CPU Usage prob

chennaivino · 03-15-2010, 11:42 PM

Hi,
I have Windows 7 64-bit installed in my laptop with 4GB of RAM. I get CPU usage spikes (i.e., Task Manager->Performance->CPU Usage) of 100% always even when there are no process running. The system becomes really slow and almost unusable. It works well in safe mode though. I am not sure whether its due to some virus,spyware or registry problems. I have Malware bytes installed in my system and there is no anti-virus installed. I do have Windows 7 install disk which is bootable.

Then I followed the TechSupport Forum rules and run GMER and here are the results

DDS.txt file:

DDS (Ver_09-12-01.01) - NTFSX64
Run by Chellu at 23:09:00.28 on Mon 03/15/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.3072 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Chellu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chellu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\msoffice\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\msoffice\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\msoffice\office12\REFIEBAR.DLL
Trusted Zone: cna.com\passage
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://passage.cna.com/vdesk/terminal/f5opswati.cab#Version=6500,2009,1218,2305
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://passage.cna.com/vdesk/terminal/f5opswati.cab#Version=6500,2009,1218,2305
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://passage.cna.com/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1010,310
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://passage.cna.com/vdesk/terminal/InstallerControl.cab#version=6031,2009,1010,0312
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://passage.cna.com/vdesk/terminal/f5opswati.cab#Version=6500,2009,1218,2305
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://passage.cna.com/vdesk/terminal/f5InspectionHost.cab#version=6031,2009,1010,0303
DPF: {5C2F0FAA-4966-4587-A85C-E08563B86BF3} - hxxps://passage.cna.com/policy/download_binary.php/win32/f5syschk.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://passage.cna.com/vdesk/terminal/vdeskctrl.cab#version=6031,2009,1212,1610
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://passage.cna.com/vdesk/terminal/urxshost.cab#version=6031,2009,1010,308
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://passage.cna.com/vdesk/terminal/urxhost.cab#version=6031,2009,1010,304
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://passage.cna.com/policy/download_binary.php/win32/f5syschk.cab#Version=6031,2009,1010,0309
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://passage.cna.com/vdesk/terminal/f5opswati.cab#Version=6500,2009,1218,2305
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\msoffice\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\msoffice\office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-9 139264]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2010-1-22 6952960]
R3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-9 5120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-2 187392]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\35E0.tmp [2010-3-15 6144]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1255736]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-6 89600]
S4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-2-5 228408]
S4 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 30520]

