Re: CPU Spikes in svchost.exe

**DrewtheMew** · 02-10-2010

OK, i had to run in safe mode to do any of this but i managed to do the steps i was told to on my other thread. I had to Zip all of it cuz the site wouldnt take the OTL txt because of its size, so see the attachment, thanks!

**broni** · 03-10-2010

Please, never zip any logs, or attach them.
Paste all logs into your reply.

**DrewtheMew** · 03-10-2010

the comp wont let me, the site always times out before i can post them :C plus, like i said, one of the txt's was too big to post. i attached the ones i could. posting the last one here:

OTL:

OTL logfile created on: 10/2/2010 2:43:04 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Andrew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 585.20 Gb Total Space | 383.56 Gb Free Space | 65.54% Space Free | Partition Type: NTFS
Drive D: | 9.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL-9001
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/02 12:35:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/04/11 01:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 01:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe

========== Modules (SafeList) ==========

MOD - [2010/10/02 12:35:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
MOD - [2009/04/11 01:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 09:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/08/16 01:02:35 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/03 17:18:08 | 000,066,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\jwpen.exe -- (HWSuperPowerTablet)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/25 12:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/07/17 10:09:03 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/30 23:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 22:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/04/06 13:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/03/02 06:41:49 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/02/17 12:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008/11/14 04:03:58 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisprot.sys -- (Ndisprot)
DRV - [2008/07/26 10:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/06/02 18:11:40 | 002,147,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/28 03:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:23:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/01 08:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 08:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/28 18:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/28 07:18:10 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/30 12:10:28 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\HYRDBios.sys -- (HYRDBios)
DRV - [2007/03/26 11:09:56 | 000,006,400 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HWDrawing.sys -- (VHWDrawing)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/25 12:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/10 08:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2005/05/13 15:59:44 | 000,019,212 | ---- | M] (Redcl0ud) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xbcd.sys -- (XBCD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6
FF - prefs.js..extensions.enabledItems: {eeeeeeee-aaaa-0000-aaaa-000000000000}:3.1.2
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {99a0337c-6303-4879-b72e-500fd9aaca8c}:1.0.8
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/26 03:39:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 05:01:17 | 000,000,000 | ---D | M]

[2009/06/17 21:41:27 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\mozilla\Extensions
[2010/10/01 22:47:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Pr ofiles\vjax0f5n.default\extensions
[2010/05/28 10:47:02 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Pr ofiles\vjax0f5n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/04/26 20:38:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Pr ofiles\vjax0f5n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/04 16:01:52 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Pr ofiles\vjax0f5n.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/09/19 13:49:27 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Pr ofiles\vjax0f5n.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/08/17 23:53:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Pr ofiles\vjax0f5n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/18 22:47:02 | 000,000,000 | ---D | M] (Fasterfox (EladKarako Mod)) -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Pr ofiles\vjax0f5n.default\extensions\{eeeeeeee-aaaa-0000-aaaa-000000000000}
[2009/12/16 10:41:24 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Pr ofiles\vjax0f5n.default\extensions\savesession@noa sobi.net
[2010/05/28 10:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Pr ofiles\vjax0f5n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/04/28 11:34:03 | 000,001,681 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\FireFox\Pr ofiles\vjax0f5n.default\searchplugins\ask.uk.xml
[2010/10/01 22:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/09 12:46:21 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2010/07/18 18:27:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/19 21:07:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/19 21:06:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/30 22:15:11 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/06/17 19:01:01 | 000,000,158 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 antiviruspro.microsoft.com
O1 - Hosts: 94.232.248.66 antivirussyspr2009.com
O1 - Hosts: 94.232.248.66 www.antivirussyspr2009.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll (Google Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWTablet KeyPlus] C:\Windows\System32\HWKeyPlus.exe ()
O4 - HKLM..\Run: [HWTablet Service] C:\Windows\System32\HWTabTray.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FreeCall] C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe File not found
O4 - HKCU..\Run: [Iconize2] C:\Program Files\Iconize\Iconize.exe (Brooks Younce Software)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKCU..\Run: [VoipCheapCom] C:\Program Files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.e xe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: qoKffnHRSP - {73F36F2E-D959-C584-4783-8FBC838FBA69} - C:\Windows\System32\zae.dll File not found
O24 - Desktop WallPaper: C:\Users\Andrew\Pictures\PhotoShop\Finished\Backgo und no Char..jpg
O24 - Desktop BackupWallPaper: C:\Users\Andrew\Pictures\PhotoShop\Finished\Backgo und no Char..jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/10 13:27:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{07afba12-2641-11de-a7ae-001e68488e09}\Shell - "" = AutoRun
O33 - MountPoints2\{07afba12-2641-11de-a7ae-001e68488e09}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{876758e5-450a-11de-b049-001e68488e09}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = Autorun
O33 - MountPoints2\F\Shell\Open\command - "" = F:\resycled\boot.com -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/10/02 12:44:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/02 12:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/02 12:44:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/02 12:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/02 12:35:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2010/10/02 12:30:48 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/26 03:51:53 | 000,000,000 | ---D | C] -- C:\CPQSYSTEM
[2010/09/26 02:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/09/26 02:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/09/26 02:46:31 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Acronis
[2010/09/26 02:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/09/25 23:30:32 | 000,000,000 | ---D | C] -- C:\XboxBackup
[2010/09/22 19:39:11 | 000,000,000 | RH-D | C] -- C:\Users\Andrew\AppData\Roaming\SecuROM
[2010/09/22 19:34:26 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\My Spore Creations
[2010/09/22 19:34:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\SPORE
[2010/09/22 19:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/09/22 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/09/22 16:12:30 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Movies
[2010/09/16 22:25:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Unity
[2010/09/16 22:14:01 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Unity
[2010/09/14 00:44:24 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\GTA Vice City User Files
[2010/09/12 20:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/09/06 02:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/04 18:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\ACE
[2010/08/26 02:38:06 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Xilisoft Corporation
[2010/08/09 12:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NextUp
[2010/08/09 12:46:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\NextUp
[2010/08/09 12:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\TextAloud
[2010/07/31 01:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Recovery Magic
[2010/07/31 01:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2010/07/23 22:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Cracker
[2010/07/23 21:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/07/23 21:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/07/19 21:15:48 | 000,000,000 | ---D | C] -- C:\Windows\Lhsp
[2010/07/19 21:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Speech SDK 5.1
[2010/07/19 20:55:03 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\NCH Swift Sound
[2010/07/19 20:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010/07/19 20:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/07/18 18:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/18 18:25:25 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\LogiShrd
[2010/07/18 18:18:49 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\HOMEWORK
[2010/07/18 18:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

