E-37457D09FF39}" = QuickLink Desktop
"{251554D7-F631-4CB3-8A81-12271E3678F1}" = Easy Grade Pro
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{329B7564-7E13-4A70-BC2B-F9870C82AAB6}" = Roxio Content 8
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353B1E6D-7073-4450-8C80-699BD8FCFB49}" = MTP Porting Kit
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F70FB44-FD00-4ED2-9154-661AA9DB0B28}" = WD Media Center Driver
"{40399AFE-1B78-4617-A785-73A640132F99}" = Xtranormal State - Voicepack-English-UK-Daniel
"{406AE7DC-5FD1-FC3A-00F5-024AD25DF01B}" = CCC Help Danish
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47A0C382-35D7-4A3A-B9AF-B2D38827A8A7}" = Acronis True Image Home 2012
"{47A0C382-35D7-4A3A-B9AF-B2D38827A8A7}Visible" = Acronis True Image Home 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A742CBE-078E-03FF-C7D5-B3E1B676BDF2}" = CCC Help Czech
"{4B6DD00B-BC05-185B-BE8B-997A23B367C4}" = CCC Help Chinese Traditional
"{4F589FB5-02B8-43DD-8061-C6DADDE5775C}" = 3114 SATARAID5
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50206644-C226-498D-8273-9F5F300807E2}_is1" = NeoPaint 4.7a
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5F1AE198-965A-C65D-218A-B76F19B86BEC}" = CCC Help German
"{5FEEB4D3-31F1-FF10-5F61-A988CD44CA59}" = CCC Help Hungarian
"{62C2306F-8B71-453E-8996-3A5BFE2593BB}" = M-Audio Micro Driver 2.0.1 (x86)
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{651CD0A0-8B64-B3F1-23B9-294C39F09A31}" = CCC Help Finnish
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77514C51-66D9-2F7C-56D8-5495B8CFAF5E}" = CCC Help French
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{792A669E-71A6-9210-2C06-3FCF0DDFC4C5}" = Catalyst Control Center Localization All
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{860BD052-49CB-7220-8792-15523D08C2A2}" = CCC Help Korean
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8C93615B-5333-B61B-625E-0D4DCD9E09CA}" = CCC Help Norwegian
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{981F1A21-7764-417F-90C3-795ABDCEF496}" = M-Audio Producer Driver 2.0.1 (x86)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD91669-25C9-43CD-9367-BF60591B837B}" = Camedia Master 4.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2B41C5-919A-7037-F5E8-42A5E90873B8}" = Catalyst Control Center Graphics Previews Common
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A48E4951-D8E9-4FDF-82EF-46FB1C953F3E}" = Intel Audio Studio 2.0
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6991E11-AF13-652B-5736-C8800EF5527B}" = Catalyst Control Center
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABDDCBF9-D934-48B7-B09A-D208D6C4A2D6}" = Xtranormal State - Voicepack-English-UK-Serena
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76D478-1033-0000-3478-000000000001}" = Adobe Acrobat Distiller 6.0
"{ADD24D05-DDEA-39CB-0E92-AA371AEE2894}" = Catalyst Control Center InstallProxy
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B111977A-E61A-4EA3-9F19-605E69C06D14}_is1" = NeoBook 5.6.1
"{B1B99F39-0A1C-4790-A0C8-73537CF8CEDB}" = Easy Grade Pro
"{B2420CAA-ADC1-8581-938A-2B25C22EF17A}" = ccc-utility
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C314F7-928B-44E3-A8A3-169648B1077D}" = Xtranormal State - SoundPack-Starter Kit
"{B6300A7D-C1B6-4A25-861D-4AED96202FCD}" = Readiris Pro 10
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B81D9181-67D7-6A90-78EA-34108EBBCF7F}" = CCC Help Thai
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BA314F9D-8401-1E44-11BF-F112E93F465E}" = CCC Help English
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BEB0B424-3692-E0DC-8D25-04A36C7AB580}" = CCC Help Portuguese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}" = AMD Catalyst Install Manager
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4574477-C9FA-CF5F-B5AC-D379D655A962}" = CCC Help Chinese Standard
"{CBA4DD0F-0871-39EB-A48B-03BC9E5E437B}" = CCC Help Japanese
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}" = WebEx Meeting Manager for Firefox/Netscape/Chrome
"{D648787C-3738-424C-AF24-EB4EA008473F}" = Retrospect 7.7
"{D7ADCF9A-1F30-4ECE-B40E-A155DEAD0FCD}" = Xtranormal State
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" =
"{DE0C72A8-B4A3-4B80-3CF9-2DC45CF865D5}" = CCC Help Spanish
"{DE958AD2-6235-45E6-AB3A-26FA5C7A9B0F}_is1" = NeoBookDBPro 1.1e
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E5B2C34F-BEDE-5AF8-DBD3-C05E8C030588}" = CCC Help Italian
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6C48B74-26ED-4EF8-A04C-42AFDE5E1CA3}" = Intel(R) PRO Network Connections
"{EE89B00E-5295-4C01-887A-311DD090F71B}" = Xtranormal State - Showpak-Playgoz-Preview
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0A6D1C4-7E73-963B-C4C6-C97121B1992B}" = CCC Help Turkish
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE8CD9C9-7650-4B8D-928A-85D6CAB6CA59}" = Digidesign Pro Tools M-Powered Essential 8.0.2
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"Audacity_is1" = Audacity 1.2.5
"AURC_is1" = Audacity Recovery Utility
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Blender" = Blender (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Editors Toolbox for NeoBook" = Editors Toolbox for NeoBook
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Finale NotePad 2008" = Finale NotePad 2008
"GetRight_is1" = GetRight
"hotpot6_is1" = Hot Potatoes v 6.0.4.27
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IHMC CmapTools v4.09" = IHMC CmapTools v4.09
"Inspiration 8" = Inspiration 8
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Macromedia Director 7" = Macromedia Director 7
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"ManyCam" = ManyCam 2.5.48 (remove only)
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Micrografx Designer 7" = Micrografx Designer 7
"Micrografx FlowCharter 7" = Micrografx FlowCharter 7
"Micrografx Graphics Suite 2 Enterprise" = Micrografx Graphics Suite 2 Enterprise
"Micrografx Picture Publisher 7" = Micrografx Picture Publisher 7
"Micrografx QuickVector" = Micrografx QuickVector
"Micrografx Simply 3D 2" = Micrografx Simply 3D 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MVApplication1" = Memorex exPressit Label Design Studio
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities 15_is1" = Norton Utilities 15
"Oral Testing Software Enhanced" = Oral Testing Software Enhanced
"Pensoft Pro" = Pensoft Pro
"ProcessScanner_is1" = Uniblue ProcessScanner
"quandary2_is1" = Quandary version 2.2.0.2
"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008
"RealPlayer 15.0" = RealPlayer
"Rmtablet" = Pen Pad Driver with Macro Key Manager
"R-Studio 3.8NSIS" = R-Studio 3.8
"Shop for HP Supplies" = Shop for HP Supplies
"SnapKast Media Center_is1" = SnapKast Media Center 2.2 (1Gustavo)
"ST6UNST #1" = MetaVox V3
"System Tweaker_is1" = Uniblue System Tweaker
"Teacher's Toolbox 3.0" = Teacher's Toolbox 3.0
"TexToys3_is1" = TexToys v 3.1.0.7
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.5
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XWeb" = Microsoft Expression Web 2
"Yahoo! Companion" = Yahoo! Toolbar