=============== Created Last 30 ================

2010-03-16 03:27:26 0 dc----w- c:\users\chellu\appdata\roaming\Malwarebytes
2010-03-16 03:27:20 0 d-----w- c:\programdata\Malwarebytes
2010-03-16 03:27:19 22104 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 03:23:56 3288 ------w- C:\bootsqm.dat
2010-03-16 00:00:07 524288 --sha-w- c:\users\chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
2010-03-16 00:00:07 524288 --sha-w- c:\users\chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
2010-03-16 00:00:06 65536 --sha-w- c:\users\chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TM.blf
2010-03-15 15:39:27 0 dc----w- c:\program files (x86)\Process Revealer Free Edition
2010-03-15 14:49:47 0 dc----w- c:\program files (x86)\Webroot
2010-03-15 14:37:34 0 --sha-w- C:\ProgramData.LOG2
2010-03-15 14:37:34 0 --sha-w- C:\ProgramData.LOG1
2010-03-15 14:36:30 0 dc----w- c:\program files (x86)\MSSOAP
2010-03-15 14:36:30 0 dc----w- c:\program files (x86)\common files\MSSoap
2010-03-15 14:35:53 164 -c--a-w- c:\windows\install.dat
2010-03-15 13:10:58 6144 -c----w- c:\windows\system32\35E0.tmp
2010-03-15 13:08:29 6144 -c----w- c:\windows\system32\EFCB.tmp
2010-03-15 13:08:19 0 dc----w- c:\program files (x86)\Sophos
2010-03-14 09:11:17 65536 --sha-w- c:\users\chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TM.blf
2010-03-14 09:11:17 524288 --sha-w- c:\users\chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
2010-03-14 09:11:17 524288 --sha-w- c:\users\chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
2010-03-14 07:28:32 0 dc----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-03-14 06:47:02 0 dc----w- c:\users\chellu\appdata\roaming\Uniblue
2010-03-14 06:46:56 0 dc----w- c:\program files (x86)\Uniblue
2010-03-14 03:00:22 446152 -c--a-w- c:\windows\system32\drivers\~GLH0022.TMP
2010-03-14 02:59:04 0 dc----w- c:\windows\Internet Logs
2010-03-14 01:46:39 50 -c--a-w- c:\windows\system32\defragboot.ini
2010-03-14 01:46:19 0 dc----w- c:\programdata\Systweak
2010-03-14 00:34:47 0 dc----w- c:\programdata\MyDefrag
2010-03-14 00:29:13 0 dc----w- c:\programdata\ZA_PreservedFiles
2010-03-14 00:14:25 0 dc----w- c:\windows\Repair
2010-03-14 00:13:56 0 dc----w- c:\program files (x86)\Advanced System Optimizer 3
2010-03-13 23:56:08 0 dc----w- c:\users\chellu\appdata\roaming\Systweak
2010-03-13 22:47:57 0 dc----w- c:\windows\pss
2010-03-10 07:55:54 0 dc----w- c:\programdata\Azureus
2010-03-10 07:55:47 0 dc----w- c:\users\chellu\appdata\roaming\Azureus
2010-02-28 17:56:20 0 dc----w- c:\program files (x86)\Microsoft Office Outlook Connector
2010-02-28 17:54:48 4398360 -c--a-w- c:\windows\system32\d3dx9_32.dll
2010-02-28 17:54:48 3426072 -c--a-w- c:\windows\syswow64\d3dx9_32.dll
2010-02-28 17:47:16 0 dc----w- c:\program files (x86)\common files\Windows Live
2010-02-28 17:46:39 0 dc----w- c:\windows\syswow64\Wat
2010-02-28 17:46:39 0 dc----w- c:\windows\system32\Wat
2010-02-28 17:46:13 0 dc----w- c:\program files (x86)\Microsoft
2010-02-19 23:47:50 3604480 -c--a-w- c:\windows\syswow64\GPhotos.scr
2010-02-16 22:26:11 0 dc----w- c:\program files (x86)\Opera 10.50 Beta

==================== Find3M ====================

2010-02-24 15:16:06 212864 -c----w- c:\windows\system32\MpSigStub.exe
2010-02-11 01:07:11 91648 ----a-w- c:\windows\syswow64\avifil32.dll
2010-02-11 01

38 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-11 01

38 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-06 02:52:01 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-02-06 01:52:53 411368 -c--a-w- c:\windows\syswow64\deploytk.dll
2010-02-06 01:52:53 153376 -c--a-w- c:\windows\syswow64\javaws.exe
2010-02-06 01:52:53 145184 -c--a-w- c:\windows\syswow64\javaw.exe
2010-02-06 01:52:53 145184 -c--a-w- c:\windows\syswow64\java.exe
2010-02-02 02:27:57 56 -c-ha-w- c:\programdata\ezsidmv.dat
2010-01-27 13:59:10 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 13:59:10 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 13:59:10 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-23 04:23:31 787456 -c--a-w- c:\windows\system32\NETw5c64.dll
2010-01-23 04:23:31 6952960 -c--a-w- c:\windows\system32\drivers\NETw5s64.sys
2010-01-23 04:23:31 2747904 -c--a-w- c:\windows\system32\NETw5r64.dll
2010-01-22 14:16:01 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 14:16:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-22 14:16:00 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-22 14:16:00 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-22 14:16:00 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-22 14:16:00 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-22 14:16:00 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-20 19:24:57 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2010-01-13 23:07:46 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 23:07:46 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 23:07:46 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 23:07:46 100864 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 05:37:38 31548 -c--a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 -c--a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 -c--a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 -c--a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 -c--a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 -c--a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 -c--a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 -c--a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-12-07 02:48:12 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:09:42.96 ===============

Any Help Appreciated

-Vinod

CatByte · 03-17-2010, 02:11 PM

Hi,

Please do the following:

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

NEXT

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.