========== Files - Modified Within 90 Days ==========

[2010/10/02 14:43:04 | 006,553,600 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat
[2010/10/02 13:28:52 | 000,007,620 | ---- | M] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2010/10/02 13:01:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/02 12:59:51 | 000,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{a7b639db-ccee-11df-b7ba-001e68488e09}.TMContainer00000000000000000001.regt rans-ms
[2010/10/02 12:59:51 | 000,065,536 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{a7b639db-ccee-11df-b7ba-001e68488e09}.TM.blf
[2010/10/02 12:44:39 | 000,000,842 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/02 12:39:36 | 324,209,148 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/02 12:35:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2010/10/02 12:35:24 | 000,234,078 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/02 12:34:59 | 000,080,384 | ---- | M] () -- C:\Users\Andrew\Desktop\MBRCheck.exe
[2010/10/02 12:30:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/02 12:29:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/02 12:26:12 | 000,000,241 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/10/02 12:24:06 | 000,234,078 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/02 12:23:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/02 12:23:21 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2010/10/02 12:23:20 | 000,003,116 | ---- | M] () -- C:\Windows\HWTablet.bin
[2010/10/02 12:17:28 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/02 12:14:59 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 12:14:59 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 12:14:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/02 02:29:02 | 046,464,086 | ---- | M] () -- C:\Users\Andrew\Documents\svchost.dmp
[2010/10/02 01:37:55 | 000,000,698 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\procexp - Shortcut.lnk
[2010/09/30 23:43:33 | 001,739,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/30 23:38:22 | 000,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{a7b639db-ccee-11df-b7ba-001e68488e09}.TMContainer00000000000000000002.regt rans-ms
[2010/09/30 23:06:17 | 000,719,940 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/30 23:06:17 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/30 23:06:17 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/30 20:11:57 | 000,524,288 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2010/09/30 20:11:57 | 000,065,536 | -HS- | M] () -- C:\Users\Andrew\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/27 19:22:21 | 000,020,365 | ---- | M] () -- C:\Users\Andrew\Documents\ass01.docx
[2010/09/26 02:43:26 | 000,181,760 | ---- | M] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/25 03:30:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\RegFixPro Scheduled Scan.job
[2010/09/23 22:50:21 | 000,001,135 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Spore.lnk
[2010/09/23 03:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2010/09/22 19:39:10 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010/09/22 19:29:06 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/09/12 16:32:24 | 000,001,003 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\aTube Catcher.lnk
[2010/09/12 16:32:24 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 10:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 09:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/05 15:02:34 | 000,002,377 | ---- | M] () -- C:\Users\Andrew\Desktop\Skype.lnk
[2010/09/04 18:35:03 | 000,106,872 | ---- | M] () -- C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/31 23:26:07 | 000,000,934 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2010/08/17 22:40:02 | 000,002,339 | ---- | M] () -- C:\Users\Andrew\Desktop\Windows Movie Maker 2.6.lnk
[2010/08/08 06:34:43 | 000,000,086 | ---- | M] () -- C:\Users\Andrew\Documents\Tankmen.swf_down.htm
[2010/07/25 15:28:30 | 000,002,173 | ---- | M] () -- C:\Windows\mdll.dl
[2010/07/23 21:30:12 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/22 23:14:57 | 000,005,011 | ---- | M] () -- C:\Windows\HWTablet.cfg
[2010/07/19 20:54:05 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
[2010/07/10 20:41:12 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010/07/10 20:41:12 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010/07/10 20:41:11 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll