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2/9/2012 10:23:53 PM | Computer Name = GUSTAVOS | Source = Application Error | ID = 1000
Description = Faulting application WDFME.exe, version 1.4.5.2, faulting module msvcr90.dll,
version 9.0.30729.6161, fault address 0x0006ccd5.

Error - 2/9/2012 11:54:40 PM | Computer Name = GUSTAVOS | Source = MsiInstaller | ID = 11905
Description = Product: DocMgr -- Error 1905. Module D:\Program Files\HP\Digital
Imaging\help\hpqdummy.dll failed to unregister. HRESULT -2147220472. Contact your
support personnel.

Error - 2/10/2012 12:06:37 AM | Computer Name = GUSTAVOS | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 2/14/2012 11:55:46 AM | Computer Name = GUSTAVOS | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 2/14/2012 11:55:54 AM | Computer Name = GUSTAVOS | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 2/14/2012 11:55:54 AM | Computer Name = GUSTAVOS | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 2/17/2012 11:48:32 AM | Computer Name = GUSTAVOS | Source = ESENT | ID = 489
Description = wuauclt (5932) An attempt to open the file "D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/17/2012 11:48:32 AM | Computer Name = GUSTAVOS | Source = ESENT | ID = 455
Description = wuaueng.dll (5932) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2/17/2012 11:48:46 AM | Computer Name = GUSTAVOS | Source = ESENT | ID = 489
Description = wuauclt (5932) An attempt to open the file "D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/17/2012 11:48:46 AM | Computer Name = GUSTAVOS | Source = ESENT | ID = 455
Description = wuaueng.dll (5932) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ OSession Events ]
Error - 1/30/2008 4:03:52 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 617
seconds with 240 seconds of active time. This session ended with a crash.

Error - 11/6/2008 10:53:03 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18610
seconds with 960 seconds of active time. This session ended with a crash.

Error - 12/29/2008 10:20:28 AM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/9/2009 12:00:32 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17070
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 10/13/2009 9:21:11 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 30605
seconds with 10860 seconds of active time. This session ended with a crash.

Error - 12/29/2009 8:46:12 AM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 172
seconds with 120 seconds of active time. This session ended with a crash.

Error - 5/6/2010 9:58:18 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/19/2010 12:49:35 AM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34629
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/20/2010 1:29:11 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13019
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/14/2012 10:17:35 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17396
seconds with 5460 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The WDDMService service terminated unexpectedly. It has done this
1 time(s).

Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The Ulead Burning Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The WD File Management Shadow Engine service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The WTService service terminated unexpectedly. It has done this 1
time(s).

Error - 2/17/2012 1:04:41 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The Acronis Scheduler2 Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/17/2012 1:04:41 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The Acronis Nonstop Backup Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/17/2012 1:04:41 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7031
Description = The Acronis Sync Agent Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 2/17/2012 1:24:34 PM | Computer Name = GUSTAVOS | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.21. The machine with the IP address 192.168.1.1 did not
allow the name to be claimed by this machine.

Error - 2/17/2012 1:25:02 PM | Computer Name = GUSTAVOS | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.21. The machine with the IP address 192.168.1.1 did not
allow the name to be claimed by this machine.

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-02-17 17:36:44 ·

lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54

Reviews:

·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

Sec Check

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 7 [color=red]Out of date![/color]
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Java(TM) 6 Update 24
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_04
[color=red]Java version out of date![/color]
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2012-02-17 17:37:06 ·

LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

Reviews:

·Comcast

reply to GMLUSA

Re: [Malware] Computer stops obeying the mouse but drives spin l

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2012-02-17 19:29:35 ·

Broadband Tech > Security > Security Cleanup > [Malware] Computer stops obeying the mouse but drives spin like

[Malware] Computer stops obeying the mouse but drives spin like

MBAM

OTL

EXTRAS

Sec Check

Re: [Malware] Computer stops obeying the mouse but drives spin l