chennaivino · 03-17-2010, 04:03 PM

Hi,
I scanned my sys with both TFC and OTL and here are the results,

OTL.txt

OTL logfile created on: 3/17/2010 5:44:39 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = E:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.01 Gb Total Space | 38.67 Gb Free Space | 66.66% Space Free | Partition Type: NTFS
Drive D: | 60.00 Gb Total Space | 57.87 Gb Free Space | 96.44% Space Free | Partition Type: NTFS
Drive E: | 120.00 Gb Total Space | 112.38 Gb Free Space | 93.65% Space Free | Partition Type: NTFS
Drive F: | 60.08 Gb Total Space | 58.40 Gb Free Space | 97.22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COOLHOME
Current User Name: Chellu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - E:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Chellu\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - E:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\fontext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\fms.dll (Windows (R) Codename Longhorn DDK provider)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\MSOffice\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 C9 A6 37 F4 73 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/03/15 10:04:23 | 000,378,577 | R--- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13043 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\MSOffice\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\MSOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\MSOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\MSOffice\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cna.com ([passage] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cna.com ([passage] https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://passage.cna.com/vdesk/termin...2009,1218,2305 (OPSWAT AntiViruses Class)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://passage.cna.com/vdesk/termin...2009,1218,2305 (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://passage.cna.com/vdesk/termin...,2009,1010,310 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://passage.cna.com/vdesk/termin...2009,1010,0312 (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} https://passage.cna.com/vdesk/termin...2009,1218,2305 (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://passage.cna.com/vdesk/termin...2009,1010,0303 (F5 Networks Policy Agent Host Class)
O16 - DPF: {5C2F0FAA-4966-4587-A85C-E08563B86BF3} https://passage.cna.com/policy/downl...2/f5syschk.cab (F5 Networks Registry Policy Agent)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} https://passage.cna.com/vdesk/termin...2009,1212,1610 (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://passage.cna.com/vdesk/termin...,2009,1010,308 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://passage.cna.com/vdesk/termin...,2009,1010,304 (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://passage.cna.com/policy/downl...2009,1010,0309 (F5 Networks OS Policy Agent)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} https://passage.cna.com/vdesk/termin...2009,1218,2305 (F5 Networks OPSWAT Helper Control)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\MSOffice\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\MSOffice\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/17 11:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/03/17 10:45:06 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Local\Cisco
[2010/03/17 10:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/03/17 07:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/03/15 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\Malwarebytes
[2010/03/15 22:27:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/15 22:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/15 22:27:19 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/15 10:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Process Revealer Free Edition
[2010/03/15 09:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/03/15 09:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2010/03/15 09:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/03/15 08:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/03/14 16:31:53 | 002,267,732 | -H-- | C] () -- C:\Users\Chellu\AppData\Local\IconCache.db
[2010/03/14 02:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/03/14 01:47:02 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\Uniblue
[2010/03/14 01:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/03/13 21:59:04 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/03/13 20:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/03/13 19:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MyDefrag
[2010/03/13 19:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2010/03/13 19:14:25 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/03/13 19:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2010/03/13 18:56:08 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\Systweak