========== Files Created - No Company Name ==========

[2010/10/02 12:44:39 | 000,000,842 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/02 12:35:01 | 000,080,384 | ---- | C] () -- C:\Users\Andrew\Desktop\MBRCheck.exe
[2010/10/02 02:28:55 | 046,464,086 | ---- | C] () -- C:\Users\Andrew\Documents\svchost.dmp
[2010/10/02 01:37:55 | 000,000,698 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\procexp - Shortcut.lnk
[2010/09/30 20:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{a7b639db-ccee-11df-b7ba-001e68488e09}.TMContainer00000000000000000002.regt rans-ms
[2010/09/30 20:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{a7b639db-ccee-11df-b7ba-001e68488e09}.TMContainer00000000000000000001.regt rans-ms
[2010/09/30 20:20:24 | 000,065,536 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{a7b639db-ccee-11df-b7ba-001e68488e09}.TM.blf
[2010/09/23 22:50:21 | 000,001,135 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Spore.lnk
[2010/09/22 19:26:03 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/09/15 17:13:00 | 000,020,365 | ---- | C] () -- C:\Users\Andrew\Documents\ass01.docx
[2010/08/31 23:26:07 | 000,000,934 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2010/07/25 15:28:30 | 000,002,173 | ---- | C] () -- C:\Windows\mdll.dl
[2010/07/23 21:26:26 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/07/19 20:54:05 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
[2010/03/06 16:18:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/04 16:49:14 | 000,234,078 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/04 16:49:10 | 000,234,078 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/02/15 22:37:23 | 003,907,640 | ---- | C] () -- C:\Windows\System32\gsdll32.dll
[2010/01/27 08:49:21 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/12/26 15:47:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\jwusbchk.dll
[2009/12/26 15:47:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\jwusbchk32.dll
[2009/12/26 15:47:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\JWKey.dll
[2009/12/26 15:47:07 | 000,029,696 | ---- | C] () -- C:\Windows\System32\JWPen.dll
[2009/12/26 15:47:07 | 000,028,672 | ---- | C] () -- C:\Windows\HWCkPenT.dll
[2009/10/09 00:46:29 | 000,000,760 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\setup_ldm.iss
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/08/30 20:30:04 | 000,000,135 | ---- | C] () -- C:\Windows\custvoic.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/17 10:09:03 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/06/07 06:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/16 09:20:49 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/04/16 09:20:48 | 000,022,328 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\PnkBstrK.sys
[2009/04/04 23:43:55 | 000,000,647 | ---- | C] () -- C:\Windows\hegames.ini
[2009/04/02 09:25:03 | 000,016,645 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\UserTile.png
[2009/02/03 16:08:49 | 000,000,065 | ---- | C] () -- C:\Windows\vpg_bcsb.ini
[2009/01/28 00:18:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/06 00:45:39 | 000,000,522 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/11/21 02:40:45 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/11/17 02:21:37 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\AppData\Local\FnF4.txt
[2008/11/14 04:03:58 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\ndisprot.sys
[2008/11/13 22:34:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\1stscrhook.dll
[2008/11/13 22:17:37 | 000,000,043 | ---- | C] () -- C:\Windows\Dim.ini
[2008/11/01 22:02:00 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/10/12 21:00:53 | 000,000,241 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/08 16:15:30 | 000,000,066 | ---- | C] () -- C:\Windows\System32\SQSDRVWC.SYS
[2008/10/08 16:10:22 | 000,000,076 | ---- | C] () -- C:\Windows\WaveCreator.ini
[2008/10/08 16:08:38 | 000,000,036 | ---- | C] () -- C:\Windows\System32\drvlock.sys
[2008/09/18 13:40:45 | 000,000,405 | -HS- | C] () -- C:\Windows\System32\TttvwGgh.ini2
[2008/09/18 13:40:45 | 000,000,405 | -HS- | C] () -- C:\Windows\System32\TttvwGgh.ini
[2008/09/03 23:34:18 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/08/14 19:43:35 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2008/08/14 19:43:35 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2008/08/04 16:15:49 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/08/04 16:15:49 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/08/04 16:15:49 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/07/23 16:42:29 | 001,936,528 | ---- | C] () -- C:\Windows\System32\ltmm15.dll
[2008/07/19 17:11:37 | 000,000,330 | ---- | C] () -- C:\Windows\EDofMA.ini
[2008/07/17 20:55:08 | 000,181,760 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/17 16:49:32 | 000,007,620 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2008/07/17 16:39:26 | 000,187,814 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\nvModes.001
[2008/07/17 16:37:08 | 000,187,814 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\nvModes.dat
[2008/07/17 15:27:40 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\AppData\Local\QSwitch.txt
[2008/07/17 15:27:40 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DSwitch.txt
[2008/07/17 15:27:40 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\AppData\Local\AtStart.txt
[2008/04/12 03:09:22 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/10 13:42:11 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/01/25 12:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006/11/10 08:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002/10/15 17:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2010/01/29 11:42:06 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Acoustica
[2010/09/26 03:11:39 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Acronis
[2010/04/25 19:46:45 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\AquaNox
[2008/07/17 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Atari
[2010/02/15 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\AutoDWG
[2008/08/24 00:20:13 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Canon
[2009/03/22 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Cool Record Edit Pro
[2008/07/18 00:03:31 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Custom Skin Clock
[2010/09/30 20:18:02 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Desktopicon
[2009/02/03 21:50:22 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Fomine Software
[2009/03/22 20:20:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Free Sound Recorder
[2010/02/19 10:11:46 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\FreeCall
[2008/08/14 19:52:17 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\GeoVid
[2008/08/20 22:16:59 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\GetRightToGo
[2009/04/14 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ImgBurn
[2009/02/19 10:43:52 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ImTOO Software Studio
[2008/07/17 19:17:28 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Leadertech
[2010/01/11 00:32:57 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\MP3Rocket
[2009/02/03 11:44:17 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Music Recognition
[2010/07/19 20:55:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\NCH Swift Sound
[2009/10/30 22:32:52 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\NeopleLauncherDFO
[2009/04/02 09:25:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PeerNetworking
[2010/05/26 03:25:02 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PenProtect
[2008/11/01 21:55:55 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PlayFirst
[2009/08/18 21:42:55 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Publish Providers
[2008/07/27 00:51:04 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Roni Music
[2009/07/18 21:04:41 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Screaming Bee
[2009/08/18 21:30:29 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Sony
[2010/09/24 08:58:40 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\SPORE
[2010/02/09 16:00:50 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\TeamViewer
[2010/09/16 22:25:32 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Unity
[2010/03/03 17:48:49 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\VoipCheapCom
[2008/11/01 17:41:19 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\WildTangent
[2009/09/24 22:04:32 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\WinFF
[2010/05/26 02:59:02 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\WinSesame
[2010/02/15 01:08:05 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Xilisoft Corporation
[2008/07/25 23:14:49 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\YouSendIt
[2010/10/02 12:23:21 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2010/09/23 03:00:00 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2010/09/25 03:30:00 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\RegFixPro Scheduled Scan.job
[2010/10/02 12:13:53 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/03/10 13:27:08 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/07/18 22:07:17 | 000,000,000 | ---- | M] () -- C:\fftoutput.txt
[2008/07/19 15:30:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/19 15:30:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/02 13:00:50 | 3534,213,120 | -HS- | M] () -- C:\pagefile.sys
[2010/03/10 02:17:34 | 000,827,392 | ---- | M] () -- C:\tc0s
[2009/07/17 19:19:45 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log
[2010/06/11 02:31:45 | 000,002,606 | ---- | M] () -- C:\wbScript.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/03/06 16:44:23 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.D LL
[2007/04/02 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8U. DLL
[2007/04/02 05:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8U. DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.d ll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr .dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/04/09 16:11:40 | 000,000,638 | -HS- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/02 12:34:59 | 000,080,384 | ---- | M] () -- C:\Users\Andrew\Desktop\MBRCheck.exe
[2010/10/02 12:35:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/03/06 17:04:21 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/03/06 17:03:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/03/06 17:03:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/03/06 17:03:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/03/06 17:03:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/03/06 17:03:51 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/07/17 15:27:07 | 000,000,402 | -HS- | M] () -- C:\Users\Andrew\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/03/10 13:43:10 | 000,000,372 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/04/19 12:09:01 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/02 12:35:24 | 000,234,078 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Andrew\Documents\YouTube - Happy Happy Joy Joy The Ren Stimpy Show..mpeg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Andrew\Documents\Mudkip.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Andrew\Documents\beer_song_lyrics.avi:TOC .WMV
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:408F95E5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:98781370
< End of report >

**broni** · 03-10-2010

You can post one log per reply, if the length is the issue....