[2010/03/13 18:25:06 | 000,007,603 | ---- | C] () -- C:\Users\Chellu\AppData\Local\Resmon.ResmonCfg
[2010/03/13 17:47:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/10 02:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2010/03/10 02:55:47 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\Azureus
[2010/03/08 23:59:06 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\dvdcss
[2010/02/01 21:27:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 04:27:17 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/03 03:57:31 | 000,108,840 | ---- | C] () -- C:\Users\Chellu\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/14 00:32:39 | 000,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 00:32:39 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:39 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:39 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/17 17:41:15 | 005,505,024 | ---- | M] () -- C:\Users\Chellu\ntuser.dat
[2010/03/17 17:25:16 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 17:25:15 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 17:18:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/17 17:17:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/17 17:17:55 | 3144,908,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/17 17:17:25 | 002,267,732 | -H-- | M] () -- C:\Users\Chellu\AppData\Local\IconCache.db
[2010/03/17 17:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1723037343-3944064283-2126434933-1000UA.job
[2010/03/17 11:59:07 | 000,002,052 | -H-- | M] () -- C:\Users\Chellu\Documents\Default.rdp
[2010/03/17 07:34:36 | 000,000,585 | ---- | M] () -- C:\Users\Public\Desktop\Xtend.lnk
[2010/03/17 00:10:31 | 325,278,039 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/16 23:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1723037343-3944064283-2126434933-1000Core.job
[2010/03/16 01:39:48 | 000,005,134 | ---- | M] () -- C:\Users\Chellu\Desktop\Attach.zip
[2010/03/15 22:55:55 | 000,007,603 | ---- | M] () -- C:\Users\Chellu\AppData\Local\Resmon.ResmonCfg
[2010/03/15 20:29:22 | 000,524,288 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/15 20:29:22 | 000,524,288 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 20:29:22 | 000,065,536 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TM.blf
[2010/03/15 18:37:41 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChellu.job
[2010/03/15 10:24:40 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\defragboot.ini
[2010/03/15 10:04:23 | 000,378,577 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2010/03/15 09:36:45 | 000,000,590 | ---- | M] () -- C:\Windows\win.ini
[2010/03/15 09:35:55 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/03/14 04:17:51 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/14 04:17:51 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/14 04:17:51 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/14 03:35:03 | 000,524,288 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/14 03:35:03 | 000,524,288 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/14 03:35:03 | 000,065,536 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TM.blf
[2010/03/13 20:07:59 | 000,002,260 | ---- | M] () -- C:\Users\Chellu\Desktop\Google Chrome.lnk
[2010/03/13 19:14:49 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\Advanced System Optimizer Scheduler.job
[2010/03/13 17:36:02 | 000,015,200 | ---- | M] () -- C:\Windows\SysNative\results.xml
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/17 07:34:36 | 000,000,585 | ---- | C] () -- C:\Users\Public\Desktop\Xtend.lnk
[2010/03/16 09:58:20 | 325,278,039 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/16 01:39:48 | 000,005,134 | ---- | C] () -- C:\Users\Chellu\Desktop\Attach.zip
[2010/03/15 19:00:07 | 000,524,288 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/15 19:00:07 | 000,524,288 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 19:00:06 | 000,065,536 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TM.blf
[2010/03/15 09:35:53 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/03/14 04:11:17 | 000,524,288 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/14 04:11:17 | 000,524,288 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/14 04:11:17 | 000,065,536 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TM.blf
[2010/03/13 21:59:53 | 000,000,070 | -H-- | C] () -- C:\Windows\SysWow64\drivers\vsconfig.xml
[2010/03/13 20:46:39 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\defragboot.ini
[2010/03/13 19:14:49 | 000,000,220 | ---- | C] () -- C:\Windows\tasks\Advanced System Optimizer Scheduler.job
[2009/12/19 01:57:08 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/12/05 15:22:10 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/30 20:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== LOP Check ==========