OTL Extras logfile created on: 10/2/2010 2:43:04 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Andrew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 585.20 Gb Total Space | 383.56 Gb Free Space | 65.54% Space Free | Partition Type: NTFS
Drive D: | 9.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL-9001
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Users\Andrew\Downloads\PIC67576676-JPG-www.facebook.com.exe" = C:\Windows\jusched.exe:*:Enabled:Java developer Script Browse -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{08881D20-1B48-4FBB-8123-4D26022B32AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1086888C-B6E5-4AA1-AEFB-28B7B0E1232C}" = lport=137 | protocol=17 | dir=in | app=system |
"{1ADA21BE-40B5-4847-BE4A-68B87B255150}" = lport=445 | protocol=6 | dir=in | app=system |
"{3274D2E6-2719-42F2-8415-BD96824E9D32}" = rport=139 | protocol=6 | dir=out | app=system |
"{35D4EFA3-5618-4653-A6C8-1A9C5B6A1C94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{362C27EE-8D82-4DA0-BC22-8DCE279124D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{4BD82E36-B696-49D8-8C8B-0A9541F27AB3}" = rport=445 | protocol=6 | dir=out | app=system |
"{50EF4EAF-4B61-4166-B7C0-701E3EF0B2DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{60BE85C7-58BE-4CF6-98C3-98B0C738D290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62BE2052-A3CB-4EA1-955D-4801F894A734}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A79D4A5-269C-4D19-B39A-68168DEC1CAD}" = lport=139 | protocol=6 | dir=in | app=system |
"{E2A093FD-337F-4E26-BEC8-C8EB63D72C6D}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{06144900-D9FD-42CF-A16F-730DA08291D6}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.e xe |
"{0B358A47-409B-4B15-A703-0A69EAE97B2E}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{0B3DFABB-BACC-4E7E-BC0C-224675882B7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0BD77EA3-E35D-4799-A3D2-B722DFC408B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1309CF4A-84AA-4ACF-A33B-996EF2851C16}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.e xe |
"{18268889-C865-433A-9501-9948FEBBDEAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{289C3FA9-9D00-403E-BC4E-101AE75FD55B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3733196E-1DED-43F0-B91C-8926D766725A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{380259C7-3C37-4DAD-B37F-962A36FBA3CD}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3EC3F1B1-D5A8-45D4-A4CE-D2F90859109D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48049222-E569-4E92-A0D9-5AFF77D26730}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C5AF623-1656-4010-AE8D-BE2C181A2869}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B081BD0-9FE3-4ECA-9457-70487E7C1A2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6093001D-FCBA-43DF-B707-E8FC8AE958CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64D4F307-4124-4107-82ED-7659603CAEBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FFF5F20-435A-47C9-96A1-8CA0575BAEE9}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{7D95E162-ACAC-4842-92C3-B55A91C3E4D1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{7F1CC042-28F3-41F1-A3BA-6A809242A730}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85FDF65D-3D43-4201-A0BA-D735D49B4ECB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B7B457E-7E73-4DBA-8862-2B51FDF94447}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8D54F7E7-95EC-47DA-8BD2-6A25CA835907}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{9A92F98B-CCAA-431D-8790-30F2887D5FB7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C47785B-06D4-4D38-8319-C908E6E9FB7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A6DB0DE3-034E-4042-8700-25E468F68071}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.e xe |
"{AFA015B3-CB9B-4DE4-819C-EB31EED2AA73}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{B18A498C-234B-467E-8813-2120CB1DA482}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom.com\voipcheapcom\voipcheapcom.e xe |
"{C8C04F5D-9F6D-4523-A00F-BC9CD37B3887}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{CBAB91A8-B7F0-4B19-8949-CBDBDE2A9C8E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D050B76F-ED1D-4485-BD14-C7E0B36F5F56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE8BBA5E-2B9D-4424-A010-45D79946C2A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E2C90668-212D-4DE9-BBCC-94FC1E28993C}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{E42A2CD6-39DB-4BFE-B3D0-00CDCDBD126F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F5FBC178-07AE-42DF-BD14-DCE7216C40DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0FC27EF3-24D2-4ACC-A568-0DD36C4E8F9F}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{7FF2F795-C1E1-44C7-8F28-3AE99F77BB48}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{9AAE3840-0235-4CA3-9E6D-493916627D8B}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{A90B7786-9FBE-4E09-8E23-ED59164E0FB0}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"TCP Query User{C90FD6C9-A5FB-4843-B215-4AB5B702EC21}C:\program files\fox\aliens vs. predator 2\avp2serv.exe" = protocol=6 | dir=in | app=c:\program files\fox\aliens vs. predator 2\avp2serv.exe |
"TCP Query User{D3C718EC-AEB9-48EC-95FF-E3365FB29458}C:\program files\aquanox\aqua.exe" = protocol=6 | dir=in | app=c:\program files\aquanox\aqua.exe |
"TCP Query User{D7199701-A777-47FE-9DD9-5FBD6B851D2A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0D8BFF95-6BA2-441F-99AB-7C88CBB8A431}C:\program files\fox\aliens vs. predator 2\avp2serv.exe" = protocol=17 | dir=in | app=c:\program files\fox\aliens vs. predator 2\avp2serv.exe |
"UDP Query User{1F5EE99E-43CD-4A50-B242-E5B8A71294BD}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{3B470948-3853-4D5D-B253-EB2AD5CF82EA}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{8753B08C-5E77-4AB3-88F3-773ED2B4439A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A019DC27-B345-45E9-8835-7306496C68B0}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{C76ED859-5B4A-4A8D-9D2E-2FDE73FDE900}C:\program files\aquanox\aqua.exe" = protocol=17 | dir=in | app=c:\program files\aquanox\aqua.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{180EF577-D68D-41F2-B4A7-71331B8DB2DE}" = DWGSee DWG Viewer Pro
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A621A2F-98F6-4373-89A2-8ED16076990A}" = WinRez LT Studio
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{3A0604C2-807A-11DB-8DF8-00508DD5B6B9}" = Microsoft Mike and Mary TTS Engines 5.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}" = MorphVOX Junior
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7204C956-B01F-4344-9F10-67485DBE7D15}" = StuffIt 2009
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: The First Encounter
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ACD21A44-4EF9-4461-B1F3-45786E395032}" = Tablet Driver
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B40DED06-B52E-4970-8689-578D162638ED}" = DWGSee DWG Viewer
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"ACE" = ACE - a collaborative editor
"Acoustica Effects Pack" = Acoustica Effects Pack
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"AquaNox" = AquaNox
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"aTube Catcher" = aTube Catcher
"AudioRetoucher_is1" = AudioRetoucher 3.5.0.12
"avast5" = avast! Free Antivirus
"BitLord" = BitLord 1.1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747 C02D.1" = EA Download Manager UI
"DirectVobSub" = DirectVobSub (remove only)
"EA Download Manager" = EA Download Manager
"eBay Icon" = eBay Icon
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 7" = FL Studio 7
"FL Studio_is1" = FL Studio v7.0
"Flash Decompiler Gold_is1" = Flash Decompiler Gold 2.0.4.1204
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Sound Recorder" = Free Sound Recorder
"Google Updater" = Google Updater
"Half-Life" = Half-Life
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HyperCam 2" = HyperCam 2
"Iconize2" = Iconize 2.0
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Basic)
"LHTTSRUR" = L&H TTS3000 Russian
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"Prism" = Prism Video Converter
"PunkBusterSvc" = PunkBuster Services
"RAR Password Cracker" = RAR Password Cracker 4.12
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.278
"RECOIL" = RECOIL
"Red Baron 3D" = Red Baron 3D
"save2pc Pro Demo_is1" = save2pc Pro Demo 3.41
"Sierra Utilities" = Sierra Utilities
"Smart Audio Converter_is1" = Smart Audio Converter
"SMPlayer_is1" = SMPlayer 0.6.6
"Speakonia_is1" = Speakonia
"Stewart Essential Calc ET 1" = Stewart Essential Calc ET 1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Ultra Flash Video FLV Converter_is1" = Ultra Flash Video FLV Converter 4.2.0716
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"VobSub" = VobSub v2.23 (Remove Only)
"Voice Tweaker" = Voice Tweaker 4.1.0.5
"WavePad" = WavePad Sound Editor
"West_Point_Bridge_Designer_2007" = West Point Bridge Designer 2007
"Windows Lemmings" = Lemmings for Windows 95
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinFF_is1" = WinFF 1.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"XBCD" = XBCD 1.07
"Xilisoft DPG Converter" = Xilisoft DPG Converter
"XiphQT" = Xiph QuickTime Components
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Toolbar" = Yahoo! Toolbar
"YASA AVI WMV ASF MOV VOB to MP3 Converter v2.6 (build 0048)" = YASA AVI WMV ASF MOV VOB to MP3 Converter v2.6 (build 0048)
"YASA MP4 Video Converter v3.2 (build 0051)" = YASA MP4 Video Converter v3.2 (build 0051)
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

Error - 12/20/2009 9:54:02 PM | Computer Name = HAL-9001 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 10/2/2010 2:02:25 PM | Computer Name = HAL-9001 | Source = WinMgmt | ID = 10
Description =

Error - 10/2/2010 2:05:28 PM | Computer Name = HAL-9001 | Source = EventSystem | ID = 4609
Description =

Error - 10/2/2010 2:19:21 PM | Computer Name = HAL-9001 | Source = Application Error | ID = 1000
Description = Faulting application evc7tpw0.exe, version 1.0.15.15281, time stamp
0x4b2763f0, faulting module evc7tpw0.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
exception code 0xc0000005, fault offset 0x0000c4b1, process id 0x7f8, application
start time 0x01cb625d9d13aa62.

Error - 10/2/2010 2:24:43 PM | Computer Name = HAL-9001 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception
code 0xc0000005, fault offset 0x0000c4b1, process id 0x22c, application start time
0x01cb625ed84a3ee2.