[2010/03/13 19:22:20 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Azureus
[2010/02/16 17:26:17 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Opera
[2010/03/12 23:00:04 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\PrimoPDF
[2010/02/05 21:56:47 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\SeriousBit
[2010/03/15 20:28:59 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Systweak
[2010/03/14 01:47:02 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Uniblue
[2010/03/13 19:22:19 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\uTorrent
[2009/12/21 02:25:56 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1
[2009/12/03 04:02:44 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2010/03/13 19:14:49 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\Advanced System Optimizer Scheduler.job
[2010/02/26 09:09:14 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
< End of report >
SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\MSOffice\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 C9 A6 37 F4 73 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/03/15 10:04:23 | 000,378,577 | R--- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13043 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\MSOffice\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\MSOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\MSOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\MSOffice\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cna.com ([passage] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cna.com ([passage] https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Cus...ataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://passage.cna.com/vdesk/termin...2009,1218,2305 (OPSWAT AntiViruses Class)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://passage.cna.com/vdesk/termin...2009,1218,2305 (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://passage.cna.com/vdesk/termin...,2009,1010,310 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://passage.cna.com/vdesk/termin...2009,1010,0312 (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} https://passage.cna.com/vdesk/termin...2009,1218,2305 (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://passage.cna.com/vdesk/termin...2009,1010,0303 (F5 Networks Policy Agent Host Class)
O16 - DPF: {5C2F0FAA-4966-4587-A85C-E08563B86BF3} https://passage.cna.com/policy/downl...2/f5syschk.cab (F5 Networks Registry Policy Agent)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} https://passage.cna.com/vdesk/termin...2009,1212,1610 (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://passage.cna.com/vdesk/termin...,2009,1010,308 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://passage.cna.com/vdesk/termin...,2009,1010,304 (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://passage.cna.com/policy/downl...2009,1010,0309 (F5 Networks OS Policy Agent)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} https://passage.cna.com/vdesk/termin...2009,1218,2305 (F5 Networks OPSWAT Helper Control)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\MSOffice\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\MSOffice\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/17 11:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/03/17 10:45:06 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Local\Cisco
[2010/03/17 10:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/03/17 07:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/03/15 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\Malwarebytes
[2010/03/15 22:27:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/15 22:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/15 22:27:19 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/15 10:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Process Revealer Free Edition
[2010/03/15 09:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/03/15 09:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2010/03/15 09:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2010/03/15 08:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/03/14 02:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/03/14 01:47:02 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\Uniblue
[2010/03/14 01:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/03/13 21:59:04 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/03/13 20:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2010/03/13 19:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MyDefrag
[2010/03/13 19:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2010/03/13 19:14:25 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2010/03/13 19:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2010/03/13 18:56:08 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\Systweak
[2010/03/13 17:47:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/10 02:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2010/03/10 02:55:47 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\Azureus
[2010/03/08 23:59:06 | 000,000,000 | ---D | C] -- C:\Users\Chellu\AppData\Roaming\dvdcss
[2010/02/28 12:56:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/02/28 12:56:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/02/28 12:54:48 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/02/28 12:54:48 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/02/28 12:46:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/02/28 12:46:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/02/25 20:05:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/02/25 20:05:36 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/25 20:05:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/25 20:05:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/02/25 20:05:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/02/25 20:05:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/02/25 20:05:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/02/25 20:05:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/02/25 20:05:34 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/02/25 20:05:34 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/02/25 20:05:33 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/02/25 20:05:33 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/02/25 20:05:33 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/02/25 20:05:33 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/02/25 20:05:32 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/02/19 18:47:50 | 003,604,480 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/17 17:50:17 | 005,505,024 | ---- | M] () -- C:\Users\Chellu\ntuser.dat
[2010/03/17 17:25:16 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 17:25:15 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 17:18:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/17 17:17:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/17 17:17:55 | 3144,908,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/17 17:17:25 | 002,267,732 | -H-- | M] () -- C:\Users\Chellu\AppData\Local\IconCache.db
[2010/03/17 17:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1723037343-3944064283-2126434933-1000UA.job
[2010/03/17 11:59:07 | 000,002,052 | -H-- | M] () -- C:\Users\Chellu\Documents\Default.rdp
[2010/03/17 07:34:36 | 000,000,585 | ---- | M] () -- C:\Users\Public\Desktop\Xtend.lnk
[2010/03/17 00:10:31 | 325,278,039 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/16 23:07:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1723037343-3944064283-2126434933-1000Core.job
[2010/03/16 01:39:48 | 000,005,134 | ---- | M] () -- C:\Users\Chellu\Desktop\Attach.zip
[2010/03/15 22:55:55 | 000,007,603 | ---- | M] () -- C:\Users\Chellu\AppData\Local\Resmon.ResmonCfg
[2010/03/15 20:29:22 | 000,524,288 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/15 20:29:22 | 000,524,288 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 20:29:22 | 000,065,536 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TM.blf
[2010/03/15 18:37:41 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChellu.job
[2010/03/15 10:24:40 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\defragboot.ini
[2010/03/15 10:04:23 | 000,378,577 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2010/03/15 09:36:45 | 000,000,590 | ---- | M] () -- C:\Windows\win.ini
[2010/03/15 09:35:55 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/03/14 04:17:51 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/14 04:17:51 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/14 04:17:51 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/14 03:35:03 | 000,524,288 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/14 03:35:03 | 000,524,288 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/14 03:35:03 | 000,065,536 | -HS- | M] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TM.blf
[2010/03/13 20:07:59 | 000,002,260 | ---- | M] () -- C:\Users\Chellu\Desktop\Google Chrome.lnk
[2010/03/13 19:14:49 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\Advanced System Optimizer Scheduler.job
[2010/03/13 17:36:02 | 000,015,200 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2010/02/25 20

59 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/02/25 20

59 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/02/25 20

59 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/02/25 20

59 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/02/25 20

59 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/02/25 20

59 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/02/25 20

37 | 000,852,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/25 20

37 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/25 20

24 | 000,960,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/02/25 20

24 | 000,641,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/02/25 20

24 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/02/25 20

24 | 000,552,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/02/25 20

24 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/02/25 20

24 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/02/25 20

24 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/02/19 18:47:50 | 003,604,480 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/17 07:34:36 | 000,000,585 | ---- | C] () -- C:\Users\Public\Desktop\Xtend.lnk
[2010/03/16 09:58:20 | 325,278,039 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/03/16 01:39:48 | 000,005,134 | ---- | C] () -- C:\Users\Chellu\Desktop\Attach.zip
[2010/03/15 19:00:07 | 000,524,288 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/15 19:00:07 | 000,524,288 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/15 19:00:06 | 000,065,536 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{ae18eadb-308b-11df-ae5a-00235aaa2e4c}.TM.blf
[2010/03/15 09:35:53 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/03/14 04:11:17 | 000,524,288 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000002.regtrans-ms
[2010/03/14 04:11:17 | 000,524,288 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TMContainer00000000000000000001.regtrans-ms
[2010/03/14 04:11:17 | 000,065,536 | -HS- | C] () -- C:\Users\Chellu\ntuser.dat{42f562dc-2f38-11df-92ae-00235aaa2e4c}.TM.blf
[2010/03/13 21:59:53 | 000,000,070 | -H-- | C] () -- C:\Windows\SysWow64\drivers\vsconfig.xml
[2010/03/13 20:46:39 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\defragboot.ini
[2010/03/13 19:14:49 | 000,000,220 | ---- | C] () -- C:\Windows\tasks\Advanced System Optimizer Scheduler.job
[2010/03/13 18:25:06 | 000,007,603 | ---- | C] () -- C:\Users\Chellu\AppData\Local\Resmon.ResmonCfg
[2010/02/01 21:27:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/19 01:57:08 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/12/05 15:22:10 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/03 04:27:17 | 000,000,189 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/07/30 20:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/14 18:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== LOP Check ==========

[2010/03/13 19:22:20 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Azureus
[2010/02/16 17:26:17 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Opera
[2010/03/12 23:00:04 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\PrimoPDF
[2010/02/05 21:56:47 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\SeriousBit
[2010/03/15 20:28:59 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Systweak
[2010/03/14 01:47:02 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Uniblue
[2010/03/13 19:22:19 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\uTorrent
[2009/12/21 02:25:56 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1
[2009/12/03 04:02:44 | 000,000,000 | ---D | M] -- C:\Users\Chellu\AppData\Roaming\{8126D2ED-1984-4573-9D57-97637E10C716}
[2010/03/13 19:14:49 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\Advanced System Optimizer Scheduler.job
[2010/02/26 09:09:14 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< End of report >

Extras.txt

OTL Extras logfile created on: 3/17/2010 5:44:39 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = E:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.01 Gb Total Space | 38.67 Gb Free Space | 66.66% Space Free | Partition Type: NTFS
Drive D: | 60.00 Gb Total Space | 57.87 Gb Free Space | 96.44% Space Free | Partition Type: NTFS
Drive E: | 120.00 Gb Total Space | 112.38 Gb Free Space | 93.65% Space Free | Partition Type: NTFS
Drive F: | 60.08 Gb Total Space | 58.40 Gb Free Space | 97.22% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COOLHOME
Current User Name: Chellu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files\MSOffice\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\MSOffice\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MSOffice\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files\MSOffice\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\MSOffice\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MSOffice\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{1ACA994D-3EF6-45E8-9206-19B599BEE31B}" = HP RC Mirror Driver
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5F3373CF-E01F-8B75-3BD5-DCBF272DBC91}" = Xtend - Options symbol enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"VLC media player" = VLC media player 1.0.5
"Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1" = Xtend - Options symbol enhancements
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2010 6:02:31 PM | Computer Name = CoolHome | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 3/15/2010 9:02:59 PM | Computer Name = CoolHome | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/15/2010 9:04:58 PM | Computer Name = CoolHome | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/15/2010 9