Error - 10/2/2010 2:28:54 PM | Computer Name = HAL-9001 | Source = EventSystem | ID = 4609
Description =

Error - 10/2/2010 2:29:34 PM | Computer Name = HAL-9001 | Source = Perflib | ID = 1008
Description =

Error - 10/2/2010 2:29:34 PM | Computer Name = HAL-9001 | Source = Perflib | ID = 1010
Description =

Error - 10/2/2010 2:29:36 PM | Computer Name = HAL-9001 | Source = PerfNet | ID = 2004
Description =

Error - 10/2/2010 3:39:01 PM | Computer Name = HAL-9001 | Source = System Restore | ID = 8193
Description =

Error - 10/2/2010 3:43:23 PM | Computer Name = HAL-9001 | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 7/17/2008 9:37:04 PM | Computer Name = HAL-9001 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/14/2008 7:48:20 PM | Computer Name = HAL-9001 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/20/2008 1:43:01 AM | Computer Name = HAL-9001 | Source = Mcx2Dvcs | ID = 405
Description =

Error - 11/20/2008 1:44:13 AM | Computer Name = HAL-9001 | Source = Mcx2Prov | ID = 505
Description =

Error - 11/20/2008 1:44:13 AM | Computer Name = HAL-9001 | Source = Mcx2Dvcs | ID = 405
Description =

Error - 2/5/2009 7:53:59 PM | Computer Name = HAL-9001 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/9/2009 8:27:15 PM | Computer Name = HAL-9001 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/18/2009 7:57:34 PM | Computer Name = HAL-9001 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 5/3/2009 6:18:31 PM | Computer Name = HAL-9001 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 5/3/2009 6:20:42 PM | Computer Name = HAL-9001 | Source = Mcx2Dvcs | ID = 405
Description =

[ OSession Events ]
Error - 10/23/2008 3:19:24 AM | Computer Name = HAL-9001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 183
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/1/2009 9:16:20 AM | Computer Name = HAL-9001 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/2/2010 2:02:26 PM | Computer Name = HAL-9001 | Source = Service Control Manager | ID = 7001
Description =

Error - 10/2/2010 2:02:26 PM | Computer Name = HAL-9001 | Source = Service Control Manager | ID = 7001
Description =

Error - 10/2/2010 2:02:26 PM | Computer Name = HAL-9001 | Source = Service Control Manager | ID = 7001
Description =

Error - 10/2/2010 2:02:26 PM | Computer Name = HAL-9001 | Source = Service Control Manager | ID = 7026
Description =

Error - 10/2/2010 2:03:13 PM | Computer Name = HAL-9001 | Source = Service Control Manager | ID = 7001
Description =

Error - 10/2/2010 2:05:20 PM | Computer Name = HAL-9001 | Source = DCOM | ID = 10005
Description =

Error - 10/2/2010 2:05:28 PM | Computer Name = HAL-9001 | Source = DCOM | ID = 10005
Description =

Error - 10/2/2010 2:05:30 PM | Computer Name = HAL-9001 | Source = DCOM | ID = 10005
Description =

Error - 10/2/2010 2:05:34 PM | Computer Name = HAL-9001 | Source = DCOM | ID = 10005
Description =

Error - 10/2/2010 2

24 PM | Computer Name = HAL-9001 | Source = DCOM | ID = 10005
Description =

< End of report >

================================================== ==========

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4733

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

10/2/2010 12:59:06 PM
mbam-log-2010-10-02 (12-59-06).txt

Scan type: Quick scan
Objects scanned: 144056
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{7ce793ca-d16f-4e25-b347-50aac438750c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\4VDD85L8NF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegFixPro (Rogue.RegFixPro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zeldar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoft (Rogue.WinBlueSoft) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\MSIVXserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentV ersion\Run\java developer script browse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.75.0 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(defa ult) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\Andrew\AppData\Roaming\RegFixPro (Rogue.RegFixPro) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Roaming\RegFixPro\Log (Rogue.RegFixPro) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Roaming\RegFixPro\Registry Backups (Rogue.RegFixPro) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Andrew\downloads\PIC67576676-JPG-www.facebook.com.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Roaming\RegFixPro\Log\2008 Dec 18 - 03_30_00 AM_737.log (Rogue.RegFixPro) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Roaming\RegFixPro\Registry Backups\2008-11-16_21-18-11.reg (Rogue.RegFixPro) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sexvid\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus PC 2009.lnk (Rogue.AntiVirusPC2009) -> Quarantined and deleted successfully.
C:\Windows\System32\WinTab32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\zaponce52597.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Windows\zaponce52621.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Windows\zaponce52689.dat (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Windows\jmmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

================================================== =============

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-02 14:36:24
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\fxtyipow.sys

---- System - GMER 1.0.15 ----

INT 0x51 ? 85963BF8
INT 0x73 ? 86ED2F00
INT 0x82 ? 85963BF8
INT 0x83 ? 86ED2F00
INT 0x92 ? 85963BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\kdrr.sys The system cannot find the path specified. !
? System32\Drivers\spxx.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8B76541B 5 Bytes JMP 86ED24E0
.text aa7ct3iw.SYS 8F4CA000 2 Bytes [82, D3]
.text aa7ct3iw.SYS 8F4CA003 19 Bytes [83, 6C, D2, 00, 83, 60, 9F, ...]
.text aa7ct3iw.SYS 8F4CA017 84 Bytes [00, 32, 47, 71, 80, 3D, 45, ...]
.text aa7ct3iw.SYS 8F4CA06C 96 Bytes [90, FE, 07, 83, 98, FE, 0D, ...]
.text aa7ct3iw.SYS 8F4CA0CE 10 Bytes [00, 00, 00, 00, 00, 00, F6, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; IDIV BYTE [ECX-0x25]; DEC ECX}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1968] ntdll.dll!LdrLoadDll 77329390 5 Bytes JMP 00C213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060A6D6] \SystemRoot\System32\Drivers\spxx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060A042] \SystemRoot\System32\Drivers\spxx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060A800] \SystemRoot\System32\Drivers\spxx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060A0C0] \SystemRoot\System32\Drivers\spxx.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060A13E] \SystemRoot\System32\Drivers\spxx.sys
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortNotification] 9831BC8D
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortWritePortUchar] 33000000
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortWritePortUlong] 40C683C9
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortGetPhysicalAddress] C10FF041
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] FF45C60E
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8BA8EB01
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortReadPortUchar] 11890855
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortStallExecution] CB8BD08A
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortGetParentBusType] 0ACC87C7
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortRequestCallback] 00010000
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortWritePortBufferUshort] D6FF0000
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortGetUnCachedExtension] E8F475FF
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortCompleteRequest] FFFFF118
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortMoveMemory] 00FF7D80
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 0090850F
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 75FF0000
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E8006A08
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortReadPortUshort] 0001E60A
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 000081E9
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortInitialize] 087D8300
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortGetDeviceBase] BF7B7501
IAT \SystemRoot\System32\Drivers\aa7ct3iw.SYS[ataport.SYS!AtaPortDeviceStateChange] [8F4EFFB0] \SystemRoot\System32\Drivers\aa7ct3iw.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80619E9C] \SystemRoot\System32\Drivers\spxx.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74137817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7418A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7413BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7412F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7412E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74168395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7413DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7412FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7412FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7415C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7412D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74126853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7412687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74132AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@ujdew 0xDA 0x61 0x13 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\MSIVXserv.sys@s tart 1
Reg HKLM\SYSTEM\ControlSet010\Services\MSIVXserv.sys@t ype 1
Reg HKLM\SYSTEM\ControlSet010\Services\MSIVXserv.sys@i magepath \systemroot\system32\drivers\MSIVXwdrbduqexsyrctdp gxueujsyvbkpieng.sys
Reg HKLM\SYSTEM\ControlSet010\Services\MSIVXserv.sys@g roup file system
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0xDA 0x61 0x13 0x09 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----