29 PM | Computer Name = CoolHome | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 3/16/2010 8:46:52 AM | Computer Name = CoolHome | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: SkypeIEPlugin.dll_unloaded, version:
0.0.0.0, time stamp: 0x4a77e4da Exception code: 0xc0000005 Fault offset: 0x100a89e0
Faulting
process id: 0x9b8 Faulting application start time: 0x01cac506745cd7de Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
SkypeIEPlugin.dll Report Id: fe25e613-30f9-11df-bdfc-00235aaa2e4c

Error - 3/16/2010 10:02:34 PM | Computer Name = CoolHome | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: SkypeIEPlugin.dll_unloaded, version:
0.0.0.0, time stamp: 0x4a77e4da Exception code: 0xc0000005 Fault offset: 0x100a3f2b
Faulting
process id: 0xc4c Faulting application start time: 0x01cac574a24e42a8 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
SkypeIEPlugin.dll Report Id: 26a4b681-3169-11df-9e0c-00235aaa2e4c

Error - 3/17/2010 1:36:37 AM | Computer Name = CoolHome | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 3/17/2010 8:34:30 AM | Computer Name = CoolHome | Source = MsiInstaller | ID = 11925
Description =

Error - 3/17/2010 11:43:37 AM | Computer Name = CoolHome | Source = MsiInstaller | ID = 10005
Description =

Error - 3/17/2010 11:44:00 AM | Computer Name = CoolHome | Source = MsiInstaller | ID = 10005
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 3/17/2010 12:00:59 PM | Computer Name = CoolHome | Source = vpninstall | ID = 67108866
Description = Function: CManifestInfo::FileCbSize File: ..\..\Downloader\ManifestInfo.cpp
Line:
1385 Invoked Function: stat Return Code: 2 (0x00000002) Description: The system cannot
find the file specified.

Error - 3/17/2010 12:35:46 PM | Computer Name = CoolHome | Source = vpnagent | ID = 67108866
Description = Function: CTlsProtocol::OnSocketReadComplete File: .\TlsProtocol.cpp
Line:
698 Invoked Function: CSocketTransport::readSocket Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN

Error - 3/17/2010 12:35:46 PM | Computer Name = CoolHome | Source = vpnagent | ID = 67108866
Description = Function: CCstpProtocol::OnTunnelReadComplete File: .\CstpProtocol.cpp
Line:
1168 Invoked Function: CSslProtocol::OnTunnelReadComplete Return Code: -31522800
(0xFE1F0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN

Error - 3/17/2010 12:35:46 PM | Computer Name = CoolHome | Source = vpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelReadComplete File: .\TunnelStateMgr.cpp
Line:
1332 Invoked Function: ITunnelProtocol::readTunnel Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN callback

Error - 3/17/2010 12:35:46 PM | Computer Name = CoolHome | Source = vpnagent | ID = 67108866
Description = Function: CTlsTunnelMgr::OnTunnelReadComplete File: .\TunnelMgr.cpp
Line:
1112 Invoked Function: CTunnelStateMgr::readTunnel Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN callback

Error - 3/17/2010 1:05:46 PM | Computer Name = CoolHome | Source = vpnagent | ID = 67108866
Description = Function: CTlsProtocol::OnSocketReadComplete File: .\TlsProtocol.cpp
Line:
698 Invoked Function: CSocketTransport::readSocket Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN

Error - 3/17/2010 1:05:46 PM | Computer Name = CoolHome | Source = vpnagent | ID = 67108866
Description = Function: CCstpProtocol::OnTunnelReadComplete File: .\CstpProtocol.cpp
Line:
1168 Invoked Function: CSslProtocol::OnTunnelReadComplete Return Code: -31522800
(0xFE1F0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN

Error - 3/17/2010 1:05:46 PM | Computer Name = CoolHome | Source = vpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelReadComplete File: .\TunnelStateMgr.cpp
Line:
1332 Invoked Function: ITunnelProtocol::readTunnel Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN callback

Error - 3/17/2010 1:05:46 PM | Computer Name = CoolHome | Source = vpnagent | ID = 67108866
Description = Function: CTlsTunnelMgr::OnTunnelReadComplete File: .\TunnelMgr.cpp
Line:
1112 Invoked Function: CTunnelStateMgr::readTunnel Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN callback

Error - 3/17/2010 1:31:14 PM | Computer Name = CoolHome | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.