================================================== ============

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 131):
0x83039000 \SystemRoot\system32\ntkrnlpa.exe
0x83006000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\PSHED.dll
0x8041D000 \SystemRoot\system32\BOOTVID.dll
0x80425000 \SystemRoot\system32\CLFS.SYS
0x80466000 \SystemRoot\system32\CI.dll
0x80546000 \SystemRoot\System32\drivers\kdrr.sys
0x80554000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80608000 \SystemRoot\System32\Drivers\spxx.sys
0x80709000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80712000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80738000 \SystemRoot\system32\drivers\acpi.sys
0x8077E000 \SystemRoot\system32\drivers\msisadrv.sys
0x80786000 \SystemRoot\system32\drivers\pci.sys
0x807AD000 \SystemRoot\System32\drivers\partmgr.sys
0x807BC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807BF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807C9000 \SystemRoot\system32\drivers\volmgr.sys
0x8360D000 \SystemRoot\System32\drivers\volmgrx.sys
0x83657000 \SystemRoot\system32\drivers\pciide.sys
0x8365E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8366C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8367C000 \SystemRoot\system32\drivers\atapi.sys
0x83684000 \SystemRoot\system32\drivers\ataport.SYS
0x836A2000 \SystemRoot\system32\drivers\fltmgr.sys
0x836D4000 \SystemRoot\system32\drivers\fileinfo.sys
0x836E4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B404000 \SystemRoot\system32\drivers\ndis.sys
0x8B50F000 \SystemRoot\system32\drivers\msrpc.sys
0x8B53A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B604000 \SystemRoot\System32\drivers\tcpip.sys
0x8B6EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B804000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B914000 \SystemRoot\system32\drivers\wd.sys
0x8B91C000 \SystemRoot\system32\drivers\volsnap.sys
0x8B95D000 \SystemRoot\System32\Drivers\mup.sys
0x8B96C000 \SystemRoot\System32\drivers\ecache.sys
0x8B993000 \SystemRoot\system32\drivers\disk.sys
0x8B9A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B9C5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B9EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B709000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B9F9000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8B712000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B955000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B722000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B9FB000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B72B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B735000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B773000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B782000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B800000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x83755000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B79A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B7AA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B7B8000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8B7C7000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8B575000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8F408000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F4C9000 \SystemRoot\System32\Drivers\aa7ct3iw.SYS
0x8F500000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F513000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8F518000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F523000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F553000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F555000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F560000 \SystemRoot\system32\DRIVERS\HWDrawing.sys
0x8F562000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F591000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F5D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F5F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B7DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B5C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B5D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B5E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x837E2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x837F2000 \SystemRoot\system32\DRIVERS\VClone.sys
0x8F400000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805D3000 \SystemRoot\system32\DRIVERS\ks.sys
0x83600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807D8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F804000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F839000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F841000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F852000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F85B000 \SystemRoot\System32\Drivers\Null.SYS
0x8F862000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F869000 \SystemRoot\System32\drivers\vga.sys
0x8F875000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F896000 \SystemRoot\System32\drivers\watchdog.sys
0x8F8A2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F8AA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F8B5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F8C3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F8CC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F8EC000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F900000 \SystemRoot\system32\drivers\afd.sys
0x8F948000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8F94D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F97F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F995000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F9A3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F9DF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F9F6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F8E2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FE03000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FE1A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FE27000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FE32000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x994B0000 \SystemRoot\System32\win32k.sys
0x8FE3A000 \SystemRoot\System32\drivers\Dxapi.sys
0x996C0000 \SystemRoot\System32\drivers\dxg.sys
0x996F0000 \SystemRoot\System32\TSDDD.dll
0x99770000 \SystemRoot\System32\framebuf.dll
0x99780000 \SystemRoot\System32\ATMFD.DLL
0x8FE44000 \SystemRoot\system32\drivers\WudfPf.sys
0x8FE5E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8FE88000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FE92000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8FEAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8FEC0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8FEDF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8FF18000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8FF30000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8FF46000 \??\C:\Users\Andrew\AppData\Local\Temp\fxtyipow.sy s
0x77300000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 52\alcoholx.dll

Processes (total 30):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
576 csrss.exe
612 csrss.exe
620 C:\Windows\System32\wininit.exe
664 C:\Windows\System32\winlogon.exe
692 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
856 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\wisptis.exe
1620 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
828 C:\Windows\System32\wisptis.exe
1432 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1716 C:\Windows\explorer.exe
528 MpCmdRun.exe
1948 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
548 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2532 C:\Program Files\Mozilla Firefox\firefox.exe
2780 C:\Users\Andrew\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000092`4ce00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400BEVT-80A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: 85562D13BAA03F4C14EFB9AADC58F7B3382DCF47

Done!

**broni** · 03-10-2010

Download HostsXpert ( |MG| HostsXpert 4.3 Download ) and then follow the steps below:

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it (Vista and Windows 7 users, right click and click "Run As Administrator").
* click Restore MS Hosts File and then click OK.
* Click the X to exit the program

Restart computer.

================================================== ===========

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**DrewtheMew** · 03-10-2010

OK heres the combofix log, still running in safe mode btw. should i try running normally yet?

**broni** · 03-10-2010

Let me check your log first.....