[ Hewlett-Packard Events ]
Error - 1/25/2010 3:23:15 PM | Computer Name = CoolHome | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ System Events ]
Error - 1/20/2010 3:25:13 PM | Computer Name = CoolHome | Source = SCardSvr | ID = 610
Description =

Error - 1/20/2010 5:49:55 PM | Computer Name = CoolHome | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/20/2010 9:05:31 PM | Computer Name = CoolHome | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:53:48 PM on ?1/?20/?2010 was unexpected.

Error - 1/21/2010 11:24:33 AM | Computer Name = CoolHome | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:01:54 PM on ?1/?20/?2010 was unexpected.

Error - 1/21/2010 3:19:48 PM | Computer Name = CoolHome | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:09:26 PM on ?1/?21/?2010 was unexpected.

Error - 1/21/2010 8:45:12 PM | Computer Name = CoolHome | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:43:43 PM on ?1/?21/?2010 was unexpected.

Error - 1/22/2010 8:27:32 PM | Computer Name = CoolHome | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:58:11 PM on ?1/?22/?2010 was unexpected.

Error - 1/22/2010 11:43:16 PM | Computer Name = CoolHome | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:37:25 PM on ?1/?22/?2010 was unexpected.

Error - 1/23/2010 1:50:36 AM | Computer Name = CoolHome | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:47:08 PM on ?1/?22/?2010 was unexpected.

Error - 1/23/2010 11:07:23 PM | Computer Name = CoolHome | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:03:48 PM on ?1/?23/?2010 was unexpected.

< End of report >

--Vinod.

CatByte · 03-17-2010, 05:16 PM

I strongly suggest you install an antivirus. Even though Win7 64 bit systems are more difficult to infect, it's only a matter of time before the malware writers figure out a way.

I recommend Microsoft Security Essentials:

It's excellent and free:

http://www.microsoft.com/security_essentials/

Next

Please do the following:

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.


:Commands
[resethosts]
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL log

next

Please open your MalwareBytes AntiMalware Program
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan.

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**amateur** · 03-23-2010, 09:25 AM

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

03-17-2010, 02:11 PM	#2 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 4,843 OS: XP sp3	Re: CPU Usage prob Hi, Please do the following: Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean It's normal after running TFC cleaner that the PC will be slower to boot the first time. NEXT Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in netsvcs %SYSTEMDRIVE%\.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\. /mp /s %systemroot%\system32\.dll /lockedfiles %systemroot%\Tasks\.job /lockedfiles %systemroot%\system32\drivers\.sys /lockedfiles %systemroot%\System32\config\.sav CREATERESTOREPOINT Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply. __________________ ASAP & UNITE Member

03-17-2010, 05:16 PM	#4 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 4,843 OS: XP sp3	Re: CPU Usage prob I strongly suggest you install an antivirus. Even though Win7 64 bit systems are more difficult to infect, it's only a matter of time before the malware writers figure out a way. I recommend Microsoft Security Essentials: It's excellent and free: http://www.microsoft.com/security_essentials/ Next Please do the following: Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL Code: :OTL O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. :Commands [resethosts] [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post the OTL log next Please open your MalwareBytes AntiMalware Program Click the Update Tab and search for updates If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Next Vista users - right click on the IE icon and run as administrator Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take quite a long time to download. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save as Text** button to save the file to your desktop so that you may post it in your next reply __________________ ASAP & UNITE Member

03-23-2010, 09:25 AM	#5 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 9,423 OS: XP SP3	Re: CPU Usage prob Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: http://www.techsupportforum.com/secu...oval-help.html __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006