ComboFix 10-10-01.07 - Andrew 10/02/2010 19:09:36.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2435 [GMT -5:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft Office\WINWORD.EXE
c:\users\Andrew\AppData\Roaming\Desktopicon
c:\users\Andrew\AppData\Roaming\Desktopicon\eBay.i co
c:\users\Andrew\AppData\Roaming\Desktopicon\eBaySh ortcuts.exe
c:\users\Andrew\AppData\Roaming\Desktopicon\uninst .exe
c:\users\Public\Favorites\Cheat code editor\Cheat Code Editor.exe
c:\users\Public\Favorites\HGE.patch
c:\users\Public\Favorites\HGEF.patch
c:\users\Public\Favorites\SSE.patch
c:\users\Public\Favorites\SSEF.patch
c:\users\Public\Favorites\xDelta GUI.exe
c:\users\Public\Favorites\xdelta.exe
c:\windows\mdll.dl
c:\windows\system32\KBL.LOG
c:\windows\system32\TttvwGgh.ini
c:\windows\System32\TttvwGgh.ini2
c:\windows\system32\vbzlib1.dll
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 00:06 . 2010-10-03 00:06 -------- d-----w- C:\32788R22FWJFW
2010-10-02 17:44 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 17:44 . 2010-10-02 17:44 -------- d-----w- c:\programdata\Malwarebytes
2010-10-02 17:44 . 2010-10-02 22:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:44 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 17:30 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-01 04:02 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-01 04:02 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-01 04:02 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-01 04:02 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-01 04:02 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-01 03:52 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-01 03:51 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-01 03:51 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-01 03:51 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-01 03:51 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-01 03:51 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-01 03:51 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-01 03:51 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-10-01 03:50 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-10-01 03:50 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-10-01 03:50 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-01 03:50 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-10-01 03:50 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-01 03:50 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-10-01 03:46 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-26 08:51 . 2010-09-26 08:51 -------- d-----w- C:\CPQSYSTEM
2010-09-26 07:48 . 2010-09-26 07:50 -------- d-----w- c:\program files\Common Files\Acronis
2010-09-26 07:48 . 2010-09-26 07:48 -------- d-----w- c:\program files\Acronis
2010-09-26 04:30 . 2010-09-26 07:00 -------- d-----w- C:\XboxBackup
2010-09-23 00:39 . 2010-09-23 00:39 -------- d--h--r- c:\users\Andrew\AppData\Roaming\SecuROM
2010-09-23 00:34 . 2010-09-24 13:58 -------- d-----w- c:\users\Andrew\AppData\Roaming\SPORE
2010-09-23 00:28 . 2010-09-23 00:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-23 00:06 . 2010-09-23 12:33 -------- d-----w- c:\program files\Electronic Arts
2010-09-22 21:12 . 2010-09-22 21:14 -------- d-----r- c:\users\Andrew\Movies
2010-09-17 03:25 . 2010-09-17 03:25 -------- d-----w- c:\users\Andrew\AppData\Roaming\Unity
2010-09-17 03:14 . 2010-09-17 03:14 -------- d-----w- c:\users\Andrew\AppData\Local\Unity
2010-09-13 21:24 . 2010-09-13 20:45 344064 ----a-w- c:\users\Andrew\AppData\Roaming\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\_setup.dll
2010-09-13 20:45 . 2002-12-02 20:33 107512 ----a-w- c:\users\Andrew\AppData\Roaming\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe
2010-09-13 01:43 . 2010-09-13 01:48 -------- d-----w- c:\programdata\PopCap Games
2010-09-06 07:59 . 2010-09-06 07:59 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-06 07:58 . 2010-09-06 07:59 -------- d-----w- c:\programdata\DivX
2010-09-04 23:19 . 2010-10-01 01:17 -------- d-----w- c:\program files\ACE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-03 00:01 . 2010-03-03 20:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-02 18:28 . 2008-07-17 21:49 7620 ----a-w- c:\users\Andrew\AppData\Local\d3d9caps.dat
2010-10-02 17:24 . 2010-07-24 02:26 -------- d-----w- c:\program files\Steam
2010-10-02 17:24 . 2010-03-04 21:49 234078 ----a-w- c:\programdata\nvModes.dat
2010-10-02 17:23 . 2009-12-26 20:47 3116 ----a-w- c:\windows\HWTablet.bin
2010-10-02 07:04 . 2010-03-03 20:43 117760 ----a-w- c:\users\Andrew\AppData\Roaming\SUPERAntiSpyware.c om\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-02 02:23 . 2008-07-17 20:42 -------- d-----w- c:\programdata\Google Updater
2010-10-02 01:30 . 2008-07-17 20:42 -------- d-----w- c:\program files\Google
2010-10-01 05:59 . 2009-07-21 08:07 -------- d-----w- c:\users\Andrew\AppData\Roaming\Skype
2010-10-01 05:41 . 2009-07-21 08:17 -------- d-----w- c:\users\Andrew\AppData\Roaming\skypePM
2010-10-01 05:33 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-10-01 05:33 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-10-01 05:33 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-10-01 04:40 . 2010-04-09 19:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-01 04:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-10-01 04:30 . 2008-03-10 18:37 -------- d-----w- c:\programdata\Microsoft Help
2010-10-01 04:28 . 2008-03-10 18:15 -------- d-----w- c:\program files\Microsoft Works
2010-10-01 04:13 . 2009-10-15 15:50 -------- d-----w- c:\program files\Microsoft
2010-10-01 04:10 . 2008-07-31 04:23 -------- d-----w- c:\program files\Movie Maker 2.6
2010-10-01 04:04 . 2008-03-10 18:38 -------- d-----w- c:\program files\Microsoft.NET
2010-09-23 12:33 . 2008-03-10 17:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-23 12:23 . 2010-09-23 12:09 6667912 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\support\eadm-installer.exe
2010-09-23 12:23 . 2010-09-23 12:09 386320 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\support\SPORE Galactic Adventures_code.exe
2010-09-23 12:23 . 2010-09-23 12:09 324880 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\_setup.dll
2010-09-23 12:23 . 2010-09-23 12:09 189712 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\support\SPORE Galactic Adventures_uninst.exe
2010-09-23 12:22 . 2010-09-23 12:09 30873872 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\Spore\SporebinEP1\SporeApp.exe
2010-09-23 12:22 . 2010-09-23 12:09 238856 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\Spore\SporebinEP1\winui.dll
2010-09-23 12:21 . 2010-09-23 12:09 655872 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\Spore\SporebinEP1\msvcr90.dll
2010-09-23 12:21 . 2010-09-23 12:09 626688 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\Spore\SporebinEP1\msvcr80.dll
2010-09-23 12:21 . 2010-09-23 12:09 337232 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\Spore\SporebinEP1\DMCmdPortalCl ient.dll
2010-09-23 12:21 . 2010-09-23 12:09 300304 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\Spore\SporebinEP1\paul.dll
2010-09-23 12:10 . 2010-09-23 12:09 540944 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\ISSetup.dll
2010-09-23 12:10 . 2010-09-23 12:09 378128 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\setup.exe
2010-09-23 12:09 . 2010-09-23 12:09 212240 ----a-w- c:\programdata\Electronic Arts\EADM\cache\{ drewthemew@hotmail.com }\spore_ep1_dd.zip\Autorun.exe
2010-09-23 00:39 . 2008-07-20 03:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-23 00:29 . 2008-07-17 19:21 -------- d-----w- c:\programdata\Electronic Arts
2010-09-22 06:29 . 2010-02-24 04:36 -------- d-----w- c:\program files\Messenger Plus! Live
2010-09-13 20:45 . 2008-07-20 02:15 -------- d-----w- c:\users\Andrew\AppData\Roaming\InstallShield Installation Information
2010-09-13 03:32 . 2009-12-12 03:46 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-07 15:11 . 2009-12-19 21:37 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-12-19 21:38 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-12-19 21:38 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-12-19 21:38 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-12-19 21:37 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-12-19 21:38 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-04 23:35 . 2008-07-17 20:27 106872 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-04 23:25 . 2008-08-16 06:11 -------- d-----w- c:\program files\Bonjour
2010-09-04 18:07 . 2008-03-10 18:44 -------- d-----w- c:\program files\CyberLink
2010-09-04 17:52 . 2009-12-05 23:41 -------- d-----w- c:\program files\NCH Software
2010-09-04 17:25 . 2009-05-01 16:16 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-09 17:56 . 2010-08-09 17:45 -------- d-----w- c:\program files\TextAloud
2010-08-09 17:46 . 2010-08-09 17:46 -------- d-----w- c:\programdata\NextUp
2010-08-04 21:50 . 2010-02-24 04:38 -------- d-----w- c:\programdata\Messenger Plus!
2010-07-11 01:41 . 2008-08-04 21:15 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-07-11 01:41 . 2008-08-04 21:15 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-07-11 01:41 . 2008-08-04 21:15 12067 ----atw- c:\windows\system32\SIntf16.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-07-17 68856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"Iconize2"="c:\program files\Iconize\Iconize.exe" [2008-11-08 184320]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Steam"="c:\program files\steam\steam.exe" [2010-09-04 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HWTablet KeyPlus"="c:\windows\system32\HWKeyPlus.exe" [2008-06-03 53248]
"HWTablet Service"="c:\windows\system32\HWTabTray.exe" [2008-06-03 299008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-06-24 92704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\users\Andrew\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-09-07 50768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9896fe460e3e0;Google Update Service (gupdate1c9896fe460e3e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\j wpen.exe [2008-06-03 66560]
R2 HYRDBios;HYRDBios;c:\windows\system32\DRIVERS\HYRD Bios.sys [2007-03-30 5632]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-11-14 29192]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio. sys [2009-04-06 23064]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-07-17 721904]
S3 VHWDrawing;HanWang Drawing Tablet;c:\windows\system32\DRIVERS\HWDrawing.sys [2007-03-26 6400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-17 20:52]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 22:03]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion &pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Pr ofiles\vjax0f5n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Andrew\AppData\LocalLow\Unity\WebPlayer\l oader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-VoipCheapCom - c:\program files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.e xe
HKCU-Run-FreeCall - c:\program files\FreeCall.com\FreeCall\FreeCall.exe
HKLM-RunOnce-<NO NAME> - (no file)
SSODL-qoKffnHRSP-{73F36F2E-D959-C584-4783-8FBC838FBA69} - c:\windows\system32\zae.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-hjwgagfa - c:\users\Andrew\AppData\Local\yoyxyg\tgvpsysguard. exe
MSConfigStartUp-Zeldar - c:\users\Andrew\AppData\Local\Temp\c.exe
AddRemove-AltoMP3 Gold - c:\program files\AltoMP3 Gold\uninst.exe
AddRemove-eBay Icon - c:\users\Andrew\AppData\Roaming\Desktopicon\uninst .exe
AddRemove-Empires Dawn of the Modern World - f:\games\ACTIVI~1\EMPIRE~1\Uninstall\Unwise.exe
AddRemove-My HP Game Console - c:\program files\HP Games\My HP Game Console\Uninstall.exe
AddRemove-save2pc Pro Demo_is1 - c:\program files\FDRLab\save2pc\unins000.exe
AddRemove-Smart Audio Converter_is1 - c:\program files\SmartAudioConverter\unins000.exe
AddRemove-WT026592 - c:\program files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT026598 - c:\program files\HP Games\7 Wonders of the Ancient World\Uninstall.exe
AddRemove-WT026599 - c:\program files\HP Games\Blasterball 2 Revolution\Uninstall.exe
AddRemove-WT026600 - c:\program files\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT026615 - c:\program files\HP Games\Crystal Maze\Uninstall.exe
AddRemove-WT026617 - c:\program files\HP Games\FATE\Uninstall.exe
AddRemove-WT026621 - c:\program files\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT026647 - c:\program files\HP Games\Fish Tycoon\Uninstall.exe
AddRemove-WT026649 - c:\program files\HP Games\Jewel Quest Solitaire\Uninstall.exe
AddRemove-WT026652 - c:\program files\HP Games\Mah Jong Quest\Uninstall.exe
AddRemove-WT026654 - c:\program files\HP Games\Peggle\Uninstall.exe
AddRemove-WT026655 - c:\program files\HP Games\Penguins!\Uninstall.exe
AddRemove-WT026656 - c:\program files\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT026657 - c:\program files\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT026658 - c:\program files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe
AddRemove-WT026659 - c:\program files\HP Games\Super Granny\Uninstall.exe
AddRemove-WT026678 - c:\program files\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT026689 - c:\program files\HP Games\Insaniquarium Deluxe\Uninstall.exe
AddRemove-WT026691 - c:\program files\HP Games\Otto's Magic Blocks\Uninstall.exe
AddRemove-WT026728 - c:\program files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe
AddRemove-WT026729 - c:\program files\HP Games\Virtual Villagers - A New Home\Uninstall.exe
AddRemove-WT026730 - c:\program files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe
AddRemove-WT026780 - c:\program files\HP Games\Final Drive Nitro\Uninstall.exe
AddRemove-WT026781 - c:\program files\HP Games\Tradewinds\Uninstall.exe
AddRemove-WT026807 - c:\program files\HP Games\Slingo Deluxe\Uninstall.exe
AddRemove-WT026813 - c:\program files\HP Games\Shooting Stars Pool\Uninstall.exe
AddRemove-WT026814 - c:\program files\HP Games\Ricochet Lost Worlds\Uninstall.exe
AddRemove-WT026836 - c:\program files\HP Games\Jewel Quest\Uninstall.exe
AddRemove-WT026837 - c:\program files\HP Games\Diner Dash\Uninstall.exe
AddRemove-WT027261 - c:\program files\HP Games\Magic Academy\Uninstall.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-02 19:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1087099917-4180313810-3312062721-1000\Software\SecuROM\License information*]
"datasecu"=hex:de,04,b8,3f,e6,29,31,7a,e3,53,b0,99 ,fd,12,12,6d,99,73,ac,cb,34,
07,07,99,39,f5,d6,ab,10,1e,f3,f0,1e,90,0f,26,33,91 ,13,93,54,78,b8,0b,1b,48,\
"rkeysecu"=hex:91,6b,7a,64,93,b2,fd,13,1d,8a,54,b8 ,75,f3,0b,fc

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-02 19

20
ComboFix-quarantined-files.txt 2010-10-03 00:21

Pre-Run: 411,456,598,016 bytes free
Post-Run: 411,350,827,008 bytes free

- - End Of File - - 7AD71620BC41D907500DD8318B368288

**broni** · 03-10-2010

Looks good

Try to restart in normal mode, see, if you can update Malwarebytes.
If so, run it and post fresh log.
If not, let me know.

**DrewtheMew** · 03-10-2010

running the scan now, still having the svchost sapping the cpu...

**DrewtheMew** · 03-10-2010

Updated and clean, problem persists. :C

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4734

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

10/2/2010 8:39:32 PM
mbam-log-2010-10-02 (20-39-32).txt

Scan type: Quick scan
Objects scanned: 151313
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: CPU Spikes in svchost.exe

Re: CPU Spikes in svchost.exe

Similar Threads

CPU Spikes every 5 seconds because of svchost.exe

[Resolved]Intermittent CPU spikes.

Massive random CPU usage spikes

Hm... Lag Spikes in games.

computer spikes every 10 seconds